garmanma Posted August 12, 2007 Report Share Posted August 12, 2007 (edited) Since my computer took a hit, I'm using my wife's and something doesn't seem quite right. It seems slow, of course I'm used to mine. I tried to remove a legit promgram and add/remove won't work. I also can't add anything to favorites in Mozillia She's downloaded a few games off the net and my daughter pops in occasionally so something might have gotten in. Nothing shows up with AVG and AVG anti-spyware showed just the normal tracking cookies. Clean files with ATF. Here's my HJT logThanks Mark Logfile of HijackThis v1.99.1Scan saved at 3:58:59 PM, on 8/12/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\Microsoft Hardware\Mouse\point32.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SpywareGuard\sgmain.exeC:\Program Files\SpywareGuard\sgbhp.exeC:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nstmp\uninstall.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Administrator\My Documents\hjt\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtimeO4 - HKLM\..\Run: [POINTER] point32.exeO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO11 - Options group: [iNTERNATIONAL] International*O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1154038920640O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Edited August 12, 2007 by garmanma Link to post Share on other sites
jwbirdsong Posted August 12, 2007 Report Share Posted August 12, 2007 (edited) Really nothing showing in the HJT log...let's look from another angle... Download Combofix to your desktop.Doubleclick combofix.exeFollow the prompts.Don't click on the window while the fix is running, because that will cause your system to hang.When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt. Post this log in your next reply . Edited August 12, 2007 by jwbirdsong Link to post Share on other sites
garmanma Posted August 13, 2007 Author Report Share Posted August 13, 2007 Thanks jwbirdsong, maybe it's just me. Here's the combofix resultsMarkComboFix 07-08-09.3 - "Administrator" 2007-08-12 20:29:58.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.663 [GMT -4:00]((((((((((((((((((((((((( Files Created from 2007-07-13 to 2007-08-13 )))))))))))))))))))))))))))))))2007-08-12 20:28 51,200 --a------ C:\WINDOWS\nircmd.exe2007-08-09 19:38 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys2007-08-09 19:38 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS2007-07-13 22:14 16 --a------ C:\WINDOWS\popcinfot.dat2007-07-13 22:14 0 --a------ C:\WINDOWS\popcreg.dat(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))2007-07-27 22:29 73 --a------ C:\WINDOWS\popcinfo.dat2007-07-13 22:14 --------- d-------- C:\Program Files\PopCap Games2007-07-07 13:37 --------- d-------- C:\Program Files\CodeStuff2007-06-30 14:58 --------- d-------- C:\Program Files\Common Files\Real2007-06-30 14:58 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Real2007-06-19 19:56 6065 --a------ C:\WINDOWS\mozver.dat2007-06-19 19:55 --------- d-------- C:\Program Files\Common Files\xing shared2007-06-13 14:15 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\MSN62007-05-17 10:59 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat2007-05-16 11:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll2007-05-16 11:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll2007-05-16 11:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll2007-05-16 11:12 683520 --------- C:\WINDOWS\system32\inetcomm.dll2007-05-16 11:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll2007-05-16 11:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))*Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SoundMan"="SOUNDMAN.EXE" [2005-09-22 04:42 C:\WINDOWS\soundman.exe]"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-24 21:10]"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2004-11-25 00:27]"POINTER"="point32.exe" []"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-21 09:27]"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56][HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"<NO NAME>"="ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtimeC:\Documents and Settings\Administrator\Start Menu\Programs\Startup\SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]R1 AmdK8;AMD Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdK8.sysR2 BrPar;BrPar;C:\WINDOWS\system32\drivers\BrPar.sysR3 IPFilter;Microsoft IntelliPoint Features driver;C:\WINDOWS\system32\DRIVERS\IPFilter.sysS3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sysS3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5b.sysS3 GMSIPCI;GMSIPCI;\??\D:\INSTALL\GMSIPCI.SYS**************************************************************************catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2007-08-12 20:31:01Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ...scanning hidden registry entries ...scanning hidden files ...scan completed successfullyhidden files: 0**************************************************************************Completion time: 2007-08-12 20:31:46 --- E O F --- Link to post Share on other sites
garmanma Posted August 13, 2007 Author Report Share Posted August 13, 2007 If the Combofix log looks OK, I'm probably alright. Fixed the Mozilla issue by upgrading. It's probably just me not used to the way she has everything set upThanks Mark Link to post Share on other sites
jwbirdsong Posted August 13, 2007 Report Share Posted August 13, 2007 (edited) Yeah looks fine.....Judging from what you/she has on the system look like it's kept pretty clean...If you not recently done so do a full scan with AVG Anti VIRUS...Also as an experement if nothing else you may want to temporarily disable O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized at start up and see if performance increase noticeably. Some hace complained that AVG AS uses a LARGE hunk of resources. Edited August 13, 2007 by jwbirdsong emphesis on temporarily Link to post Share on other sites
garmanma Posted August 13, 2007 Author Report Share Posted August 13, 2007 Thank you very much. Sorry for being paranoid and taking up your timeMark Link to post Share on other sites
jwbirdsong Posted August 14, 2007 Report Share Posted August 14, 2007 Being careful and cautious is NOT being parinoid.Glad to help Link to post Share on other sites
jwbirdsong Posted August 14, 2007 Report Share Posted August 14, 2007 Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic. Link to post Share on other sites
Recommended Posts