Lagging BAD...Again!!!

Posted 1/13/2009 8:29 PM
#71150
User avatar

Killface Valued member

Date Joined Nov 2016
Total Posts: 12
Its been a month since Touch gave me clean-up directions. Things ran great for awhile, now for the past two weeks ive been beyond slow again. So i was hoping somebody could take another look and see what could possibly be done.


MALEWARE:



Malwarebytes' Anti-Malware 1.30
Database version: 1399
Windows 5.1.2600 Service Pack 3

1/13/2009 1:09:09 PM
mbam-log-2009-01-13 (13-09-09).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 79241
Time elapsed: 33 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


COMBOFIX:



ComboFix 09-01-12.04 - ggh 2009-01-13 13:12:37.9 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.45 [GMT -5:00]
Running from: c:\documents and settings\ggh\Desktop\FIX\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-12-13 to 2009-01-13 )))))))))))))))))))))))))))))))
.

2008-12-24 17:03 . 2008-12-24 17:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\PopCap

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-13 16:53 --------- d-----w c:\program files\Third Bullet
2009-01-13 16:52 --------- d-----w c:\program files\BugsysClub Software
2009-01-13 16:51 --------- d-----w c:\program files\BetUSPoker
2009-01-13 16:48 --------- d-----w c:\program files\PestPatrol
2009-01-12 20:13 --------- d-----w c:\documents and settings\ggh\Application Data\LimeWire
2009-01-12 18:11 --------- d-----w c:\program files\Absolute Poker Basic
2009-01-07 20:06 227 ----a-w c:\program files\Common Files\operadef6.ini
2009-01-06 16:27 --------- d-----w c:\program files\DivX
2008-12-31 02:12 --------- d-----w c:\program files\WalkerPoker
2008-12-12 12:25 --------- d-----w c:\program files\LimeWire
2008-12-08 22:38 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-03 11:02 --------- d-----w c:\program files\Alwil Software
2008-12-03 07:15 --------- d-----w c:\program files\UltimateBet
2008-12-02 20:21 --------- d-----w c:\program files\SUPERAntiSpyware
2008-12-02 20:21 --------- d-----w c:\documents and settings\ggh\Application Data\SUPERAntiSpyware.com
2008-11-30 16:53 --------- d-----w c:\program files\CarbonPoker
2008-11-29 22:48 --------- d-----w c:\program files\_uninstallation_info
2008-11-18 03:01 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-18 02:59 --------- d-----w c:\program files\NCH Software
2008-11-17 16:27 --------- d-----w c:\documents and settings\ggh\Application Data\Yahoo!
2008-11-17 16:27 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-11-17 16:13 --------- d-----w c:\program files\Yahoo!
2008-11-17 16:12 --------- d-----w c:\program files\Free Offers from Freeze.com
2008-11-15 03:41 --------- d-----w c:\program files\Common Files\AOL
2008-11-15 03:39 --------- d-----w c:\program files\MySpace
2008-11-15 02:23 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-05 17:03 20,656 ----a-w c:\documents and settings\ggh\Application Data\GDIPFONTCACHEV1.DAT
2008-08-20 06:10 6,233 ----a-w c:\program files\hijackthis.log
2008-08-18 14:18 401,720 ----a-w c:\program files\HiJackThis.exe
.

((((((((((((((((((((((((((((( snapshot_2009-01-07_15.54.39.84 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 13:00:00 28,672 ----a-w c:\windows\Nircmd.exe
+ 2000-08-31 13:00:00 29,696 ----a-w c:\windows\Nircmd.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"PestPatrol Control Center"="c:\progra~1\PESTPA~1\PPControl.exe" [2004-11-15 98304]
"PPMemCheck"="c:\progra~1\PESTPA~1\PPMemCheck.exe" [2003-04-19 148480]
"CookiePatrol"="c:\progra~1\PESTPA~1\CookiePatrol.exe" [2005-01-10 73728]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"OFFICEKB"="c:\program files\Micro Innovations\Keyboard\kbdap32a.EXE" [2008-09-30 383488]
"FLMOFFICE4DMOUSE"="c:\program files\Micro Innovations\Mouse\mouse32a.exe" [2008-09-30 356352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 c:\windows\RTHDCPL.EXE]

c:\documents and settings\ggh\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-05-27 147456]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-12 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-05-09 17:50 7311360 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-05-09 17:50 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-05-09 17:50 1519616 c:\windows\system32\nwiz.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Spadester\\spades.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\WalkerPoker\\client.exe"=
"c:\\Program Files\\CarbonPoker\\client.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26229:TCP"= 26229:TCP:me2.pokerpages.com
"9233:TCP"= 9233:TCP:javaw.exe

