PDA

View Full Version : Help ! Malware removal



will_
2010-01-13, 21:33
Hi,

I got help from this forum in 2008 and my Dell laptop worked perfectly ... until yesterday!!

I have attached a fresh a hijackthis log.

Any help would be much appreciated .

Thanks in advance,
Will

----------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:22:41, on 13/01/2010
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\cryptainersrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Documents and Settings\William\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\William\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-21-270229680-1456681938-310592775-1006\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-270229680-1456681938-310592775-1006\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R (User '?')
O4 - HKUS\S-1-5-21-270229680-1456681938-310592775-1006\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-270229680-1456681938-310592775-1006\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User '?')
O4 - HKUS\S-1-5-21-270229680-1456681938-310592775-1006\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" (User '?')
O4 - HKUS\S-1-5-21-270229680-1456681938-310592775-1006\..\Run: [Google Update] "C:\Documents and Settings\William\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-270229680-1456681938-310592775-1006 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')
O4 - S-1-5-21-270229680-1456681938-310592775-1006 Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe (User '?')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: IEWatch - {78E5BB46-9A20-402F-BA66-B5634D177D77} - C:\Program Files\IEWatch\IEWatch.dll
O9 - Extra 'Tools' menuitem: IEWatch - {78E5BB46-9A20-402F-BA66-B5634D177D77} - C:\Program Files\IEWatch\IEWatch.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Google Update Service (gupdate1ca0b5189563470) (gupdate1ca0b5189563470) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\WINDOWS\SYSTEM32\cryptainersrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13776 bytes

Shaba
2010-01-17, 19:00
Hi will_

Please go HERE (http://www.howtotell.com/) (Microsoft website) using Internet Explorer (NOTE: Do not use Firefox or any other browser as they won't work)
- Click on Windows Validation Assistant
- Click on the Validate Now button.
- Be patient while the ActiveX loads, do not click on any links.
- Read the instructions on this page while it's loading. You will be prompted to install - click YES.
- Enter your product key then click continue
- When it says "Validation Complete" please click Continue to return to your previous activity
- Copy what it says and paste it here.

will_
2010-01-23, 14:50
Hi Shaba,

I validated my Windows and I received the message below.

Can you give me help in removing any malware?

Thanks

-------------------------------------------------------------

Validation Complete!
Thank you for completing the validation process and for using genuine Microsoft software.

By using genuine Microsoft software, you can be confident that you will have access to the latest features, security, and support, which will help to improve your productivity and expand the capabilities of your computer.

You will also have access to new innovations and offerings available only to genuine Microsoft software customers.

Shaba
2010-01-24, 13:30
Thanks for that.

Please download SP1a from here (http://download.cnet.com/Windows-XP-Service-Pack-1a-SP1a/3000-2098_4-10147919.html), install it and post back a fresh HijackThis log afterwards.

will_
2010-01-25, 01:32
Hi Shaba,

As requested, I installed the file from your link and I have attached a fresh HJT log.

Thanks again


-----------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:27:29, on 24/01/2010
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\cryptainersrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\William\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = hermes2.ucc.ie:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\William\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-21-270229680-1456681938-310592775-1006\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R (User '?')
O4 - HKUS\S-1-5-21-270229680-1456681938-310592775-1006\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-270229680-1456681938-310592775-1006\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User '?')
O4 - HKUS\S-1-5-21-270229680-1456681938-310592775-1006\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" (User '?')
O4 - HKUS\S-1-5-21-270229680-1456681938-310592775-1006\..\Run: [Google Update] "C:\Documents and Settings\WilliamLocal Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-270229680-1456681938-310592775-1006 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')
O4 - S-1-5-21-270229680-1456681938-310592775-1006 Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe (User '?')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: IEWatch - {78E5BB46-9A20-402F-BA66-B5634D177D77} - C:\Program Files\IEWatch\IEWatch.dll
O9 - Extra 'Tools' menuitem: IEWatch - {78E5BB46-9A20-402F-BA66-B5634D177D77} - C:\Program Files\IEWatch\IEWatch.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Google Update Service (gupdate1ca0b5189563470) (gupdate1ca0b5189563470) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\WINDOWS\SYSTEM32\cryptainersrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13650 bytes

Shaba
2010-01-25, 06:59
Download at your desktop DDS from one of the links below:

Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://www.forospyware.com/sUBs/dds)

Double click the tool to run it.
A black Screen will open, just read the contents and do nothing.
When the tool finish it will open 2 reports.
Copy/paste both reports back here and remove DDS from your desktop.

will_
2010-01-25, 21:26
Hi Shaba,

Both logs are attached below.

