Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

cp ussage 100% please help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

cp ussage 100% please help

Unread postby hogter » April 5th, 2008, 8:35 pm

i need help. my computer crashes a lot, it often says "cpu ussage 100%" also i keep getting pop ups, and i notice that there are multiple files with the same name i.e. csrss.exe its twice on the list as well as svchost.exe apears multiple times. i dont know if this is normal or a virus. the HJT results are as follow



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:13:32 PM, on 4/5/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Dell Photo AIO Printer 922\DLBTmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Auslogics\AusLogics BoostSpeed\BoostSpeed.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlbtmon.exe] "C:\Program Files\Dell Photo AIO Printer 922\dlbtmon.exe"
O4 - HKLM\..\Run: [Gram Scr] "C:\ProgramData\bytewinwin.7q8av48"
O4 - HKLM\..\Run: [Support audio cool poll] "C:\ProgramData\Dale Owns Load.4r03bp"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Auslogics BoostSpeed 4] C:\Program Files\Auslogics\AusLogics BoostSpeed\boostspeed.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk ... 586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbt_device - - C:\Windows\system32\dlbtcoms.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 11640 bytes



please help me... and thak you :lol:
hogter
Active Member
 
Posts: 14
Joined: April 5th, 2008, 8:28 pm
Advertisement
Register to Remove

Re: cp ussage 100% please help

Unread postby gringo_pr » April 12th, 2008, 4:23 am

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

Sorry about the delay in responding :( The forums have been very busy

If you still need help, Scan again with HijackThis, and copy/paste" a new log file into this thread.

Also please make an uninstall list and post that as well

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.


Gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1816
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico

Re: cp ussage 100% please help

Unread postby hogter » April 12th, 2008, 11:28 am

thank you gringo for helping out with this problem, this is the list of my programs.

Ace DivX Player v2.1
Ad-Aware 2007
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
AIM 6
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Registration
Audible Download Manager
AudibleManager
AusLogics BoostSpeed
AVG Anti-Spyware 7.5
Bonjour
Call of Duty 2
Call of Duty 4: Modern Warfare
Catalyst Control Center - Branding
CDisplay 1.8
City of Villains/City of Heroes (remove only)
Creative Audio Console
Dell Photo AIO Printer 922
Download Accelerator Plus (DAP)
Free Games Offer, Desktop Shortcut
GOM Player
Google Earth
Google Updater
HeroStats
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
iSilo
iTunes
Java(TM) 6 Update 5
Map Button (Windows Live Toolbar)
McAfee SecurityCenter
Messenger Plus! Live & Sponsor (CiD)
Microsoft Flight Simulator X
Microsoft Flight Simulator X
Microsoft Flight Simulator X Service Pack 1
Microsoft Flight Simulator X: Acceleration
Microsoft Flight Simulator X: Acceleration
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.7)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
QuickTime
RealPlayer
Smart Menus (Windows Live Toolbar)
Spyware Doctor 5.5
Steam
UltraISO Premium V9.0
Viewpoint Media Player
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Writer
WinRAR archiver
hogter
Active Member
 
Posts: 14
Joined: April 5th, 2008, 8:28 pm

Re: cp ussage 100% please help

Unread postby hogter » April 12th, 2008, 11:31 am

these are the results from HJT


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:11 AM, on 4/12/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\explorer.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlbtmon.exe] "C:\Program Files\Dell Photo AIO Printer 922\dlbtmon.exe"
O4 - HKLM\..\Run: [Gram Scr] "C:\ProgramData\bytewinwin.tfbr3"
O4 - HKLM\..\Run: [Support audio cool poll] "C:\ProgramData\Dale Owns Load.4r03bp"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Auslogics BoostSpeed 4] C:\Program Files\Auslogics\AusLogics BoostSpeed\boostspeed.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk ... 586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbt_device - - C:\Windows\system32\dlbtcoms.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 11398 bytes


thnak you for the help :P
hogter
Active Member
 
Posts: 14
Joined: April 5th, 2008, 8:28 pm

Re: cp ussage 100% please help

Unread postby gringo_pr » April 12th, 2008, 2:25 pm

Hello hogter

i need help. my computer crashes a lot, it often says "cpu ussage 100%" also i keep getting pop ups, and i notice that there are multiple files with the same name i.e. csrss.exe its twice on the list as well as svchost.exe apears multiple times. i dont know if this is normal or a virus. the HJT results are as follow


when you say crashes, do you mean blue screens?
what do the popups that you are getting say
It is normal to have multi csrss.exe and svchost.exe on your computer

Disable AVG Anti-Spyware

Please disable AVG Anti-Spyware until the computer is clean.
  • Open AVG Anti-Spyware by double-clicking the multi-colored box emblazoned with an 'S' in the system tray.
  • In the 'Resident Shield' section, toggle the AVG Anti-Spyware active protection 'off' by clicking 'Change state' which will then change the protection status to 'inactive'.
  • If you are instructed to reboot at any time during your cleanup, AVG Anti-Spyware will prompt you as to whether you would like to "Restart the Resident Shield".
  • Reply 'no' and set it to 'inactive' for the duration of your cleanup.
Don't forget to re-enable it, when your computer is clean.

Messenger Plus!

    Messenger Plus! is an add-on for Microsoft's free messaging programs Windows Messenger and MSN Messenger. It is a 'free' download (with a few stingers in its tail). MP includes an optional Sponsor Program provided by C2Media. The Sponsor Program is commonly known in the anti-spyware and adware world as 'Lop' or 'Lop.com'. There has been a problem since Messenger Plus! first started including the Sponsor Program in approximately May 2003, with users installing the Sponsor Program without understanding what the Sponsor Program is, what it does to a user's system, or the privacy implications involved.

    Messenger Plus!, if installed to include the 'sponsor program', will install adware on your computer that generates pop up windows. The Sponsor Program will also change your home page, your search engine settings, place numerous links in IE favorites (including online casino and gambling links) and place more links on your desktop. The search toolbar that is installed cannot be turned off. The pop up advertising windows will appear even if you are running IE's pop-up blocker. This is because the Sponsor Program adds its advertisement URLs to the pop-up blocker exclusion list. If you want to reinstall MessengerPlus3, make sure you click "I refuse, do not install the sponsor program". This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. To uninstall the Messenger Plus! :
    • Click Start, point to Settings, and then click Control Panel.
    • In Control Panel, double-click Add or Remove Programs.
    • In Add or Remove Programs, highlight Messenger Plus! Live & Sponsor (CiD) , click Remove.
    • Close the Add or Remove Programs and the Control Panel windows.