R3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
S2 WUSB54GPSVC;WUSB54GPSVC; [x]


--- Other Services/Drivers In Memory ---

*Deregistered* - ALG
*Deregistered* - aswUpdSv
*Deregistered* - AudioSrv
*Deregistered* - avast! Antivirus
*Deregistered* - avast! Mail Scanner
*Deregistered* - avast! Web Scanner
*Deregistered* - BITS
*Deregistered* - Browser
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - helpsvc
*Deregistered* - ImapiService
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - MDM
*Deregistered* - MSIServer
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - NVSvc
*Deregistered* - PartMgr
*Deregistered* - Pml Driver HPZ12
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - upnphost
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WUSB54GPSVC
*Deregistered* - WZCSVC
.
Contents of the 'Scheduled Tasks' folder

2009-01-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-07 c:\windows\Tasks\WebReg Deskjet D1300 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2006-02-19 04:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{10F055B8-F443-4adf-948A-EC551E9DBCE4} - c:\documents and settings\ggh\Start Menu\Programs\UltimateBet\UltimateBet.lnk
IE: {{3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - {4CF088BD-BE95-40a5-BE9B-677F8683EDEA} -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2009-01-13 13:17:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1993962763-261478967-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2009-01-13 13:21:54
ComboFix-quarantined-files.txt 2009-01-13 18:21:42
ComboFix2.txt 2009-01-07 20:55:44
ComboFix3.txt 2008-12-11 19:43:09
ComboFix4.txt 2008-12-03 06:24:53
ComboFix5.txt 2009-01-13 18:11:23

Pre-Run: 78,355,468,288 bytes free
Post-Run: 78,343,475,200 bytes free

206 --- E O F --- 2008-12-17 22:07:01


HIJACKTHIS:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:24:16 PM, on 1/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wireless-G Portable USB Adapter\WLService.exe
C:\Program Files\Wireless-G Portable USB Adapter\WUSB54GP.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\ggh\Desktop\FIX\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\ggh\Start Menu\Programs\UltimateBet\UltimateBet.lnk
O9 - Extra 'Tools' menuitem: UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\ggh\Start Menu\Programs\UltimateBet\UltimateBet.lnk
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Crazy Vegas Poker - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\crazyvegasMPP\MPPoker.exe (file missing) (HKCU)
O9 - Extra button: Walker Poker - {533caed3-32dd-436e-9e56-27e70d5190bb} - C:\Documents and Settings\ggh\Start Menu\Programs\Walker Poker\Walker Poker.lnk (HKCU)
O9 - Extra button: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\ggh\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\ggh\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk (HKCU)
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\ggh\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - https://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://fortunelounge.microgaming.com/generic/FlashAX2.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WUSB54GPSVC - GEMTEKS - C:\Program Files\Wireless-G Portable USB Adapter\WLService.exe

--
End of file - 7680 bytes


(Touch told me to remove 09 - Extra Button: Smart Shopper, but everytime i do it comes back up again during the next scan seconds later)



I also ran Avast today, no threats, but i have viruses in my Virus Chest and dont know how to get them out. Ive included them as an attachment. Any advice would be appreciated. Thanks a million!!!
Post attachments:
AvastVirusChest.bmp
Posted 1/13/2009 8:37 PM
#71151
User avatar

Killface Valued member

Date Joined Nov 2016
Total Posts: 12
Also forgot to mention that there were 6 files avast couldn't scan. 5 were unable because "Archive is password protected". But one of them was "Unable to scan: The file is a decompression bomb." Seems scary!!! Any advice?
Posted 1/14/2009 8:14 AM
#71184
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hello again Killface :cool:



Download: CCleaner
[color=#0000ff>https://www.majorgeeks.com/download4191.html[/url]
[color=#0000ff>https://www.ccleaner.com/[/url]

Once installed, run CCleaner click the Windows tab

Select the following:
Internet Explorer:
Temp Internet
History
Recently Typed URLs
Delete Index.dat files

System:
Empty Recycle Bin
Temporary Files
Memory Dumps
Chkdsk File Fragments
Old Prefetch Data


Next: click Options click the Settings tab
Uncheck: "Only delete files older than 48 hrs.", click Ok


Then click Run Cleaner (bottom right) then Exit

Reboot



Download
LopSD[/color][/b][/url] by Eric_71 and save it to your desktop.
Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
Double-click LopSD.exe



  • Choose the language by typing of the corresponding letter and press Enter

  • Click OK at the informative window

  • Type 2 to choose Option 2 (Fix + Hosts), then press Enter

  • Wait until the end of the scan

  • A report will be generated, post the contents of it in your next reply.

