Slow running, browsing, error messages

Peggy101 · Joined: Jun 18, 2006 Posts: 5

One of our family PCs has been running extremely slow. My husband ran Spybot the other day and it errored out, showing something about 2 keyloggers. he didn't write down the message. When I tried to run Spybot today, it closed after flagging 2 errors in the database. One entry was related to GoldenPalaceCasino. Besides being slow, the computer is randomly rebooting. Here is the Hijack log from today. Thanks in advance for your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:26:09 PM, on 5/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll...searchf
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/yessentials_cq/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/yessentials_cq/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/yessentials_cq/defaults/sb/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Â¤uÂ¨Ã£Â¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Â¤uÂ¨Ã£Â¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win...activex
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cli.../wuweb_
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe

--
End of file - 8806 bytes

greyknight17 · Joined: Feb 03, 2003 Posts: 4868 Location: Brooklyn, NY

Download ATF Cleaner at http://www.atribune.org/ccount/click.php?id=1
Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.

If you use the Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser click 'Opera' at the top and choose 'Select All'
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

1. Download combofix at http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe or http://download.bleepingcomputer.com/sUBs/ComboFix.exe
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.

Peggy101 · Joined: Jun 18, 2006 Posts: 5

I hope I did this right. After ComboFix produced the log, I couldn't get to the desktop until I shut down.

Combofix log:

ComboFix 08-05-12.1 - William Haley 2008-05-13 20:51:45.1 - NTFSx86
Running from: C:\Documents and Settings\William Haley\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\rave
C:\WINDOWS\Downloaded Program Files\rave\avirexe.vdm
C:\WINDOWS\Downloaded Program Files\rave\avirscr.vdm
C:\WINDOWS\Downloaded Program Files\rave\base.vdm
C:\WINDOWS\Downloaded Program Files\rave\daily.vdm
C:\WINDOWS\Downloaded Program Files\rave\daily.vdt
C:\WINDOWS\Downloaded Program Files\rave\filters.vdm
C:\WINDOWS\Downloaded Program Files\rave\kernel.vdk
C:\WINDOWS\Downloaded Program Files\rave\keyring.vdk
C:\WINDOWS\Downloaded Program Files\rave\mapi_vdm.vdm
C:\WINDOWS\Downloaded Program Files\rave\modules.vdk
C:\WINDOWS\Downloaded Program Files\rave\rav8def.vdm
C:\WINDOWS\Downloaded Program Files\rave\rufs.vdm
C:\WINDOWS\Downloaded Program Files\rave\rufsplg.vdm
C:\WINDOWS\Downloaded Program Files\rave\unarch.vdm
C:\WINDOWS\Downloaded Program Files\rave\unmail.vdm
C:\WINDOWS\Downloaded Program Files\rave\unpack.vdm
C:\WINDOWS\hosts

.
((((((((((((((((((((((((( Files Created from 2008-04-14 to 2008-05-14 )))))))))))))))))))))))))))))))
.