:run combofix:

    Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: how-to-use-combofix

    Link 1
    Link 2
    Link 3

    **Note: It is important that it is saved directly to your desktop**

    1. Close any open browsers.
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    Double click on combofix.exe & follow the prompts.
    When finished, it will produce a report for you.

    Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

:information and logs:

    In your next post I need the following

      1.log from combofix
      2.new log from hijackthis

Gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1816
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico

Re: cp ussage 100% please help

Unread postby hogter » April 12th, 2008, 7:04 pm

what i ment to say, is that it reaches CPU ussage 100% and everything stops.... and its only after it process the information, that i can regain control over it.... and about the pop-up i think that taking care of the MSN plus program got rid of them.......

here are the two logs that you requested



ComboFix 08-04-12.4 - Walter 2008-04-12 15:29:44.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.980 [GMT -7:00]
Running from: C:\Users\Walter\Desktop\ComboFix.exe
* Resident AV is active

.
TimedOut: Windir.dat
TimedOut: progfile.dat

((((((((((((((((((((((((( Files Created from 2008-03-12 to 2008-04-12 )))))))))))))))))))))))))))))))
.

2008-04-05 14:25 . 2008-04-05 14:25 <DIR> d-------- C:\Users\Walter\AppData\Roaming\Grisoft
2008-04-05 14:25 . 2008-04-05 14:25 <DIR> d-------- C:\Users\All Users\Grisoft
2008-04-05 14:25 . 2008-04-05 14:25 <DIR> d-------- C:\ProgramData\Grisoft
2008-04-05 14:25 . 2007-05-30 05:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-04-01 16:01 . 2008-04-01 16:02 131,072 --a------ C:\Windows\System32\Ikeext.etl
2008-03-29 21:43 . 2008-03-29 21:43 <DIR> d-------- C:\Program Files\Zone Labs
2008-03-29 21:42 . 2008-03-29 21:51 <DIR> d-------- C:\Windows\Internet Logs
2008-03-29 21:39 . 2008-03-29 21:40 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-03-29 21:39 . 2008-03-29 21:40 <DIR> d-------- C:\ProgramData\Lavasoft
2008-03-29 21:39 . 2008-03-29 21:39 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-29 21:39 . 2008-03-29 21:39 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-27 16:40 . 2008-03-29 00:18 <DIR> d-------- C:\Users\Walter\AppData\Roaming\Auslogics
2008-03-27 16:39 . 2008-03-27 16:39 <DIR> d-------- C:\Program Files\Auslogics
2008-03-26 23:49 . 2008-04-12 15:03 <DIR> d-------- C:\Program Files\Dl_cats
2008-03-26 23:40 . 2007-02-07 12:57 344,064 --a------ C:\Windows\System32\dlbtcoin.dll
2008-03-26 23:40 . 2006-08-28 15:57 126,059 --a------ C:\Windows\System32\dlbtceip.chm
2008-03-26 23:40 . 2005-08-18 05:26 40,960 --a------ C:\Windows\System32\dlbtvs.dll
2008-03-23 22:05 . 2008-03-24 19:34 <DIR> d-------- C:\Program Files\HeroStats
2008-03-23 12:19 . 2008-03-23 12:19 <DIR> d-------- C:\Program Files\GustoSoft
2008-03-19 14:28 . 2008-03-19 14:28 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-03-19 14:27 . 2008-03-19 14:27 <DIR> d-------- C:\Program Files\Real
2008-03-19 14:26 . 2008-03-19 14:28 <DIR> d-------- C:\Program Files\Common Files\Real
2008-03-18 20:51 . 2008-04-12 13:04 <DIR> d-------- C:\Program Files\Steam
2008-03-17 22:59 . 2008-03-17 22:59 <DIR> d-------- C:\Windows\Sun
2008-03-17 22:57 . 2008-03-17 22:58 <DIR> d-------- C:\Program Files\Java
2008-03-17 22:56 . 2008-03-17 22:56 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-17 22:46 . 2008-03-17 22:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-17 22:09 . 2008-03-17 22:09 <DIR> d-------- C:\Users\high way to hell\AppData\Roaming\Talkback
2008-03-17 22:08 . 2008-03-17 22:08 <DIR> d-------- C:\Users\high way to hell\AppData\Roaming\ATI
2008-03-17 22:07 . 2008-03-17 22:07 <DIR> dr------- C:\Users\high way to hell\Searches
2008-03-17 22:07 . 2008-03-17 22:07 <DIR> dr------- C:\Users\high way to hell\Contacts
2008-03-17 22:06 . 2008-03-17 22:07 <DIR> dr------- C:\Users\high way to hell\Videos
2008-03-17 22:06 . 2008-03-17 22:07 <DIR> dr------- C:\Users\high way to hell\Saved Games
2008-03-17 22:06 . 2008-03-17 22:07 <DIR> dr------- C:\Users\high way to hell\Pictures
2008-03-17 22:06 . 2008-03-17 22:07 <DIR> dr------- C:\Users\high way to hell\Music
2008-03-17 22:06 . 2008-03-17 22:07 <DIR> dr------- C:\Users\high way to hell\Links
2008-03-17 22:06 . 2008-03-17 22:07 <DIR> dr------- C:\Users\high way to hell\Downloads
2008-03-17 22:06 . 2008-03-17 22:08 <DIR> dr------- C:\Users\high way to hell\Documents
2008-03-17 22:06 . 2008-03-17 22:07 <DIR> d--h----- C:\Users\high way to hell\AppData
2008-03-17 02:39 . 2008-03-17 02:39 <DIR> d-------- C:\Users\Walter\AppData\Roaming\iSilo
2008-03-17 02:39 . 2008-03-17 02:39 <DIR> d-------- C:\Program Files\iSilo
2008-03-17 02:22 . 2003-03-18 21:20 1,060,864 --------- C:\Windows\System32\mfc71.dll
2008-03-17 02:22 . 2001-08-17 22:43 24,576 --------- C:\Windows\System32\msxml3a.dll
2008-03-17 02:14 . 2008-03-26 00:33 <DIR> d-------- C:\Program Files\Audible
2008-03-14 19:35 . 2008-03-14 19:35 <DIR> d-------- C:\Users\Walter\AppData\Roaming\Talkback
2008-03-14 19:35 . 2008-03-14 19:35 <DIR> d-------- C:\Users\All Users\Google
2008-03-14 19:35 . 2008-03-14 19:35 0 --a------ C:\Windows\nsreg.dat
2008-03-13 22:34 . 2008-03-13 22:34 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-03-13 22:14 . 2008-04-12 13:13 <DIR> d-------- C:\Program Files\City of Heroes
2008-03-13 20:55 . 2008-03-19 00:27 <DIR> d-------- C:\Users\All Users\Messenger Plus!
2008-03-13 20:55 . 2008-03-19 00:27 <DIR> d-------- C:\ProgramData\Messenger Plus!
2008-03-13 13:38 . 2008-04-04 07:31 <DIR> d-------- C:\Program Files\Common Files\Steam
2008-03-13 11:58 . 2008-03-13 11:58 <DIR> d-------- C:\Users\Walter\AppData\Roaming\ATI
2008-03-13 11:58 . 2008-03-13 11:58 <DIR> d-------- C:\Users\All Users\ATI
2008-03-13 11:58 . 2008-03-13 11:58 <DIR> d-------- C:\ProgramData\ATI
2008-03-13 11:49 . 2008-03-13 11:49 0 --a------ C:\Windows\ativpsrm.bin
2008-03-13 11:47 . 2008-03-13 11:51 <DIR> d-------- C:\Program Files\ATI Technologies
2008-03-13 11:47 . 2008-03-13 11:52 <DIR> d-------- C:\Program Files\ATI
2008-03-12 23:53 . 2008-03-12 23:53 <DIR> d-------- C:\Program Files\CDisplay
2008-03-12 23:37 . 2008-03-12 23:38 <DIR> d-------- C:\Users\All Users\Adobe
2008-03-12 23:37 . 2008-03-12 23:37 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-12 23:35 . 2008-03-12 23:35 <DIR> d-------- C:\Users\Walter\AppData\Roaming\PC Tools
2008-03-12 23:35 . 2008-03-27 16:26 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-03-12 23:35 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-03-12 23:35 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-03-12 23:35 . 2008-02-01 12:55 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-03-12 23:35 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-03-12 23:33 . 2008-03-12 23:33 <DIR> d-------- C:\Users\All Users\Mozilla
2008-03-12 23:32 . 2008-04-11 16:12 <DIR> d-------- C:\Users\All Users\Google Updater
2008-03-12 23:32 . 2008-04-11 16:12 <DIR> d-------- C:\ProgramData\Google Updater
2008-03-12 23:32 . 2008-03-12 23:35 <DIR> d-------- C:\Program Files\Google
2008-03-12 13:58 . 2008-03-12 18:19 <DIR> d-------- C:\temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2008-03-12 13:58 . 2008-03-26 23:50 <DIR> d-------- C:\Program Files\Dell Photo AIO Printer 922
2008-03-12 13:56 . 2008-03-12 13:57 <DIR> d-------- C:\Dell922
2008-03-12 01:42 . 2008-03-12 01:42 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-12 01:34 . 2008-03-12 01:35 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-03-12 01:34 . 2008-03-12 01:34 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-03-12 01:22 . 2008-03-12 01:42 <DIR> d-------- C:\Program Files\Windows Live
2008-03-12 01:22 . 2008-03-12 01:28 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-12 01:20 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2008-03-12 01:12 . 2008-03-12 01:12 <DIR> d-------- C:\Program Files\Microsoft Works
2008-03-12 01:10 . 2008-03-13 20:54 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-03-12 01:10 . 2008-03-13 20:54 <DIR> d-------- C:\ProgramData\WLInstaller
2008-03-12 01:07 . 2008-03-12 01:07 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-03-12 01:01 . 2008-03-12 01:01 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-03-12 00:58 . 2008-03-12 01:21 <DIR> d-------- C:\Users\All Users\Microsoft Help