[/3][/color]

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 1/14/2009 5:41 PM
#71207
User avatar

Killface Valued member

Date Joined Nov 2016
Total Posts: 12
Here ya go Touch, thanks again.


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor 3200+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : ggh ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 090114-0] 4.8.1296 (Not Activated)
C:\ (Local Disk) - NTFS - Total:111 Go (Free:72 Go)
D:\ (CD or DVD)
E:\ (USB) - FAT - Total:121 Mo (Free:0 Go)
F:\ (USB)
G:\ (USB)
H:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( Wed 01/14/2009|12:34 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in APPLIC~1

[10/15/2008|03:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Adobe
[06/20/2008|02:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ AOL
[06/20/2008|02:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ AOL Downloads
[06/20/2008|02:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ AOL OCP
[08/29/2008|03:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Apple
[07/13/2008|04:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Apple Computer
[06/04/2008|01:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ AVS4YOU
[10/30/2008|12:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ HP
[08/18/2008|03:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Malwarebytes
[07/21/2008|12:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ MGS
[07/21/2008|12:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Microgaming
[01/07/2009|02:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Microsoft
[06/30/2008|10:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ NCH Software
[06/05/2008|09:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ NCH Swift Sound
[10/15/2008|08:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ NOS
[12/24/2008|05:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ PopCap
[10/02/2008|08:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Spadester
[08/18/2008|08:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ SUPERAntiSpyware.com
[12/08/2008|05:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ TEMP
[05/31/2008|12:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Windows Genuine Advantage
[06/26/2008|06:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Yahoo!
[11/17/2008|11:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Yahoo! Companion

[05/29/2008|06:18] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ Microsoft

[10/15/2008|08:45] C:\DOCUME~1\ggh\APPLIC~1\ Adobe
[06/29/2008|03:34] C:\DOCUME~1\ggh\APPLIC~1\ Apple Computer
[07/13/2008|11:54] C:\DOCUME~1\ggh\APPLIC~1\ DivX
[10/30/2008|12:05] C:\DOCUME~1\ggh\APPLIC~1\ HP
[05/29/2008|10:09] C:\DOCUME~1\ggh\APPLIC~1\ Identities
[01/14/2009|12:30] C:\DOCUME~1\ggh\APPLIC~1\ LimeWire
[06/02/2008|08:37] C:\DOCUME~1\ggh\APPLIC~1\ Macromedia
[08/18/2008|03:56] C:\DOCUME~1\ggh\APPLIC~1\ Malwarebytes
[07/27/2008|02:08] C:\DOCUME~1\ggh\APPLIC~1\ Microgaming
[11/20/2008|02:56] C:\DOCUME~1\ggh\APPLIC~1\ Microsoft
[06/04/2008|02:35] C:\DOCUME~1\ggh\APPLIC~1\ MySpace
[08/18/2008|06:53] C:\DOCUME~1\ggh\APPLIC~1\ NCH Swift Sound
[06/12/2008|10:42] C:\DOCUME~1\ggh\APPLIC~1\ Opera
[06/12/2008|11:51] C:\DOCUME~1\ggh\APPLIC~1\ Sun
[12/02/2008|03:21] C:\DOCUME~1\ggh\APPLIC~1\ SUPERAntiSpyware.com
[11/17/2008|11:27] C:\DOCUME~1\ggh\APPLIC~1\ Yahoo!