Thanks,
Will

-------------------------------------------------------------------



DDS (Ver_09-12-01.01) - NTFSx86
Run by William at 13:10:18.37 on 25/01/2010
Internet Explorer: 6.0.2800.1106

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html
uInternet Settings,ProxyServer = hermes2.ucc.ie:8080
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: N/A: {4d25f926-b9fe-4682-bf72-8ab8210d6d75} - c:\program files\mywaysa\srchasde\1.bin\deSrcAs.dll
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: PCTools Site Guard: {5c8b2a36-3db1-42a4-a3cb-d426709bbfeb} - c:\progra~1\spywar~1\tools\iesdsg.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: PCTools Browser Monitor: {b56a7d7d-6927-48c8-a975-17df180c71ac} - c:\progra~1\spywar~1\tools\iesdpb.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: &IEWatch: {e69657ff-19ac-4849-bf35-91243eef1687} - c:\program files\iewatch\IEWatch.dll
uRun: [Creative Detector] c:\program files\creative\mediasource\detector\CTDetect.exe /R
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Spyware Doctor] "c:\program files\spyware doctor\swdoctor.exe" /Q
uRun: [DellTransferAgent] "c:\documents and settings\all users\application data\dell\transferagent\TransferAgent.exe"
uRun: [Google Update] "c:\documents and settings\william\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [gcasServ] "c:\program files\microsoft antispyware\gcasServ.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 7.0\avp.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [BOC-425] c:\progra~1\comodo\cboclean\BOC425.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &NeoTrace It! - c:\progra~1\neotra~1\NTXcontext.htm
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 7.0\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 7.0\SCIEPlgn.dll
IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021} - c:\progra~1\spywar~1\tools\iesdpb.dll
IE: {78E5BB46-9A20-402F-BA66-B5634D177D77} - {E69657FF-19AC-4849-BF35-91243EEF1687} - c:\program files\iewatch\IEWatch.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.snapfish.com/SnapfishActivia.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} - hxxp://imlive.com/ChatSource/gVideoContol.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1.0\adialhk.dll
SEH: CShellExecuteHookImpl Object: {54d9498b-cf93-414f-8984-8ce7fde0d391} - c:\program files\ewido\security suite\shellhook.dll
SEH: Microsoft.AntiSpyware.ShellExecuteHook.1: {9ef34ff2-3396-4527-9d27-04c8c1c67806} - c:\program files\microsoft antispyware\shellextension.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\willia~1\applic~1\mozilla\firefox\profiles\cb4rf3k2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\documents and settings\william\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppsynth.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\photosynth\nppsynth.dll

============= SERVICES / DRIVERS ===============

R? ewido security suite guard;ewido security suite guard
R? gupdate1ca0b5189563470;Google Update Service (gupdate1ca0b5189563470)
R? IKFileSec;File Security Driver
R? NTPASp50;NTPASp50 NDIS Protocol Driver
S? AVP;Kaspersky Internet Security 7.0
S? BOCore;BOCore
S? ewido security suite control;ewido security suite control
S? ewido security suite driver;ewido security suite driver
S? IKSysFlt;System Filter Driver
S? IKSysSec;System Security Driver
S? kl1;kl1
S? klif;klif
S? klim5;Kaspersky Anti-Virus NDIS Filter
S? PCTCore;PCTools KDS
S? sdAuxService;PC Tools Auxiliary Service
S? sdCoreService;PC Tools Security Service
S? ssoftnt4;ssoftnt4
S? Viewpoint Manager Service;Viewpoint Manager Service