2008-03-12 00:58 . 2008-03-12 01:21 <DIR> d-------- C:\ProgramData\Microsoft Help
2008-03-12 00:46 . 2008-03-12 00:46 <DIR> d-------- C:\Users\All Users\Creative
2008-03-12 00:46 . 2008-03-12 00:46 <DIR> d-------- C:\ProgramData\Creative
2008-03-12 00:46 . 2000-12-05 09:11 4,174,814 --------- C:\Windows\System32\CT4MGM.SF2
2008-03-12 00:46 . 1999-09-22 23:18 2,167,684 --------- C:\Windows\System32\CT2MGM.SF2
2008-03-12 00:45 . 2008-03-12 00:45 <DIR> d-------- C:\Windows\System32\Data
2008-03-12 00:45 . 2008-03-12 00:47 <DIR> d-------- C:\Program Files\Creative
2008-03-12 00:45 . 2007-03-22 16:57 1,527,808 --------- C:\Windows\System32\Sens_oal.dll
2008-03-12 00:45 . 2008-03-12 00:45 409,600 --a------ C:\Windows\System32\wrap_oal.dll
2008-03-12 00:45 . 2008-03-12 00:45 114,688 --a------ C:\Windows\System32\OpenAL32.dll
2008-03-12 00:45 . 2007-03-27 13:11 105,472 --------- C:\Windows\System32\APOMngr.dll
2008-03-12 00:45 . 2007-03-15 11:09 67,072 --------- C:\Windows\System32\CmdRtr.dll
2008-03-12 00:45 . 2005-06-14 19:07 11,264 --a------ C:\Windows\INRES.DLL
2008-03-12 00:45 . 2007-04-20 13:16 8,393 --a------ C:\Windows\System32\CTAPO32.cat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 16:57 --------- d-----w C:\Users\Walter\AppData\Roaming\uTorrent
2008-03-31 16:32 --------- d-----w C:\Program Files\McAfee
2008-03-18 04:56 128,949,234 ----a-w C:\Windows\DUMP449d.tmp
2008-03-12 08:11 --------- d-----w C:\Program Files\MSBuild
2008-03-12 07:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-12 07:44 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-12 06:51 --------- d-----w C:\ProgramData\McAfee
2008-03-12 06:49 --------- d-----w C:\Program Files\Common Files\McAfee
2008-03-12 06:46 --------- d-----w C:\Program Files\McAfee.com
2008-03-12 06:39 --------- d-----w C:\ProgramData\AOL OCP
2008-03-12 06:38 --------- d-----w C:\Users\Walter\AppData\Roaming\acccore
2008-03-12 06:38 --------- d-----w C:\Program Files\AIM6
2008-03-12 06:37 --------- d-----w C:\ProgramData\Viewpoint
2008-03-12 06:37 --------- d-----w C:\ProgramData\AOL
2008-03-12 06:37 --------- d-----w C:\Program Files\Viewpoint
2008-03-12 06:37 --------- d-----w C:\Program Files\Common Files\AOL
2008-03-12 06:27 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-12 06:23 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-03-12 06:23 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-03-12 06:22 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-03-12 06:22 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-03-12 06:21 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-03-12 06:21 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-03-12 06:21 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-03-12 06:21 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-03-12 06:21 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-03-12 06:21 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-03-12 06:21 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-03-12 06:21 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-03-12 06:21 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-03-12 06:21 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-03-12 06:21 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-03-12 06:20 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-03-12 06:20 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-03-12 06:20 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-03-12 06:20 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-03-12 06:19 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-03-12 06:19 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-03-12 06:19 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-03-12 06:19 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-03-12 06:19 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-03-12 06:19 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-03-12 06:18 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-03-12 06:18 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-03-12 06:18 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-03-12 06:18 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-03-12 06:17 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-03-12 06:17 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-03-12 06:17 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-03-12 06:17 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-03-12 06:17 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-03-12 06:16 5,120 ----a-w C:\Windows\System32\wmi.dll
2008-03-12 06:16 152,576 ----a-w C:\Windows\System32\imagehlp.dll
2008-03-12 06:16 12,800 ----a-w C:\Windows\system32\drivers\fs_rec.sys
2008-03-12 06:15 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-03-12 06:15 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-03-12 06:14 633,856 ----a-w C:\Windows\System32\user32.dll
2008-03-12 06:14 2,026,496 ----a-w C:\Windows\System32\win32k.sys
2008-03-12 06:13 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-03-12 06:13 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-03-12 06:13 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-03-12 06:13 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-03-12 06:13 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-03-12 05:16 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-03-12 05:16 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-03-12 05:16 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-03-12 05:16 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-03-12 05:15 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-03-12 05:15 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-03-12 05:15 33,624 ----a-w C:\Windows\System32\wups.dll
2008-03-12 05:14 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-03-12 05:14 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-03-12 04:56 --------- d-----w C:\Program Files\UltraISO
2008-03-12 04:56 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-03-12 04:47 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-12 03:47 --------- d-----w C:\Program Files\Microsoft Games
2008-03-12 03:34 4,096 ----a-w C:\Windows\System32\41483.sys
2008-03-12 03:30 --------- d-----w C:\Program Files\uTorrent
2008-02-26 05:53 3,520,512 ----a-w C:\Windows\system32\drivers\atikmdag.sys
2008-02-26 03:10 372,736 ----a-w C:\Windows\System32\ATIDEMGX.dll
2008-02-26 03:10 159,744 ----a-w C:\Windows\System32\atitmmxx.dll
2008-02-26 03:09 43,520 ----a-w C:\Windows\System32\ati2edxx.dll
2008-02-26 03:09 315,392 ----a-w C:\Windows\System32\atipdlxx.dll
2008-02-26 03:09 253,952 ----a-w C:\Windows\System32\Ati2evxx.dll
2008-02-26 03:09 245,760 ----a-w C:\Windows\System32\Oemdspif.dll
2008-02-26 03:08 655,360 ----a-w C:\Windows\System32\Ati2evxx.exe
2008-02-26 02:55 3,074,048 ----a-w C:\Windows\System32\atiumdag.dll
2008-02-26 02:47 9,662,464 ----a-w C:\Windows\System32\atioglxx.dll
2008-02-26 02:40 4,084,736 ----a-w C:\Windows\System32\atiumdva.dll
2008-02-26 02:29 47,104 ----a-w C:\Windows\System32\amdpcom32.dll
2008-02-26 02:14 49,152 ----a-w C:\Windows\system32\drivers\ati2erec.dll
2008-02-18 18:16 30,464 ----a-w C:\Windows\system32\drivers\usbaapl.sys
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-11 23:18 1232896]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-03-06 13:50 50528]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-12 23:32 68856]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-03-28 09:58 1271032]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 05:36 201728]
"Auslogics BoostSpeed 4"="C:\Program Files\Auslogics\AusLogics BoostSpeed\boostspeed.exe" [2008-03-07 12:04 250368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2008-03-12 00:07 3057152]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"P17RunE"="P17RunE.dll" [2007-04-09 09:40 14848 C:\Windows\System32\P17RunE.dll]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"ATICustomerCare"="C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" [2007-10-04 18:38 307200]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-19 14:27 185896]
"DLBTCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2007-02-12 17:34 73728]
"dlbtmon.exe"="C:\Program Files\Dell Photo AIO Printer 922\dlbtmon.exe" [2007-02-28 18:23 431600]
"Support audio cool poll"="C:\ProgramData\Dale Owns Load.4r03bp" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25 6731312]