[10/08/2008|10:13] C:\DOCUME~1\LOCALS~1\APPLIC~1\ Microsoft

[05/29/2008|06:18] C:\DOCUME~1\NETWOR~1\APPLIC~1\ Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[01/13/2009 08:44 PM][--a------] C:\WINDOWS\tasks\WebReg Deskjet D1300 series.job
[01/12/2009 10:42 AM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[01/14/2009 12:29 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/12/2004 09:01 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[11/29/2008|05:48] C:\Program Files\ _uninstallation_info
[01/12/2009|01:11] C:\Program Files\ Absolute Poker Basic
[10/15/2008|03:31] C:\Program Files\ Adobe
[06/20/2008|02:37] C:\Program Files\ AIMTunes
[12/03/2008|06:02] C:\Program Files\ Alwil Software
[08/29/2008|03:32] C:\Program Files\ Apple Software Update
[06/04/2008|01:12] C:\Program Files\ AVS4YOU
[01/13/2009|11:51] C:\Program Files\ BetUSPoker
[01/13/2009|11:52] C:\Program Files\ BugsysClub Software
[11/04/2008|10:56] C:\Program Files\ Cake Poker
[11/30/2008|11:53] C:\Program Files\ CarbonPoker
[08/18/2008|07:24] C:\Program Files\ CCleaner
[01/13/2009|01:15] C:\Program Files\ Common Files
[05/29/2008|06:15] C:\Program Files\ ComPlus Applications
[05/31/2008|01:01] C:\Program Files\ CONEXANT
[01/06/2009|11:27] C:\Program Files\ DivX
[09/16/2008|04:30] C:\Program Files\ e-texaspoker client
[11/17/2008|11:12] C:\Program Files\ Free Offers from Freeze.com
[11/06/2008|05:18] C:\Program Files\ Full Tilt Poker
[09/22/2008|09:15] C:\Program Files\ Full Tilt Poker.Net
[10/30/2008|12:02] C:\Program Files\ Hewlett-Packard
[10/30/2008|12:04] C:\Program Files\ Hp
[09/22/2008|09:18] C:\Program Files\ InstallShield Installation Information
[12/12/2008|03:04] C:\Program Files\ Internet Explorer
[07/12/2008|11:26] C:\Program Files\ Java
[12/12/2008|07:25] C:\Program Files\ LimeWire
[11/14/2008|09:23] C:\Program Files\ Malwarebytes' Anti-Malware
[08/16/2008|02:02] C:\Program Files\ Messenger
[09/30/2008|10:53] C:\Program Files\ Micro Innovations
[06/02/2008|04:49] C:\Program Files\ Microsoft ActiveSync
[05/29/2008|06:18] C:\Program Files\ microsoft frontpage
[06/02/2008|04:47] C:\Program Files\ Microsoft Office
[06/02/2008|04:48] C:\Program Files\ Microsoft Visual Studio
[06/02/2008|03:56] C:\Program Files\ Movie Maker
[05/29/2008|06:14] C:\Program Files\ MSN
[05/29/2008|06:15] C:\Program Files\ MSN Gaming Zone
[11/14/2008|10:39] C:\Program Files\ MySpace
[11/17/2008|09:59] C:\Program Files\ NCH Software
[08/18/2008|06:53] C:\Program Files\ NCH Swift Sound
[06/02/2008|03:55] C:\Program Files\ NetMeeting
[10/15/2008|08:49] C:\Program Files\ NOS
[05/29/2008|06:17] C:\Program Files\ Online Services
[06/02/2008|03:55] C:\Program Files\ Outlook Express
[01/14/2009|12:32] C:\Program Files\ PestPatrol
[11/04/2008|08:55] C:\Program Files\ PokerStars
[06/29/2008|02:09] C:\Program Files\ QuickTime
[12/02/2008|03:21] C:\Program Files\ SUPERAntiSpyware
[06/20/2008|02:37] C:\Program Files\ Tencent
[01/13/2009|11:53] C:\Program Files\ Third Bullet
[12/03/2008|02:15] C:\Program Files\ UltimateBet
[05/29/2008|10:09] C:\Program Files\ Uninstall Information
[08/29/2008|03:14] C:\Program Files\ VideoLAN
[01/13/2009|05:15] C:\Program Files\ WalkerPoker
[10/08/2008|10:11] C:\Program Files\ Windows Media Connect 2
[10/08/2008|10:11] C:\Program Files\ Windows Media Player
[06/02/2008|03:55] C:\Program Files\ Windows NT
[05/29/2008|06:17] C:\Program Files\ WindowsUpdate
[06/02/2008|08:21] C:\Program Files\ Wireless-G Portable USB Adapter
[05/29/2008|06:18] C:\Program Files\ xerox
[07/01/2008|09:34] C:\Program Files\ Xvid
[11/17/2008|11:13] C:\Program Files\ Yahoo!
[07/09/2008|09:45] C:\Program Files\ Zero G Registry