=============== Created Last 30 ================

2010-01-24 23:34:22 167704 ----a-w- c:\windows\system32\wuaucpl.cpl
2010-01-24 22:43:54 0 d-----w- c:\windows\ServicePackFiles
2010-01-24 22:43:53 0 d-----w- c:\windows\ehome
2010-01-24 22:34:58 311327 ----a-w- c:\windows\system32\wmv8dmod.dll
2010-01-24 22:34:58 296448 ----a-w- c:\windows\system32\wmstream.dll
2010-01-24 22:34:58 278559 ----a-w- c:\windows\system32\wmv8ds32.ax
2010-01-24 22:34:57 118784 ----a-w- c:\windows\system32\wmsdmoe.dll
2010-01-24 22:34:39 77824 ----a-w- c:\windows\system32\wmpstub.exe
2010-01-24 22:32:38 61952 ----a-w- c:\windows\system32\webclnt.dll
2010-01-24 22:31:59 120320 ----a-w- c:\windows\system32\upnp.dll
2010-01-24 22:30:59 43008 ----a-w- c:\windows\system32\ssdpsrv.dll
2010-01-24 22:28:59 56320 ----a-w- c:\windows\system32\remotepg.dll
2010-01-24 22:27:40 137216 ----a-w- c:\windows\system32\ntshrui.dll
2010-01-24 22:27:35 392704 ----a-w- c:\windows\system32\ntmssvc.dll
2010-01-24 22:27:35 38400 ----a-w- c:\windows\system32\ntmsapi.dll
2010-01-24 22:27:35 38400 ----a-w- c:\windows\system32\ntlanman.dll
2010-01-24 22:27:35 165888 ----a-w- c:\windows\system32\ntmsdba.dll
2010-01-24 22:27:35 112128 ----a-w- c:\windows\system32\ntmarta.dll
2010-01-24 22:27:23 33808 ----a-w- c:\windows\system32\ntio.sys
2010-01-24 22:27:16 49152 ----a-w- c:\windows\system32\npptools.dll
2010-01-24 22:27:13 95744 ----a-w- c:\windows\system32\nlhtml.dll
2010-01-24 22:27:13 24576 ----a-w- c:\windows\system32\nmmkcert.dll
2010-01-24 22:27:13 238080 ----a-w- c:\windows\system32\newdev.dll
2010-01-24 22:27:11 1677312 ------w- c:\windows\system32\wmvcore2.dll
2010-01-24 22:25:57 327040 ------w- c:\windows\system32\drivers\ati2mtaa.sys
2010-01-24 22:24:47 421919 ----a-w- c:\windows\system32\msrd2x40.dll
2010-01-24 22:24:44 81408 ----a-w- c:\windows\system32\msoert2.dll
2010-01-24 22:24:44 348191 ----a-w- c:\windows\system32\mspbde40.dll
2010-01-24 22:24:44 339968 ----a-w- c:\windows\system32\mspaint.exe
2010-01-24 22:24:44 228864 ----a-w- c:\windows\system32\msoeacct.dll
2010-01-24 22:24:44 131072 ----a-w- c:\windows\system32\msorcl32.dll
2010-01-24 22:24:33 319760 ----a-w- c:\windows\system32\msnsspc.dll
2010-01-24 22:24:18 174592 ----a-w- c:\windows\system32\msnetobj.dll
2010-01-24 22:22:57 504320 ----a-w- c:\windows\system32\logonui.exe
2010-01-24 22:22:56 219648 ----a-w- c:\windows\system32\logon.scr
2010-01-24 22:22:56 10240 ----a-w- c:\windows\system32\localui.dll
2010-01-24 22:22:55 57856 ----a-w- c:\windows\system32\licwmi.dll
2010-01-24 22:22:55 381440 ----a-w- c:\windows\system32\lmrt.dll
2010-01-24 22:22:55 19456 ----a-w- c:\windows\system32\licmgr10.dll
2010-01-24 22:22:55 15586 ----a-w- c:\windows\system32\wbem\licwmi.mof
2010-01-24 22:16:43 19456 ----a-w- c:\windows\system32\fontview.exe
2010-01-24 22:15:58 32768 ----a-w- c:\windows\system32\cfgbkend.dll
2010-01-12 23:38:14 25065 ----a-w- c:\windows\system32\wmpscheme.xml
2010-01-12 23:38:12 299552 ----a-w- c:\windows\WMSysPrx.prx
2010-01-12 23:34:33 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2010-01-12 23:34:24 749 ---ha-r- c:\windows\WindowsShell.Manifest
2010-01-12 23:34:24 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2010-01-12 23:34:24 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2010-01-12 23:34:24 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2010-01-12 23:33:55 40960 ----a-w- c:\windows\system32\safrslv.dll
2010-01-12 23:33:54 39424 ----a-w- c:\windows\system32\safrcdlg.dll
2010-01-12 23:33:54 33280 ----a-w- c:\windows\system32\racpldlg.dll
2010-01-12 23:33:54 26624 ----a-w- c:\windows\system32\safrdm.dll
2010-01-12 23:33:49 69248 ----a-w- c:\windows\system32\drivers\sr.sys
2010-01-12 23:33:48 28672 ----a-w- c:\windows\system32\isrdbg32.dll
2010-01-12 23:33:47 32768 ----a-w- c:\windows\system32\mnmsrvc.exe
2010-01-12 23:33:42 47616 ----a-w- c:\windows\system32\inetres.dll
2010-01-12 23:33:41 69632 ----a-w- c:\windows\system32\icwdial.dll
2010-01-12 23:33:41 61440 ----a-w- c:\windows\system32\icwphbk.dll
2010-01-12 23:33:40 77824 ----a-w- c:\windows\system32\isign32.dll
2010-01-12 23:33:40 266240 ----a-w- c:\windows\system32\inetcfg.dll
2010-01-12 23:30:58 53248 ----a-w- c:\windows\system32\servdeps.dll
2010-01-12 23:30:58 16384 ----a-w- c:\windows\system32\mmfutil.dll
2010-01-12 23:30:57 174592 ----a-w- c:\windows\system32\cmprops.dll
2010-01-12 23:30:46 182400 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2010-01-12 23:29:26 50048 ----a-w- c:\windows\system32\drivers\DMusic.sys
2010-01-12 23:29:03 56576 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-01-12 23:27:28 4096 ----a-w- c:\windows\system32\ksuser.dll
2010-01-12 23:27:28 117248 ----a-w- c:\windows\system32\ksproxy.ax
2010-01-12 23:27:21 67072 ----a-w- c:\windows\system32\usbui.dll
2010-01-12 23:27:21 51968 ----a-w- c:\windows\system32\drivers\usbhub.sys
2010-01-12 23:27:21 19328 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2010-01-12 23:27:21 135552 ----a-w- c:\windows\system32\drivers\usbport.sys
2010-01-12 23:26:53 38024 ----a-w- c:\windows\system32\drivers\termdd.sys
2010-01-12 20:04:31 0 d-----w- c:\docume~1\alluse~1\applic~1\BOC425
2010-01-12 20:04:26 13940 ----a-w- c:\windows\BOC425.INI
2010-01-12 19:53:51 135168 ----a-w- c:\windows\system32\igfxres.dll

