Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92366 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] PC running slow and low virtual memory


  • This topic is locked This topic is locked
2 replies to this topic

#1 frosties77

frosties77

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 01 November 2009 - 09:23 AM

Hi all!
Was wondering if i could get some help please with my pc.
Whne starting up the pc it is running much slower than usual, and I keep getting low virtual memory alerts. I do use CCleaner and Malwarebytes on a ddaily basis, and to my (limited) knowledge there appears to be no infection. However over the past 2 weeks it is running much slower than usual, and the low virtual message comes up frequently.
Any help would be appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:30:07, on 01/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\SYSTEM32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/01 15:08
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepeal[1].sys
Image Path: H:\WINDOWS\system32\drivers\rootrepeal[1].sys
Address: 0xF39FB000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden Services
-------------------
Service Name: vnuht
Image Path: %SystemRoot%\system32\svchost.exe -k netsvcs

==EOF==

DDS (Ver_09-06-26.01) - NTFSx86
Run by User at 15:00:58.75 on 01/11/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.191.18 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

H:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
H:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Explorer.EXE
svchost.exe
H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
H:\PROGRA~1\AVG\AVG8\avgrsx.exe
H:\WINDOWS\system32\svchost.exe -k imgsvc
H:\PROGRA~1\AVG\AVG8\avgnsx.exe
H:\PROGRA~1\AVG\AVG8\avgemc.exe
H:\Program Files\AVG\AVG8\avgcsrvx.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\WINDOWS\system32\VTTimer.exe
H:\Program Files\Browser Mouse\mouse32a.exe
H:\Program Files\BroadJump\Client Foundation\CFD.exe
H:\PROGRA~1\AVG\AVG8\avgtray.exe
H:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
H:\WINDOWS\tsnpstd3.exe
H:\WINDOWS\vsnpstd3.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
H:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
H:\Program Files\Common Files\Teleca Shared\Generic.exe
H:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
H:\WINDOWS\system32\NOTEPAD.EXE
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Windows Live\Toolbar\wltuser.exe
H:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\0EDLZ9DZ\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.virginmedia.com/
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - h:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - h:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - h:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - h:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - h:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - h:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - h:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - h:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - h:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - h:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - h:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - h:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - h:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - h:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - h:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - h:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - h:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - h:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - h:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - h:\program files\ask.com\GenericAskToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - h:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - h:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [CTFMON.EXE] h:\windows\system32\ctfmon.exe
uRun: [Advanced SystemCare 3] "h:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [swg] h:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [FLMOFFICE4DMOUSE] h:\program files\browser mouse\mouse32a.exe
mRun: [BJCFD] h:\program files\broadjump\client foundation\CFD.exe
mRun: [AVG8_TRAY] h:\progra~1\avg\avg8\avgtray.exe
mRun: [Sony Ericsson PC Suite] "h:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [QuickTime Task] "h:\program files\quicktime\qttask.exe" -atboottime
mRun: [tsnpstd3] h:\windows\tsnpstd3.exe
mRun: [snpstd3] h:\windows\vsnpstd3.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "h:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe Reader Speed Launcher] "h:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
dRun: [CTFMON.EXE] h:\windows\system32\CTFMON.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - h:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - h:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - h:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;h:\windows\system32\drivers\avgldx86.sys [2009-5-12 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;h:\windows\system32\drivers\avgmfx86.sys [2009-5-12 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;h:\windows\system32\drivers\avgtdix.sys [2009-5-12 108552]
R2 fssfltr;FssFltr;h:\windows\system32\drivers\fssfltr_tdi.sys [2009-10-26 54752]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);h:\windows\system32\drivers\w300mgmt.sys [2009-5-25 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;h:\windows\system32\drivers\w300obex.sys [2009-5-25 85696]