C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe [2007-11-16 14:40:16 1697112]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-12 23:32:37 125624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5375C627-C2F3-4286-ADE7-7DAFBCD7E952}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{222D6355-B5D0-40A7-B61A-C1C9BA899DC9}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{68C64655-F588-4742-A6D0-D5925A3D5F93}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{73FF717A-9533-43B4-BA66-B5FEEE31D5C8}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{E73C4CBD-C7AC-4F90-9817-FF364BCFED22}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{7248949B-43BA-45A4-9947-AE667739DC23}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{9DFF5E04-65B8-44E1-8CFA-BB74DB01375B}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{9BA85FCB-941C-4FB2-A2B4-82FC8AAD062D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{DE307A62-97EF-4BB1-86CA-71FFFE7B59B0}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{2C59216C-196D-4540-8418-233CA13AAED3}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{628290DE-FDF5-4BB7-8EB7-C722DA091F29}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F1177328-BF7F-4328-B5B1-A6DB734C957D}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{69193BC4-C2DF-4869-9532-EA30A8521921}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0E24C346-F777-43F0-8B31-46C3BD0ADC67}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{77A54C50-DDCB-4391-AB88-8735C57A7668}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5D396C73-EF86-4D50-8AE3-3EFB2497E1D0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C556D100-0709-460E-9412-E0E742A821A3}"= UDP:C:\Windows\System32\dlbtcoms.exe:Lexmark Communications System
"{3BA8FCCD-1B38-4F31-8B22-6DCD139DFB2E}"= TCP:C:\Windows\System32\dlbtcoms.exe:Lexmark Communications System
"{177A5AE4-F818-429E-B295-43F610C04178}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\dlbtpswx.exe:Printer Status Window
"{0CA471D2-6293-413B-B045-7A4DBF8505ED}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\dlbtpswx.exe:Printer Status Window
"{ECB5E892-5649-4CEC-93C8-44A18B855F26}"= UDP:C:\Program Files\Dell Photo AIO Printer 922\DLBTmon.exe:Device Monitor
"{34C1A860-63AC-4F24-B256-F893E622795D}"= TCP:C:\Program Files\Dell Photo AIO Printer 922\DLBTmon.exe:Device Monitor
"{647D5EF8-B3C6-4F9D-8B47-5D81B8728B25}"= UDP:C:\Program Files\Dell Photo AIO Printer 922\DLBTaiox.exe:All In One Center
"{141CB9E7-63A7-426A-9BB8-DE44B80E6D82}"= TCP:C:\Program Files\Dell Photo AIO Printer 922\DLBTaiox.exe:All In One Center