==================== Find3M ====================

2010-01-25 19:11:33 136224 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-01-25 19:01:04 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-01-25 18:52:42 859424 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-01-24 23:37:42 81524 --sha-w- c:\windows\system32\drivers\fidbox2.idx
1999-04-23 22:22:22 12 -csha-w- c:\windows\system\WININETICMP32.drv
2007-10-05 16:39:13 56 --sh--r- c:\windows\system32\991FF2E89D.sys
2007-10-05 16:39:13 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 13:21:32.52 ===============








UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)


==== Disk Partitions =========================


==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Ad-Aware SE Personal
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.2
Adobe Stock Photos 1.0
Amazon MP3 Downloader 1.0.8
AOLIcon
Apple Mobile Device Support
Apple Software Update
AviSynth 2.5
Beneath a Steel Sky
BitComet 0.70
BOClean
Bonjour
Broadcom Management Programs
CadStd
Celestia 1.3.2
Conexant D480 MDC V.9x Modem
Creative Jukebox Driver
Creative MediaSource
Creative Removable Disk Manager
Creative System Information
Cryptainer LE
Cryptainer PE
DELG Driver Theory Test
Dell Driver Reset Tool
Dell Media Experience
Dell Photo Printer 720
Dell Photo Printer 720 Logger
Dell Picture Studio v3.0
Dell System Restore
DellSupport
Digital Line Detect
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EarthLink setup files
EncryptOnClick
ewido security suite
FileZilla (remove only)
Gimp 2.6.1
Google Chrome
Google Earth
Google Update Helper
Google Updater
HijackThis 2.0.2
IEWatch 3.0
Intel(R) Extreme Graphics 2 Driver
Intel(R) PROSet/Wireless Software
Internet Explorer Default Page
iPod for Windows 2005-06-26
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
JavaCore
Kaspersky Internet Security 7.0
Kaspersky Online Scanner
KeyNote 1.6.5
Konfabulator
Learn2 Player (Uninstall Only)
Light Artist 1.2
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Flash Player
Macromedia Shockwave Player
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Beta 2
Microsoft AntiSpyware
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft SQL Native Client
Microsoft SQL Server 2005 Express Edition CTP (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition CTP
Microsoft SQL Server Setup Support Files (English)
Microsoft VC9 runtime libraries
Microsoft XML Parser
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.0.14)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
mToolkit
mWlsSafe
mXML
My Way Search Assistant
mZConfig
NeoTrace Pro 3.25 Trial
NetWaiting
NoDNS
Norton Security Center
oggcodecs 0.71.0946
Opera
PCIxx20
PDF reDirect (remove only)
Photo Click
PhotoBox 3.2.5
Photomatix Pro version 3.0
Picasa 2
PIXresizer 1.0.9
PodUtil 2.7.1
PowerDVD 5.5
PSP Video 9 1.74
QuickTime
RealPlayer
Replay Music 2.4
Safari
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Skype™ 4.0
SmartDraw 2009
SnagIt 8
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spree Screen Saver
Spyware Doctor 6.0
SQLXML 4.0
StationRipper 2.33C
StickyPad
Synaptics Pointing Device Driver
Texas Instruments PCIxx20 drivers.
Together We're Heavy
VideoLAN VLC media player 0.8.5
Viewpoint Media Player
Vodafone 804SS USB driver Software
WebFldrs XP
WinAce Archiver
Windows Imaging Component
Windows Media Format Runtime
Windows Media Player 10
WinZip
WordPerfect Office 12
xInsIDE