=============== Created Last 30 ================

2009-11-01 14:15 <DIR> --d----- h:\program files\Trend Micro
2009-10-28 09:42 1,089,593 -c------ h:\windows\system32\dllcache\ntprint.cat
2009-10-28 06:17 <DIR> --d----- h:\windows\system32\XPSViewer
2009-10-28 06:15 89,088 -c------ h:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-28 06:15 117,760 -------- h:\windows\system32\prntvpt.dll
2009-10-28 06:15 597,504 -c------ h:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-28 06:15 575,488 -c------ h:\windows\system32\dllcache\xpsshhdr.dll
2009-10-28 06:15 575,488 -------- h:\windows\system32\xpsshhdr.dll
2009-10-28 06:15 1,676,288 -c------ h:\windows\system32\dllcache\xpssvcs.dll
2009-10-28 06:15 1,676,288 -------- h:\windows\system32\xpssvcs.dll
2009-10-28 06:15 <DIR> --d----- H:\dd189e9c290ca7686383b52fa9f3
2009-10-27 12:00 215,920 a------- h:\windows\system32\muweb.dll
2009-10-27 11:59 274,288 a------- h:\windows\system32\mucltui.dll
2009-10-27 11:59 16,736 a------- h:\windows\system32\mucltui.dll.mui
2009-10-26 11:56 <DIR> --d----- h:\documents and settings\user\Tracing
2009-10-26 11:51 54,752 a------- h:\windows\system32\drivers\fssfltr_tdi.sys
2009-10-26 11:36 3,426,072 a------- h:\windows\system32\d3dx9_32.dll
2009-10-26 11:35 <DIR> --d----- h:\program files\Microsoft SQL Server Compact Edition
2009-10-26 11:29 <DIR> --d----- h:\program files\Microsoft
2009-10-26 11:29 <DIR> --d----- h:\program files\Windows Live SkyDrive
2009-10-26 11:20 <DIR> --d----- h:\program files\common files\Windows Live
2009-10-26 11:06 594,432 -c------ h:\windows\system32\dllcache\msfeeds.dll
2009-10-26 11:06 55,296 -c------ h:\windows\system32\dllcache\msfeedsbs.dll
2009-10-26 11:06 246,272 -c------ h:\windows\system32\dllcache\ieproxy.dll
2009-10-26 11:06 12,800 -c------ h:\windows\system32\dllcache\xpshims.dll
2009-10-26 11:06 1,985,536 -c------ h:\windows\system32\dllcache\iertutil.dll
2009-10-25 21:34 <DIR> --dsh--- h:\documents and settings\user\PrivacIE
2009-10-25 20:54 <DIR> --d----- h:\windows\system32\scripting
2009-10-25 20:54 <DIR> --d----- h:\windows\l2schemas
2009-10-25 20:54 <DIR> --d----- h:\windows\system32\en
2009-10-25 20:54 <DIR> --d----- h:\windows\system32\bits
2009-10-25 20:44 <DIR> --d----- h:\windows\network diagnostic
2009-10-25 20:36 <DIR> --d----- h:\windows\EHome
2009-10-25 19:42 <DIR> --dsh--- h:\documents and settings\user\IETldCache
2009-10-25 19:39 <DIR> --d----- h:\windows\ie8updates
2009-10-25 19:35 <DIR> -cd-h--- h:\windows\ie8
2009-10-25 19:27 100,352 -c------ h:\windows\system32\dllcache\iecompat.dll
2009-10-21 22:10 760 -c------ h:\windows\system32\dllcache\cloapph.gif
2009-10-21 22:09 81,920 -------- h:\windows\system32\ieencode.dll
2009-10-21 22:09 6,144 -------- h:\windows\system32\kbdbhc.dll
2009-10-21 22:09 6,144 -------- h:\windows\system32\kbdiultn.dll
2009-10-21 22:09 6,144 -------- h:\windows\system32\kbdpash.dll
2009-10-21 22:09 6,144 -------- h:\windows\system32\kbdnepr.dll
2009-10-21 22:09 61,440 -------- h:\windows\system32\kmsvc.dll
2009-10-21 22:09 37,376 -------- h:\windows\system32\l2gpstore.dll
2009-10-21 22:09 290,816 -c------ h:\windows\system32\dllcache\l3codeca.acm
2009-10-21 22:08 457,607 -c------ h:\windows\system32\dllcache\mdlib.wmv
2009-10-21 22:08 184,320 -------- h:\windows\system32\microsoft.managementconsole.dll
2009-10-21 22:08 397,312 -------- h:\windows\system32\mmcex.dll