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 41483;41483;C:\Windows\System32\41483.sys [2008-03-11 20:34]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-02-25 22:53]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-02-25 22:53]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-02 16:38]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-12 21:52:00 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-15 16:08:55 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-04-01 08:01:00 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-04-12 08:29:12 C:\Windows\Tasks\User_Feed_Synchronization-{8FF99394-19BE-4996-95CA-73822EBB8EA6}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 15:38:41
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-12 15:50:29
ComboFix-quarantined-files.txt 2008-04-12 22:50:08
Pre-Run: 29,495,173,120 bytes free
Post-Run: 29,477,318,656 bytes free
.
2008-03-12 08:56:46 --- E O F ---






--------------------------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:02:25 PM, on 4/12/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\DAP\DAP.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlbtmon.exe] "C:\Program Files\Dell Photo AIO Printer 922\dlbtmon.exe"
O4 - HKLM\..\Run: [Support audio cool poll] "C:\ProgramData\Dale Owns Load.4r03bp"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Auslogics BoostSpeed 4] C:\Program Files\Auslogics\AusLogics BoostSpeed\boostspeed.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk ... 586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbt_device - - C:\Windows\system32\dlbtcoms.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 10777 bytes
hogter
Active Member
 
Posts: 14
Joined: April 5th, 2008, 8:28 pm

Re: cp ussage 100% please help

Unread postby gringo_pr » April 12th, 2008, 8:50 pm

Hello hogter


:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

Code: Select all
Folder::
C:\Users\All Users\Messenger Plus!
C:\ProgramData\Messenger Plus!

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Support audio cool poll"=-



Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall


: Malwarebytes' Anti-Malware :

    Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

:Run Kaspersky Online AV Scanner:

Order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer"
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Copy and paste the report into your next reply


:information and logs:

    In your next post I need the following

      1.log from combofix
      2.log from malwarebytes
      3.log from kaspersky
      4.new log from hijackthis

Gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1816
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico

Re: cp ussage 100% please help

Unread postby hogter » April 15th, 2008, 11:25 am

i've been running kaspersky's scaner and the first two times it go stuck at 99% as it was scaning <F.E.A.R> the game, (which i torrented) so i deleted the game, cleaned the recicly bin, and run it again, and this is the 2nd time that it gets stuck at 50% and the file that is scanins says this....F:\$RECICLY.BIN\S-1-5-21-561321763-18...04747-69-1000\$RQ69JTQ\F.E.A.R7..... and the scaner has being running for 10.23.25

it also says that there are 8 viruses and 49 infected objects.... so i dont know what to do. as for the rest of the info. here it its


ComboFix 08-04-12.4 - Walter 2008-04-13 9:51:30.2 - NTFSx86
Running from: C:\Users\Walter\Desktop\ComboFix.exe
* Resident AV is active

.
TimedOut: Windir.dat

((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))
.