==== End Of File ===========================

Shaba
2010-01-25, 21:55
Have you disabled system restore?

will_
2010-01-25, 22:06
I just checked the System Properties and the "Turn off System Restore" box is not checked.

I had to do a repair install 2 weeks ago.

Shaba
2010-01-26, 07:10
Thanks for update.

Which program finds malware and where it is according to it?

will_
2010-01-26, 17:15
Hi Shaba,

I use Kaspersky anti-virus software. My computer still runs slow after multiple scans. It does not mention exactly where the malware is but it says I have some infected areas which I have quarintined.

I had similiar trouble in February 2008 and the help I got from this board fixed my machine (link to my old post below). Any ideas ?

http://forums.spybot.info/showthread.php?t=25063

Shaba
2010-01-26, 22:33
Well I need further information.

Please post next kaspersky report.

will_
2010-01-31, 22:26
Apologies for the delay in responding ... no internet for last few days.

Find attached a Kaspersky report. These are the types of threats that the anti-virus is picking up.

If you need anymore info let me know.

Thanks,
Will

Shaba
2010-02-01, 16:40
Yes but I need locations as well.

Please copy kaspersky report as is :)

will_
2010-02-01, 23:11
Hi again Shaba.

The report is copied as-is below ...

Thanks

-------------------------------------


Protection : running
--------------------
Total scanned: 18045
Detected: 49
Untreated: 0
Attacks blocked: 0
Start time: 01/02/2010 20:45:14
Duration: 00:21:12