--------------------\\ Listing Folders in C:\Program Files\Common Files

[10/15/2008|03:28] C:\Program Files\Common Files\ Adobe
[10/15/2008|03:30] C:\Program Files\Common Files\ Adobe AIR
[11/14/2008|10:41] C:\Program Files\Common Files\ AOL
[06/04/2008|01:11] C:\Program Files\Common Files\ AVSMedia
[06/02/2008|04:48] C:\Program Files\Common Files\ Designer
[10/30/2008|12:03] C:\Program Files\Common Files\ HP
[06/02/2008|08:21] C:\Program Files\Common Files\ InstallShield
[06/13/2008|12:48] C:\Program Files\Common Files\ Java
[06/02/2008|04:45] C:\Program Files\Common Files\ L&H
[07/17/2008|07:47] C:\Program Files\Common Files\ Microsoft Shared
[05/29/2008|06:16] C:\Program Files\Common Files\ MSSoap
[05/29/2008|09:21] C:\Program Files\Common Files\ ODBC
[06/12/2008|10:42] C:\Program Files\Common Files\ program
[05/29/2008|06:16] C:\Program Files\Common Files\ Services
[05/29/2008|09:21] C:\Program Files\Common Files\ SpeechEngines
[07/21/2008|12:29] C:\Program Files\Common Files\ SWF Studio
[06/02/2008|04:47] C:\Program Files\Common Files\ System

--------------------\\ Process

( 45 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2009-01-14 12:36:29
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:33][D:3]-> C:\DOCUME~1\ggh\LOCALS~1\Temp
[F:5][D:0]-> C:\DOCUME~1\ggh\Cookies
[F:155][D:6]-> C:\DOCUME~1\ggh\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Wed 01/14/2009|12:37 - Option : [2]

--------------------\\ Scan completed at 12:37:26
Posted 1/15/2009 4:56 PM
#71232
User avatar

Killface Valued member

Date Joined Nov 2016
Total Posts: 12
Hey Touch! Saw that youve been busy with problems on here. I'm sure i speak for all of us when i say how much your help is appreciated. Thanks a million!!!

Was worried my issues have been hidden underneath everyone elses on this list so i thought i'd move myself back to the top :P

As you can see above, my LOP log looks ok (i guess), but i am worried about the decompression bomb, and the viruses in my virus chest on Avast. Was really hoping you could give some advice on them.

Thanks again!!!
Posted 1/16/2009 3:30 AM
#71248
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
No need to worry, I haven´t forgot you :smile:



Read this about your "bomb"
https://forum.avast.com/index.php?topic=8943



What "and the viruses in my virus chest" ?



Also, let Me know how things are running now.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 1/16/2009 4:08 PM
#71277
User avatar

Killface Valued member

Date Joined Nov 2016
Total Posts: 12
You're amazing Touch!!! I dont know what it did, but after running LopSd my system is running MUCH better. I used to have to wait about a minute for anything to open, now its down to only about 10 seconds. Still not super quick, but im assuming its due to the fact i have a whole jukebox and dvd library in my memory. Im slowly working on moving everything to disc to free up some space.


Thanks for helping me overcome my fears of my decompression "bomb". Although i do find it odd that the file in question shouldnt have been zipped, and isnt truly a large file at all. Its a cache of an avatar from a poker site i play on. Wondering if a virus is hiding in it, but im just super paranoid so i'll leave it alone.



As far as the viruses in my chest ive included a screenshot i took. Ive looked on Avast forum, and did a google search, but am overwhelmed by the posibilities of what they are and what to do with them. Except for the system files (kernell32, winsock, and wsock32), which i have learned are just system backups.



Thanks again!
Post attachments:
AvastVirusChest.bmp
Posted 7/5/2018 12:10 PM
#130057
User avatar

Eianz Member

Date Joined Jul 2018
Total Posts: 1
These steps might be helpful buut i don't know how to get it working https://www.onlineprivacytips.co/security/decompression-bomb-weapon-hackers-nightmare-users/
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Wednesday, July 18, 2018, 10:37 AM (GMT +2)
There are a total of 61,631 posts in 13,570 threads.
In the last 3 days there were 0 new threads and 2 reply posts.

Who's online

This forum has 38,350 registered members. Please welcome our newest member, Mićo.
There are currently no users on-line.
We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.