2008-04-13 09:27 . 2008-04-13 09:27 <DIR> d-------- C:\Users\Walter\AppData\Roaming\Malwarebytes
2008-04-13 09:26 . 2008-04-13 09:26 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-04-13 09:26 . 2008-04-13 09:26 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-04-13 09:26 . 2008-04-13 09:26 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-05 14:25 . 2008-04-05 14:25 <DIR> d-------- C:\Users\Walter\AppData\Roaming\Grisoft
2008-04-05 14:25 . 2008-04-05 14:25 <DIR> d-------- C:\Users\All Users\Grisoft
2008-04-05 14:25 . 2008-04-05 14:25 <DIR> d-------- C:\ProgramData\Grisoft
2008-04-05 14:25 . 2007-05-30 05:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-04-01 16:01 . 2008-04-01 16:02 131,072 --a------ C:\Windows\System32\Ikeext.etl
2008-03-29 21:43 . 2008-03-29 21:43 <DIR> d-------- C:\Program Files\Zone Labs
2008-03-29 21:42 . 2008-03-29 21:51 <DIR> d-------- C:\Windows\Internet Logs
2008-03-29 21:39 . 2008-03-29 21:40 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-03-29 21:39 . 2008-03-29 21:40 <DIR> d-------- C:\ProgramData\Lavasoft
2008-03-29 21:39 . 2008-03-29 21:39 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-29 21:39 . 2008-03-29 21:39 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-27 16:40 . 2008-03-29 00:18 <DIR> d-------- C:\Users\Walter\AppData\Roaming\Auslogics
2008-03-27 16:39 . 2008-03-27 16:39 <DIR> d-------- C:\Program Files\Auslogics
2008-03-26 23:49 . 2008-04-12 15:03 <DIR> d-------- C:\Program Files\Dl_cats
2008-03-26 23:40 . 2007-02-07 12:57 344,064 --a------ C:\Windows\System32\dlbtcoin.dll
2008-03-26 23:40 . 2006-08-28 15:57 126,059 --a------ C:\Windows\System32\dlbtceip.chm
2008-03-26 23:40 . 2005-08-18 05:26 40,960 --a------ C:\Windows\System32\dlbtvs.dll
2008-03-23 22:05 . 2008-03-24 19:34 <DIR> d-------- C:\Program Files\HeroStats
2008-03-23 12:19 . 2008-03-23 12:19 <DIR> d-------- C:\Program Files\GustoSoft
2008-03-19 14:28 . 2008-03-19 14:28 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-03-19 14:27 . 2008-03-19 14:27 <DIR> d-------- C:\Program Files\Real
2008-03-19 14:26 . 2008-03-19 14:28 <DIR> d-------- C:\Program Files\Common Files\Real
2008-03-18 20:51 . 2008-04-12 13:04 <DIR> d-------- C:\Program Files\Steam
2008-03-17 22:59 . 2008-03-17 22:59 <DIR> d-------- C:\Windows\Sun
2008-03-17 22:57 . 2008-03-17 22:58 <DIR> d-------- C:\Program Files\Java
2008-03-17 22:56 . 2008-03-17 22:56 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-17 22:46 . 2008-03-17 22:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-17 22:09 . 2008-03-17 22:09 <DIR> d-------- C:\Users\high way to hell\AppData\Roaming\Talkback
2008-03-17 22:08 . 2008-03-17 22:08 <DIR> d-------- C:\Users\high way to hell\AppData\Roaming\ATI
2008-03-17 22:07 . 2008-03-17 22:07 <DIR> dr------- C:\Users\high way to hell\Searches
2008-03-17 22:07 . 2008-03-17 22:07 <DIR> dr------- C:\Users\high way to hell\Contacts
2008-03-17 22:06 . 2008-03-17 22:07 <DIR> dr------- C:\Users\high way to hell\Videos
2008-03-17 22:06 . 2008-03-17 22:07 <DIR> dr------- C:\Users\high way to hell\Saved Games
2008-03-17 22:06 . 2008-03-17 22:07 <DIR> dr------- C:\Users\high way to hell\Pictures
2008-03-17 22:06 . 2008-03-17 22:07 <DIR> dr------- C:\Users\high way to hell\Music
2008-03-17 22:06 . 2008-03-17 22:07 <DIR> dr------- C:\Users\high way to hell\Links
2008-03-17 22:06 . 2008-03-17 22:07 <DIR> dr------- C:\Users\high way to hell\Downloads
2008-03-17 22:06 . 2008-03-17 22:08 <DIR> dr------- C:\Users\high way to hell\Documents
2008-03-17 22:06 . 2008-03-17 22:07 <DIR> d--h----- C:\Users\high way to hell\AppData
2008-03-17 02:39 . 2008-03-17 02:39 <DIR> d-------- C:\Users\Walter\AppData\Roaming\iSilo
2008-03-17 02:39 . 2008-03-17 02:39 <DIR> d-------- C:\Program Files\iSilo
2008-03-17 02:22 . 2003-03-18 21:20 1,060,864 --------- C:\Windows\System32\mfc71.dll
2008-03-17 02:22 . 2001-08-17 22:43 24,576 --------- C:\Windows\System32\msxml3a.dll
2008-03-17 02:14 . 2008-03-26 00:33 <DIR> d-------- C:\Program Files\Audible
2008-03-14 19:35 . 2008-03-14 19:35 <DIR> d-------- C:\Users\Walter\AppData\Roaming\Talkback
2008-03-14 19:35 . 2008-03-14 19:35 <DIR> d-------- C:\Users\All Users\Google
2008-03-14 19:35 . 2008-03-14 19:35 0 --a------ C:\Windows\nsreg.dat
2008-03-13 22:34 . 2008-03-13 22:34 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-03-13 22:14 . 2008-04-12 21:20 <DIR> d-------- C:\Program Files\City of Heroes
2008-03-13 20:55 . 2008-03-19 00:27 <DIR> d-------- C:\Users\All Users\Messenger Plus!
2008-03-13 20:55 . 2008-03-19 00:27 <DIR> d-------- C:\ProgramData\Messenger Plus!
2008-03-13 13:38 . 2008-04-04 07:31 <DIR> d-------- C:\Program Files\Common Files\Steam
2008-03-13 11:58 . 2008-03-13 11:58 <DIR> d-------- C:\Users\Walter\AppData\Roaming\ATI
2008-03-13 11:58 . 2008-03-13 11:58 <DIR> d-------- C:\Users\All Users\ATI
2008-03-13 11:58 . 2008-03-13 11:58 <DIR> d-------- C:\ProgramData\ATI
2008-03-13 11:49 . 2008-03-13 11:49 0 --a------ C:\Windows\ativpsrm.bin
2008-03-13 11:47 . 2008-03-13 11:51 <DIR> d-------- C:\Program Files\ATI Technologies
2008-03-13 11:47 . 2008-03-13 11:52 <DIR> d-------- C:\Program Files\ATI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 16:22 --------- d---a-w C:\ProgramData\TEMP
2008-04-13 00:12 --------- d-----w C:\ProgramData\Google Updater
2008-04-09 16:57 --------- d-----w C:\Users\Walter\AppData\Roaming\uTorrent
2008-03-31 16:32 --------- d-----w C:\Program Files\McAfee
2008-03-27 23:26 --------- d-----w C:\Program Files\Spyware Doctor
2008-03-27 06:50 --------- d-----w C:\Program Files\Dell Photo AIO Printer 922
2008-03-18 04:56 128,949,234 ----a-w C:\Windows\DUMP449d.tmp
2008-03-14 03:54 --------- d-----w C:\ProgramData\WLInstaller
2008-03-13 06:53 --------- d-----w C:\Program Files\CDisplay
2008-03-13 06:37 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-13 06:35 --------- d-----w C:\Users\Walter\AppData\Roaming\PC Tools
2008-03-13 06:35 --------- d-----w C:\Program Files\Google
2008-03-12 08:42 --------- d-----w C:\Program Files\Windows Live
2008-03-12 08:42 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-12 08:35 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-03-12 08:34 --------- d-----w C:\Program Files\Windows Live Favorites
2008-03-12 08:28 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-12 08:21 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-12 08:12 --------- d-----w C:\Program Files\Microsoft Works
2008-03-12 08:11 --------- d-----w C:\Program Files\MSBuild
2008-03-12 08:07 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-12 08:01 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-03-12 07:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-12 07:47 --------- d-----w C:\Program Files\Creative
2008-03-12 07:46 --------- d-----w C:\ProgramData\Creative
2008-03-12 07:45 409,600 ----a-w C:\Windows\System32\wrap_oal.dll
2008-03-12 07:45 114,688 ----a-w C:\Windows\System32\OpenAL32.dll
2008-03-12 07:44 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-12 07:41 --------- d-----w C:\Users\Walter\AppData\Roaming\Apple Computer
2008-03-12 07:41 --------- d-----w C:\Program Files\iTunes
2008-03-12 07:40 --------- d-----w C:\ProgramData\Apple Computer
2008-03-12 07:40 --------- d-----w C:\Program Files\QuickTime
2008-03-12 07:40 --------- d-----w C:\Program Files\iPod
2008-03-12 07:40 --------- d-----w C:\Program Files\Bonjour
2008-03-12 07:39 --------- d-----w C:\Program Files\Apple Software Update
2008-03-12 07:38 --------- d-----w C:\ProgramData\Apple
2008-03-12 07:38 --------- d-----w C:\Program Files\Common Files\Apple
2008-03-12 07:31 --------- d-----w C:\Users\Walter\AppData\Roaming\GRETECH
2008-03-12 07:31 --------- d-----w C:\ProgramData\GRETECH
2008-03-12 07:30 --------- d-----w C:\Program Files\GRETECH
2008-03-12 07:30 --------- d-----w C:\Program Files\DAP
2008-03-12 07:07 50,688 ----a-w C:\Windows\System32\wbhelp2.dll
2008-03-12 06:51 --------- d-----w C:\ProgramData\McAfee
2008-03-12 06:49 --------- d-----w C:\Program Files\Common Files\McAfee
2008-03-12 06:46 --------- d-----w C:\Program Files\McAfee.com
2008-03-12 06:39 --------- d-----w C:\ProgramData\AOL OCP
2008-03-12 06:38 --------- d-----w C:\Users\Walter\AppData\Roaming\acccore
2008-03-12 06:38 --------- d-----w C:\Program Files\AIM6
2008-03-12 06:37 --------- d-----w C:\ProgramData\Viewpoint
2008-03-12 06:37 --------- d-----w C:\ProgramData\AOL
2008-03-12 06:37 --------- d-----w C:\Program Files\Viewpoint
2008-03-12 06:37 --------- d-----w C:\Program Files\Common Files\AOL
2008-03-12 06:27 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-12 06:23 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-03-12 06:23 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-03-12 06:22 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-03-12 06:22 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-03-12 06:21 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-03-12 06:21 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-03-12 06:21 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-03-12 06:21 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-03-12 06:21 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-03-12 06:21 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-03-12 06:21 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-03-12 06:21 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-03-12 06:21 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-03-12 06:21 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-03-12 06:21 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-03-12 06:20 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-03-12 06:20 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-03-12 06:20 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-03-12 06:20 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-03-12 06:19 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-03-12 06:19 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-03-12 06:19 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-03-12 06:19 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-03-12 06:19 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-03-12 06:19 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-03-12 06:18 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-03-12 06:18 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-03-12 06:18 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-03-12 06:18 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-03-12 06:17 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-03-12 06:17 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-03-12 06:17 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-03-12 06:17 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-03-12 06:17 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-03-12 06:16 5,120 ----a-w C:\Windows\System32\wmi.dll
2008-03-12 06:16 152,576 ----a-w C:\Windows\System32\imagehlp.dll
2008-03-12 06:16 12,800 ----a-w C:\Windows\system32\drivers\fs_rec.sys
2008-03-12 06:15 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-03-12 06:15 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-03-12 06:14 633,856 ----a-w C:\Windows\System32\user32.dll
2008-03-12 06:14 2,026,496 ----a-w C:\Windows\System32\win32k.sys
2008-03-12 06:13 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-03-12 06:13 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-03-12 06:13 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-03-12 06:13 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-03-12 06:13 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-03-12 05:16 53,080 ----a-w C:\Windows\System32\wuauclt.exe
.