Detected
--------
Status Object
------ ------
deleted: adware not-a-virus:AdWare.Win32.MyWay.v File: c:\program files\mywaysa\srchasde\1.bin\desrcas.dll
deleted: adware not-a-virus:AdWare.Win32.MyWay.v File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0000318.dll
detected: riskware Invader Running process: C:\WINDOWS\explorer.exe
detected: riskware Invader Running process: C:\Documents and Settings\William\Local Settings\Temp\RarSFX0\bosetup.exe
detected: riskware Invader Running process: C:\Program Files\Comodo\CBOClean\BOCore.exe
detected: riskware Hidden install Running process: C:\Documents and Settings\William\Local Settings\Temp\RarSFX0\bosetup.exe
detected: riskware Invader Running process: C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
detected: riskware Invader Running process: C:\WINDOWS\system32\svchost.exe
detected: riskware Invader Running process: C:\WINDOWS\UNBOC.EXE
detected: riskware Invader Running process: C:\Program Files\DellSupport\DSAgnt.exe
detected: riskware Invader Running process: C:\WINDOWS\system32\wuauclt.exe
detected: riskware Invader Running process: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
detected: riskware Invader Running process: C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
detected: riskware Invader Running process: C:\Program Files\DellSupport\DSBrws.exe
detected: riskware Invader Running process: C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
detected: riskware Invader Running process: C:\Documents and Settings\William\Local Settings\Application Data\Mozilla\Firefox\Mozilla Firefox\updates\0\updater.exe
detected: riskware Invader Running process: C:\Documents and Settings\William\Desktop\RealPlayer11GOLD.exe
detected: riskware Invader Running process: C:\Documents and Settings\William\Local Settings\Temp\temp0.exe
detected: riskware Invader Running process: C:\Documents and Settings\William\Local Settings\Temp\rninst~0\RealPlayer11GOLD.exe
detected: riskware Invader Running process: C:\Documents and Settings\William\Local Settings\Temp\~rnsetup\defenc.exe
detected: riskware Invader Running process: C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
detected: riskware Invader Running process: C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
detected: riskware Invader Running process: C:\Program Files\WinZip\WINZIP32.EXE
detected: riskware Invader Running process: C:\Program Files\WinZip\WZSRVR32.EXE
detected: riskware Invader Running process: C:\WINDOWS\system32\userinit.exe
detected: riskware Invader Running process: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
detected: riskware Invader Running process: C:\Program Files\Spyware Doctor\pctsSvc.exe
detected: riskware Hidden install Running process: C:\Documents and Settings\William\Local Settings\Temp\AIM_6.9.13.4\postproc.exe
deleted: Trojan program Trojan-Spy.Win32.Zbot.rrn File: C:\WINDOWS\system32\~.exe//PE_Patch.UPX//UPX
deleted: Trojan program Trojan-Spy.Win32.Zbot.rrn File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP39\A0011362.exe//PE_Patch.UPX//UPX
detected: riskware Invader Running process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
detected: riskware Invader Running process: C:\WINDOWS\system32\spoolsv.exe
deleted: Trojan program Trojan-Downloader.Java.OpenConnection.at File: C:\Documents and Settings\William\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmseria.jar-2eb18e3f-6832f1b8.zip/vlocal.class
deleted: Trojan program Trojan.Win32.Cosmu.cda File: C:\Documents and Settings\William\Local Settings\Temp\incosnet.tmp
deleted: Trojan program Packed.Win32.Krap.ag File: C:\Documents and Settings\William\Local Settings\Temp\maccsnet.tmp
deleted: Trojan program Packed.Win32.PECompact (modification) File: C:\Documents and Settings\William\Local Settings\Temp\prun.tmp//PE_Patch.PECompact//PecBundle//PECompact
deleted: Trojan program Packed.Win32.PECompact (modification) File: C:\Documents and Settings\William\Local Settings\Temp\xpre.tmp//PE_Patch.PECompact//PecBundle//PECompact
deleted: Trojan program Exploit.JS.Pdfka.ec File: C:\Documents and Settings\William\Local Settings\Temp\plugtmp-13\plugin-pdf.php//data0000
deleted: Trojan program Trojan.Win32.Vilsel.kfh File: C:\WINDOWS\system32\xa.tmp//PE_Patch.Molebox//Molebox
deleted: Trojan program Packed.Win32.TDSS.z File: C:\WINDOWS\system32\spool\prtprocs\w32x86\AA.tmp
deleted: Trojan program Packed.Win32.TDSS.z File: C:\WINDOWS\Temp\AB.tmp
detected: riskware Invader Running process: C:\WINDOWS\system32\rundll32.exe
detected: riskware Invader Running process: C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
detected: riskware Invader Running process: C:\WINDOWS\system32\dumprep.exe
detected: riskware Invader Running process: C:\Program Files\Common Files\Real\Update_OB\realonemessagecenter.exe
detected: riskware Invader Running process: C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
detected: riskware Invader Running process: C:\Program Files\Microsoft AntiSpyware\gcasServAlert.exe
detected: riskware Invader Running process: C:\Documents and Settings\William\Local Settings\Temp\19.tmp\Assoc.cmd
detected: riskware Invader Running process: C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe

Shaba
2010-02-02, 16:02
OK so it deleted threats and the rest are no threats.

How much RAM you have?

will_
2010-02-02, 22:19
Hi Shaba,

I am running about 1GB of RAM.

I had a similar problem 2 years ago (see thread below) and my computer ran perfectly after I followed the steps.

http://forums.spybot.info/showthread.php?t=25063

Thanks,
Will

Shaba
2010-02-03, 19:31
How old is windows installation?

will_
2010-02-03, 19:41
It's a windows installation from 2005.

Shaba
2010-02-03, 21:46
So if windows installation is 5 years old it surely is slow.

Easiest way to get back initial speed is to reformat & reinstall. Another is adding more RAM. I can suggest also other methods but they won't be as effective as windows installation is very old.

will_
2010-02-07, 23:30
Hi Shaba,

I will try a different forum for help if you do not have any more suggestions.

I agree that adding RAM will speed up the system but I am pretty sure I have a malware infection because my system started running slowly very suddenly in December.

Thanks again

Shaba
2010-02-08, 07:07
Well there are absolutely no signs of malware :)

You will have to accept that if windows installation is years old it will turn into very slow sometime; it can turn of out of the blue as well.

Shaba
2010-02-28, 19:32
Due to the lack of feedback this Topic is closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

Everyone else please begin a New Topic.