2008-05-10 15:48 . 2008-05-10 15:48 <DIR> d-------- C:\Documents and Settings\William Haley\Application Data\Yahoo!
2008-05-10 14:27 . 2008-05-10 14:27 <DIR> d-------- C:\Documents and Settings\Peggy.DELL\Application Data\Leadertech
2008-05-10 14:27 . 2008-05-10 14:27 <DIR> d-------- C:\Documents and Settings\Peggy.DELL\Application Data\Lavasoft
2008-05-10 14:27 . 2008-05-10 14:27 <DIR> d-------- C:\Documents and Settings\Peggy.DELL\Application Data\Jasc Software Inc
2008-05-10 14:27 . 2008-05-10 14:27 <DIR> d-------- C:\Documents and Settings\Peggy.DELL\Application Data\InterVideo
2008-05-10 14:27 . 2008-05-10 14:27 <DIR> d-------- C:\Documents and Settings\Peggy.DELL\Application Data\dvdcss
2008-05-10 14:27 . 2008-05-10 14:27 <DIR> d-------- C:\Documents and Settings\Peggy.DELL\Application Data\AVG7
2008-05-10 14:27 . 2008-05-10 14:27 <DIR> d-------- C:\Documents and Settings\Peggy.DELL\Application Data\Apple Computer
2008-05-10 14:27 . 2008-05-10 14:27 <DIR> d-------- C:\Documents and Settings\Peggy.DELL\Application Data\AdobeUM
2008-05-10 14:27 . 2008-05-10 14:27 <DIR> d-------- C:\Documents and Settings\Peggy.DELL\Application Data\AdobeAUM
2008-05-10 14:27 . 2008-05-10 14:27 <DIR> d-------- C:\Documents and Settings\Peggy.DELL\Application Data\4200Series
2008-05-10 14:26 . 2008-05-10 14:26 <DIR> d-------- C:\Documents and Settings\Peggy.DELL\Application Data\Webshots
2008-05-10 14:26 . 2008-05-10 14:26 <DIR> d-------- C:\Documents and Settings\Peggy.DELL\Application Data\vlc
2008-05-10 14:26 . 2008-05-10 14:26 <DIR> d-------- C:\Documents and Settings\Peggy.DELL\Application Data\VCOM
2008-05-10 14:26 . 2008-05-10 14:26 <DIR> d-------- C:\Documents and Settings\Peggy.DELL\Application Data\Thunderbird
2008-05-10 14:26 . 2008-05-10 14:26 <DIR> d-------- C:\Documents and Settings\Peggy.DELL\Application Data\Template
2008-05-10 14:26 . 2008-05-10 14:26 <DIR> d-------- C:\Documents and Settings\Peggy.DELL\Application Data\Talkback
2008-05-10 14:26 . 2008-05-10 14:26 <DIR> d-------- C:\Documents and Settings\Peggy.DELL\Application Data\SmartFTP
2008-05-10 14:26 . 2008-05-10 14:26 <DIR> d-------- C:\Documents and Settings\Peggy.DELL\Application Data\Skype
2008-05-10 14:26 . 2008-05-10 14:26 <DIR> d-------- C:\Documents and Settings\Peggy.DELL\Application Data\Motive
2008-05-10 14:26 . 2005-09-24 23:34 108 --a------ C:\Documents and Settings\Peggy.DELL\Application Data\iScrobbler.ini
2008-05-10 14:25 . 2008-05-10 14:25 <DIR> d-------- C:\Documents and Settings\Peggy.DELL\.java
2008-05-10 14:15 . 2008-05-10 14:15 <DIR> d-------- C:\Documents and Settings\Peggy.DELL\Application Data\AVGTOOLBAR
2008-04-29 23:00 . 2008-05-05 08:33 <DIR> d--h----- C:\$AVG8.VAULT$
2008-04-29 22:32 . 2008-05-13 05:18 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-04-29 22:32 . 2008-04-29 22:32 <DIR> d-------- C:\Program Files\AVG
2008-04-29 22:32 . 2008-05-10 15:53 <DIR> d-------- C:\Documents and Settings\William Haley\Application Data\AVGTOOLBAR
2008-04-29 22:32 . 2008-05-03 06:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-29 22:32 . 2008-04-29 22:32 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-04-29 22:32 . 2008-04-29 22:32 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-04-29 22:32 . 2008-04-29 22:32 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-04-22 22:44 . 2008-05-01 06:58 376 --a------ C:\WINDOWS\system32\SDRemoveDB.db
2008-04-22 22:43 . 2008-05-13 06:48 63 --a------ C:\WINDOWS\system\SysSD.dll
2008-04-22 22:42 . 2008-04-15 10:29 12,752 --a------ C:\WINDOWS\system32\SDEarlyDelete.exe
2008-04-22 22:42 . 2008-04-22 22:42 110 --a------ C:\WINDOWS\system32\SDEarlyDelete.ini
2008-04-22 22:41 . 2008-04-22 22:47 <DIR> d-------- C:\Program Files\SpywareDetector
2008-04-22 22:41 . 2008-04-16 17:23 835,584 --a------ C:\WINDOWS\system32\CheckDll.dll
2008-04-21 22:53 . 2008-04-21 22:53 <DIR> dr-h----- C:\MSOCache
2008-04-21 09:41 . 2008-05-10 18:45 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-21 09:40 . 2008-05-09 02:47 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-04-21 09:40 . 2008-04-21 09:40 <DIR> d-------- C:\Documents and Settings\William Haley\Application Data\PC Tools
2008-04-21 09:40 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-21 09:40 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-21 09:40 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-21 09:40 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-14 01:48 4,787 ----a-w C:\WINDOWS\compaq.reg
2008-05-13 16:48 --------- d-----w C:\Documents and Settings\William Haley\Application Data\VERITAS
2008-05-10 20:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-10 19:43 --------- d-----w C:\Program Files\Symantec
2008-05-10 19:43 --------- d-----w C:\Program Files\Norton AntiVirus
2008-05-10 19:43 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-10 19:27 --------- d-----w C:\Documents and Settings\Peggy.DELL\Application Data\Aim
2008-05-10 19:26 --------- d-----w C:\Documents and Settings\Peggy.DELL\Application Data\VERITAS
2008-05-08 22:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2008-05-05 21:43 --------- d-----w C:\Documents and Settings\William Haley\Application Data\Apple Computer
2008-04-22 03:24 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-09 15:29 --------- d-----w C:\Program Files\Windows Media Connect 2
2003-10-13 05:25 23,040 ----a-w C:\Documents and Settings\Peg\chktrust.exe
2003-10-13 04:27 168,640 ----a-w C:\Documents and Settings\Peg\FixBlast.exe
2003-07-09 05:53 9,010,467 ----a-w C:\Program Files\installNAG.exe
2003-07-09 05:07 9,608,540 ----a-w C:\Program Files\QuickTimeInstallCache.qdat
2003-07-09 04:30 562,160 ----a-w C:\Program Files\QuickTimeInstaller.exe
2007-08-09 19:08 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 19:10 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-04-29 22:32 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-04-29 22:32 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-04-29 22:32 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:56 1667584]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27 385024]
"AIM"="C:\Program Files\AIM95\aim.exe" [2005-08-05 16:08 67160]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\PROGRA~1\MOZILL~1\plugins\NPSWF32_FlashUtil.exe" [2006-11-09 16:20 190072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2002-05-15 05:29 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-05-15 05:20 114688]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-05-09 10:01 155648]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2002-07-16 10:03 106549]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-07-04 19:55 212992]
"WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2002-02-20 21:40 143360]
"DDCM"="C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" [2002-06-08 03:18 122880]
"DDCActiveMenu"="C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" [2002-06-08 03:20 86016]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 23:34 36864]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe" [2002-08-02 00:10 146432]
"CPQEASYACC"="C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe" [2001-12-15 00:01 32768]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-29 22:32 1177368]