((((((((((((((((((((((((((((( snapshot@2008-04-12_15.49.44.45 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-12 22:23:17 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-13 16:25:34 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-12 22:23:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-13 16:25:34 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-12 22:23:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-13 16:25:34 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-11 23:18 1232896]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-03-06 13:50 50528]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-12 23:32 68856]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-03-28 09:58 1271032]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 05:36 201728]
"Auslogics BoostSpeed 4"="C:\Program Files\Auslogics\AusLogics BoostSpeed\boostspeed.exe" [2008-03-07 12:04 250368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2008-03-12 00:07 3057152]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"P17RunE"="P17RunE.dll" [2007-04-09 09:40 14848 C:\Windows\System32\P17RunE.dll]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"ATICustomerCare"="C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" [2007-10-04 18:38 307200]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-19 14:27 185896]
"DLBTCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2007-02-12 17:34 73728]
"dlbtmon.exe"="C:\Program Files\Dell Photo AIO Printer 922\dlbtmon.exe" [2007-02-28 18:23 431600]
"Support audio cool poll"="C:\ProgramData\Dale Owns Load.4r03bp" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25 6731312]

C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe [2007-11-16 14:40:16 1697112]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-12 23:32:37 125624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5375C627-C2F3-4286-ADE7-7DAFBCD7E952}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{222D6355-B5D0-40A7-B61A-C1C9BA899DC9}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{68C64655-F588-4742-A6D0-D5925A3D5F93}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{73FF717A-9533-43B4-BA66-B5FEEE31D5C8}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{E73C4CBD-C7AC-4F90-9817-FF364BCFED22}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{7248949B-43BA-45A4-9947-AE667739DC23}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{9DFF5E04-65B8-44E1-8CFA-BB74DB01375B}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{9BA85FCB-941C-4FB2-A2B4-82FC8AAD062D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{DE307A62-97EF-4BB1-86CA-71FFFE7B59B0}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{2C59216C-196D-4540-8418-233CA13AAED3}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{628290DE-FDF5-4BB7-8EB7-C722DA091F29}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F1177328-BF7F-4328-B5B1-A6DB734C957D}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{69193BC4-C2DF-4869-9532-EA30A8521921}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0E24C346-F777-43F0-8B31-46C3BD0ADC67}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{77A54C50-DDCB-4391-AB88-8735C57A7668}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5D396C73-EF86-4D50-8AE3-3EFB2497E1D0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C556D100-0709-460E-9412-E0E742A821A3}"= UDP:C:\Windows\System32\dlbtcoms.exe:Lexmark Communications System
"{3BA8FCCD-1B38-4F31-8B22-6DCD139DFB2E}"= TCP:C:\Windows\System32\dlbtcoms.exe:Lexmark Communications System
"{177A5AE4-F818-429E-B295-43F610C04178}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\dlbtpswx.exe:Printer Status Window
"{0CA471D2-6293-413B-B045-7A4DBF8505ED}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\dlbtpswx.exe:Printer Status Window
"{ECB5E892-5649-4CEC-93C8-44A18B855F26}"= UDP:C:\Program Files\Dell Photo AIO Printer 922\DLBTmon.exe:Device Monitor
"{34C1A860-63AC-4F24-B256-F893E622795D}"= TCP:C:\Program Files\Dell Photo AIO Printer 922\DLBTmon.exe:Device Monitor
"{647D5EF8-B3C6-4F9D-8B47-5D81B8728B25}"= UDP:C:\Program Files\Dell Photo AIO Printer 922\DLBTaiox.exe:All In One Center
"{141CB9E7-63A7-426A-9BB8-DE44B80E6D82}"= TCP:C:\Program Files\Dell Photo AIO Printer 922\DLBTaiox.exe:All In One Center