2009-10-21 22:08 106,496 -------- h:\windows\system32\mmcfxcommon.dll
2009-10-21 22:08 33,792 -------- h:\windows\system32\mmcperf.exe
2009-10-21 22:06 403 -c------ h:\windows\system32\dllcache\npdrmv2.zip
2009-10-21 22:05 10,240 -------- h:\windows\system32\drivers\sffp_mmc.sys
2009-10-21 21:59 1,309,184 -------- h:\windows\system32\drivers\mtlstrm.sys
2009-10-19 22:51 1,435,648 -c------ h:\windows\system32\dllcache\query.dll
2009-10-19 22:49 58,880 -c------ h:\windows\system32\dllcache\msasn1.dll
2009-10-19 16:38 <DIR> --d----- h:\windows\system32\wbem\Repository
2009-10-04 16:10 <DIR> --d----- h:\windows\ServicePackFiles
2009-10-04 02:58 1,315,328 -c------ h:\windows\system32\dllcache\msoe.dll
2009-10-03 11:30 <DIR> --d----- h:\windows\system32\ReinstallBackups
2009-10-03 11:29 <DIR> --d----- h:\program files\MSXML 4.0
2009-10-03 11:29 <DIR> --d----- h:\windows\system32\PreInstall
2009-10-03 11:28 <DIR> --d----- h:\program files\Astroburn Toolbar
2009-10-03 11:28 <DIR> --d----- h:\program files\Astroburn
2009-10-03 11:01 203,136 -c------ h:\windows\system32\dllcache\rmcast.sys
2009-10-03 11:00 333,952 -c------ h:\windows\system32\dllcache\srv.sys
2009-10-03 11:00 691,712 -c------ h:\windows\system32\dllcache\inetcomm.dll
2009-10-03 10:59 337,408 -c------ h:\windows\system32\dllcache\netapi32.dll
2009-10-03 10:59 2,560 -------- h:\windows\system32\xpsp4res.dll
2009-10-03 10:59 215,552 -c------ h:\windows\system32\dllcache\wordpad.exe
2009-10-03 10:58 1,847,168 -c------ h:\windows\system32\dllcache\win32k.sys
2009-10-03 10:58 361,600 -c------ h:\windows\system32\dllcache\tcpip.sys
2009-10-03 10:58 138,496 -c------ h:\windows\system32\dllcache\afd.sys
2009-10-03 10:58 225,856 -c------ h:\windows\system32\dllcache\tcpip6.sys
2009-10-03 10:58 245,248 -c------ h:\windows\system32\dllcache\mswsock.dll
2009-10-03 10:58 147,968 -c------ h:\windows\system32\dllcache\dnsapi.dll
2009-10-03 10:58 272,128 -c------ h:\windows\system32\dllcache\bthport.sys
2009-10-03 10:58 272,128 -------- h:\windows\system32\drivers\bthport.sys
2009-10-03 10:55 284,160 -c------ h:\windows\system32\dllcache\pdh.dll
2009-10-03 10:55 401,408 -c------ h:\windows\system32\dllcache\rpcss.dll
2009-10-03 10:55 110,592 -c------ h:\windows\system32\dllcache\services.exe
2009-10-03 10:55 473,600 -c------ h:\windows\system32\dllcache\fastprox.dll
2009-10-03 10:55 227,840 -c------ h:\windows\system32\dllcache\wmiprvse.exe
2009-10-03 10:55 453,120 -c------ h:\windows\system32\dllcache\wmiprvsd.dll
2009-10-03 10:55 730,112 -c------ h:\windows\system32\dllcache\lsasrv.dll
2009-10-03 10:55 617,472 -c------ h:\windows\system32\dllcache\advapi32.dll
2009-10-03 10:55 714,752 -c------ h:\windows\system32\dllcache\ntdll.dll
2009-10-03 10:55 2,145,280 -c------ h:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-03 10:55 2,189,184 -c------ h:\windows\system32\dllcache\ntoskrnl.exe
2009-10-03 10:54 2,023,936 -c------ h:\windows\system32\dllcache\ntkrpamp.exe
2009-10-03 10:54 455,296 -c------ h:\windows\system32\dllcache\mrxsmb.sys
2009-10-03 10:53 26,144 a------- h:\windows\system32\spupdsvc.exe
2009-10-02 18:18 <DIR> --d----- h:\program files\IObit
2009-10-02 18:18 <DIR> --d----- h:\docume~1\user\applic~1\IObit
2009-10-02 17:52 1,645,320 a------- h:\windows\system32\gdiplus.dll
2009-10-02 17:51 <DIR> --d----- h:\program files\BurnAware Free
2009-10-02 17:51 <DIR> --d----- h:\program files\Ask.com

==================== Find3M ====================

2009-10-25 21:38 33,061 a------- h:\windows\king-uninstall.exe
2009-10-25 20:58 76,487 a------- h:\windows\pchealth\helpctr\offlinecache\index.dat
2009-09-11 14:18 136,192 a------- h:\windows\system32\msv1_0.dll
2009-09-10 13:54 38,224 a------- h:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 13:53 19,160 a------- h:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 58,880 a------- h:\windows\system32\msasn1.dll
2009-08-28 15:33 11,952 a------- h:\windows\system32\avgrsstx.dll
2009-08-26 08:00 247,326 a------- h:\windows\system32\strmdll.dll
2009-08-05 09:01 204,800 a------- h:\windows\system32\mswebdvd.dll
2009-08-04 19:44 2,189,184 a------- h:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 2,066,048 a------- h:\windows\system32\ntkrnlpa.exe

============= FINISH: 15:02:57.00 ===============




H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Explorer.EXE
H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
H:\PROGRA~1\AVG\AVG8\avgrsx.exe
H:\WINDOWS\system32\svchost.exe
H:\PROGRA~1\AVG\AVG8\avgnsx.exe
H:\PROGRA~1\AVG\AVG8\avgemc.exe
H:\Program Files\AVG\AVG8\avgcsrvx.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\WINDOWS\system32\VTTimer.exe
H:\Program Files\Browser Mouse\mouse32a.exe
H:\Program Files\BroadJump\Client Foundation\CFD.exe
H:\PROGRA~1\AVG\AVG8\avgtray.exe
H:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
H:\WINDOWS\tsnpstd3.exe
H:\WINDOWS\vsnpstd3.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
H:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
H:\Program Files\Common Files\Teleca Shared\Generic.exe
H:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.c...earch.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - H:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - H:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - H:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - H:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - H:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - H:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - H:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - H:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - H:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] H:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [BJCFD] H:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AVG8_TRAY] H:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "H:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tsnpstd3] H:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] H:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "H:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "H:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - H:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 8411 bytes

    Advertisements

Register to Remove


#2 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 01 November 2009 - 02:23 PM

Due, in part, to the large numbers of HJT logs being posted, there are four things that you need to be aware of.

1) If you have already posted this log at another forum, you need to post here that you have done so and this topic will be closed.
Multiple posting not only ties up valuable resources, but could also result is some unpleasant side-effects for your system if you follow two sets of instructions at the same time.
If, during research, an identical log is identified at another forum, this thread will be closed.

2) If you don't post a meaningful reply to any of my posts within five days, this thread will be closed. Due to limited free time I can only have so many open threads at any one time and if yours isn't active, somebody else's will be.
If, by omission, the thread hasn't be closed after five days and you post, it will just serve as a reminder to me to close it.
Please note that "I just dropped in to say Hi!" isn't a meaningful reply!

3) Malware removal is a tricky business, and malware writers don't tend to worry about the damage their creations do, so it is advisable to back-up all important files BEFORE we start. Although most cases have a successful conclusion, on occasion things don't go according to plan and it is better to be prepared for the worst.

4) Back-ups can get lost or damaged, so make two if the files are that important to you!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Take a trip to this webpage for download links and instructions for running Combofix by sUBs: http://www.bleepingc...to-use-combofix *
  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply.
  • Post a fresh HJT log as well.
  • Let me know how the PC is behaving.
* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console so, should you choose not to allow the installation, you may not get the results you hoped for.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for!
Death to the salad eaters!

#3 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 08 November 2009 - 03:07 PM

Due to inactivity this topic will be closed. If you need help please start a new thread.
Death to the salad eaters!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users