C:\Documents and Settings\Peggy\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2004-04-24 19:54:19 45056]

C:\Documents and Settings\Bill\Start Menu\Programs\Startup\
Registration-Studio 8.lnk - C:\Program Files\Pinnacle\Studio 8\Register\RegTool.exe [2004-04-18 23:46:53 241664]

C:\Documents and Settings\Claire\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1996-12-09 111376]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1996-12-09 51984]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDNotify]
C:\Program Files\SpywareDetector\SDNotify.dll 2008-04-16 17:04 446464 C:\Program Files\SpywareDetector\SDNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\AIM95\\aim.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-29 22:32]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-04-29 22:32]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-29 22:32]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-04-29 22:32]
R2 PackethSvc;Virtual NIC Service;C:\WINDOWS\System32\PackethSvc.exe [2001-08-10 01:46]
S3 msCMTSrvc;Content Monitoring Tool;C:\WINDOWS\system32\msCMTSrvc.exe []
S3 PRISM_USB;Linksys Wireless-B USB Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\LSPMUSB.sys [2003-10-02 01:48]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-10 00:16:34 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2002-08-02 08:01:51 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-13 21:09:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-13 21:21:23
ComboFix-quarantined-files.txt 2008-05-14 02:21:16

Pre-Run: 10,025,992,192 bytes free
Post-Run: 10,246,365,184 bytes free

191

greyknight17 · Joined: Feb 03, 2003 Posts: 4868 Location: Brooklyn, NY

I'm not seeing anything much here. Is it still slow?

Try running these scans if it's still sluggish.

Download ATF Cleaner at http://www.atribune.org/ccount/click.php?id=1
Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.

If you use the Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser click 'Opera' at the top and choose 'Select All'
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Download Malwarebytes ' Anti-Malware at http://www.besttechie.net/tools/mbam-setup.exe or http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html Double-click on mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to restart (see Extra Note below).
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & paste the entire report into your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Perform an online scan with Internet Explorer at Panda ActiveScan http://www.pandasoftware.com/products/activescan.htm

* Click on 'Scan your PC' button. There should be a popup - if you have a pop-up blocker, make sure it's not blocking it.
* Click 'Check Now' & a pop-up window will appear.
* Enter your Country, State and E-mail Address & click 'Scan Now' - begin downloading Panda's ActiveX controls (8 MB size).
* Begin the scan by selecting My Computer.
* If it finds any malware, it will offer you a report. Ignore any entry it finds (since it wants you to buy the program for removal) as we will address this later.
* Click on see report. Then click Save report.
* Post that log in your next reply.

peg777 · Joined: Oct 18, 2005 Posts: 11

I am sorry to be so late reporting back. The problem PC seemed to be better for a few weeks, then it started rebooting again. A friend advised doing a memory check, during which it started making a clicking noise. (Memory errors were found, but nothing drastic.) We opened up the box and there was a burning smell. I'm now operating on the theory that it was the power supply going that caused the random reboots, but the clicking sound concerns me. I stopped using the PC for now. If it's just a power supply, I guess they aren't that expensive, but if it's also the hard drive, or the memory is in need of replacement, I can't justify it given the age of the machine. Thanks for your help - at the time, it did look like a software problem, but I guess it was hardware after all.

greyknight17 · Joined: Feb 03, 2003 Posts: 4868 Location: Brooklyn, NY

The clicking sound are usually related to the hard drive. If you can open it up and try to locate the sound, that will narrow it down.

Check your motherboard for any blown capacitors as they can contribute to random reboots as well.

Since this topic is not malware related anymore, I will lock the topic.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.