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 41483;41483;C:\Windows\System32\41483.sys [2008-03-11 20:34]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-02-25 22:53]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-02-25 22:53]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-02 16:38]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-13 16:52:03 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-15 16:08:55 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-04-01 08:01:00 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-04-13 09:10:35 C:\Windows\Tasks\User_Feed_Synchronization-{8FF99394-19BE-4996-95CA-73822EBB8EA6}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 10:01:25
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-13 10:16:57
ComboFix-quarantined-files.txt 2008-04-13 17:16:45
ComboFix2.txt 2008-04-12 22:50:29
Pre-Run: 30,169,755,648 bytes free
Post-Run: 30,160,379,904 bytes free
.
2008-03-12 08:56:46 --- E O F ---






Malwarebytes' Anti-Malware 1.11
Database version: 621

Scan type: Full Scan (C:\|)
Objects scanned: 323219
Time elapsed: 2 hour(s), 38 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:08:22 AM, on 4/15/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Auslogics\AusLogics BoostSpeed\BoostSpeed.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlbtmon.exe] "C:\Program Files\Dell Photo AIO Printer 922\dlbtmon.exe"
O4 - HKLM\..\Run: [Support audio cool poll] "C:\ProgramData\Dale Owns Load.4r03bp"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Auslogics BoostSpeed 4] C:\Program Files\Auslogics\AusLogics BoostSpeed\boostspeed.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk ... 586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbt_device - - C:\Windows\system32\dlbtcoms.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 11250 bytes
hogter
Active Member
 
Posts: 14
Joined: April 5th, 2008, 8:28 pm

Re: cp ussage 100% please help

Unread postby gringo_pr » April 15th, 2008, 11:13 pm

hello hogter

I would like to see the kaspersky scan so lets get rid of some unneeded files


:Clean temp files:

    Download and Run ATF Cleaner
    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.Double-click ATF Cleaner.exe to open it.

    Under Main choose:
      Windows Temp
      Current User Temp
      All Users Temp
      Temporary Internet Files
      Prefetch
      Java Cache
      recycle bin

      *The other boxes are optional*
      Then click the Empty Selected button.
    if you use Firefox:
      Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
    if you use Opera:
      Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program

if you still have problem with kaspersky you can try this one

:Eset NOD32 Online AntiVirus:

    Run Eset NOD32 Online AntiVirus
    http://www.eset.eu/online-scanner
    Note: You will need to use Internet Explorer for this scan.
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Disable your current Antivirus software. You can usually do this with its Notfication Tray icon near the clock.
    • Click Start
    • Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is checked
    • Click Scan
    • Wait for the scan to finish
    • Re-enable your Anvirisus software.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

:information and logs:

    In your next post I need the following

      1.let me have the log from kaspersky or Eset NOD32
      2.how is the computer doing now? does it still freeze on you?

Gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1816
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico

Re: cp ussage 100% please help

Unread postby hogter » April 16th, 2008, 8:54 pm

fter i did what you told me to and drop the files, i ran kaspersky scan again, only to find out that it, again, got stuck on the same folder at 50% done, and after 12 hours i stoped it.


i ran the other scaner and it only found on treat and its on win32/adware.myway applications c:/windows.old\programfiles\myway\srchastt\1.bin\MYSRCHAS.DLL



-----when i ran kaspersky scan it said the same as before, that i have 8 viruses and 49 infected programs.
hogter
Active Member
 
Posts: 14
Joined: April 5th, 2008, 8:28 pm

Re: cp ussage 100% please help

Unread postby hogter » April 16th, 2008, 9:58 pm

and my computer still reaches CPU ussages 100% is not as often, but it does it, i would say that the frecuency of it happening has drecrease a 30 %......
hogter
Active Member
 
Posts: 14
Joined: April 5th, 2008, 8:28 pm

Re: cp ussage 100% please help

Unread postby gringo_pr » April 18th, 2008, 7:04 pm

hello

let me ask a couple of questions first

do you have automatic updates set

and are you on dailup

Gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1816
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico

Re: cp ussage 100% please help

Unread postby hogter » April 19th, 2008, 3:25 am

what exactly do you mean by "automatic updates set"
and no, i have comcast.
hogter
Active Member
 
Posts: 14
Joined: April 5th, 2008, 8:28 pm

Re: cp ussage 100% please help

Unread postby gringo_pr » April 19th, 2008, 8:55 pm

Hello hogter

I was thinking maybe it was windows update trying to download.

try going to task manager and see what is using all the cpu's

:Disable AVG Anti-Spyware:

    Please disable AVG Anti-Spyware until the computer is clean.

    • Open AVG Anti-Spyware by double-clicking the multi-colored box emblazoned with an 'S' in the system tray.
    • In the 'Resident Shield' section, toggle the AVG Anti-Spyware active protection 'off' by clicking 'Change state' which will then change the protection status to 'inactive'.
    • If you are instructed to reboot at any time during your cleanup, AVG Anti-Spyware will prompt you as to whether you would like to "Restart the Resident Shield".
    • Reply 'no' and set it to 'inactive' for the duration of your cleanup.

    Don't forget to re-enable it, when your computer is clean.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

Code: Select all
Folder::
C:\Users\All Users\Messenger Plus!
C:\ProgramData\Messenger Plus!

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Support audio cool poll"=-



Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

:information and logs:

    In your next post I need the following

      1.log from combofix
      2.let me know what you found out from task manager

Gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1816
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico

Re: cp ussage 100% please help

Unread postby gringo_pr » April 23rd, 2008, 6:34 pm

Hello

: three day bump :


It has been three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1816
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 49 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware