|
|
#1
16th Oct 2008, 01:12
|
|||
|
|||
|
Hi,
Before you ask, yes, I have read the 'Slow computer? May not be Malware' thread. Done all of the stuff and no change. My computer has been running slower for some reason. Haven't installed new programs or anything, it just started slowing down. Logs as needed, none of the programs spotted anything: Malwarebytes: Malwarebytes' Anti-Malware 1.28 Database version: 1274 Windows 5.1.2600 Service Pack 3 16/10/2008 6:44:49 PM mbam-log-2008-10-16 (18-44-49).txt Scan type: Quick Scan Objects scanned: 59000 Time elapsed: 6 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) _________________________________________ HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:48:30 PM, on 16/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Lexmark 4300 Series\lxcemon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\lxcecoms.exe C:\Program Files\Winamp\winamp.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Last.fm\LastFM.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\CCleaner\CCleaner.exe C:\WINDOWS\system32\notepad.exe Z:\Runnable programs\Hijack This\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo7.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://dt-updates.com/activate?query...Pl6aaAwmFIs%3d R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.10\RivaTuner.exe" /S O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Lexmark Device Monitor] C:\Program Files\Lexmark 4300 Series\lxcemon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 8707 bytes _________________________________________ SuperAntiSpyware: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 10/16/2008 at 07:11 PM Application Version : 4.21.1004 Core Rules Database Version : 3599 Trace Rules Database Version: 1585 Scan type : Quick Scan Total Scan Time : 00:32:03 Memory items scanned : 524 Memory threats detected : 0 Registry items scanned : 455 Registry threats detected : 0 File items scanned : 34639 File threats detected : 0 When I check taskmanager for any processes taking up a lot, it is usually 'System Idle Process' fluctuating up to 10% max. Around 1.4GB ram free out of 2GB. Anything else you might need, just ask. It might not be virus, but want to know what is making my computer slow  .BTW: My Eset recently popped up a message saying it blocked several viruses attempting to invade. Here is something listed in the 'Log' section of Eset. 16/10/2008 6:14:24 PM HTTP filter file http://208.53.147.32/cgi-bin/fhx.pl?...way_area51.zip probably a variant of Win32/Statik application connection terminated - quarantined KEVIN\Kevin K Threat was detected upon access to web by the application: C:\Program Files\Mozilla Firefox\firefox.exe. Probably can see I was trying to download something. I wanted to try Area 51, from the link in the legally free games thread. Don't know what happened, maybe Eset made false call, but thought you might want to know.
__________________
HI :) |
|
#2
16th Oct 2008, 09:51
|
|||
|
|||
__________________
 |
|
#3
16th Oct 2008, 22:06
|
|||
|
|||
|
Okay done that. It seems to be a bit faster, but not what it was before... When I opened LSPFix, mdnsnsp.dll was already on the remove side.
BTW, there is this weird service in services.msc, at the very top the name is: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # Description: ##Id_String2.6844F930_1628_4223_B5CC_5BB94B879762# # (same thing) Path to executable: "C:\Program Files\Bonjour\mDNSResponder.exe" I remember in another thread you helped me remove the Bonjour thing, but I think it's still here. Bonjour folder isn't in program files though, I think we removed that before... EDIT: It won't let me just delete it. Pressing delete doesn't work, and the right-click menu doesn't have delete.
__________________
HI :) |
|
#4
17th Oct 2008, 07:37
|
|||
|
|||
|
Bonjour and mdnsnsp.dll is part of iTunes new bloatware. Go to Add or Remove Programs and uninstall Bonjour.
__________________
|
|
#5
17th Oct 2008, 15:17
|
|||
|
|||
|
Ok, but I don't have iTunes installed... Bonjour and iTunes are both not on my Add/Remove Programs
__________________
HI :) |
|
#6
17th Oct 2008, 19:32
|
|||
|
|||
|
Run HJT and then have it fix this entry:
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) Close HJT when done. ---------- Now, go to Start > Run, and copy/paste the following into the Open box: sc stop Bonjour Service Now click OK Again go to Start > Run and copy/paste sc delete Bonjour Service Click OK ---------- Download OTMoveIt2 by OldTimer and save it to your Desktop. Note: If you are running on Vista, right-click on OTMoveIt2.exe and choose Run As Administrator. 1. Double-click OTMoveIt2.exe to run it. 2. Copy the lines in the codebox below. Code:
[kill explorer] C:\Program Files\Bonjour EmptyTemp [start explorer] 4. Click the red Moveit! button. 5. Copy everything in the Results window (under the green bar) and paste it in your next reply. 6. Close OTMoveIt2 Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.
__________________
|
|
#7
17th Oct 2008, 21:41
|
|||
|
|||
|
Ok, I think we did that before, but I did it again anyway... Log:
Explorer killed successfully File/Folder C:\Program Files\Bonjour not found. < EmptyTemp > File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\Acr13E3.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\etilqs_ExgymsOf 5gPoIgm-journal scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\etilqs_fBIVZTsv c2jnqrO scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\etilqs_JV2Mms8Q Vr2qcrfAT9VA scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo10 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo11 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo12 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo13 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo14 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo15 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo16 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo17 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo18 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo19 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo2 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo20 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo21 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo22 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo23 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo24 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo25 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo26 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo27 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo28 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo29 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo3 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo30 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo31 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo32 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo33 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo34 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo35 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo36 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo37 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo38 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo39 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo4 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo40 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo41 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo42 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo43 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo44 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo45 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo46 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo47 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo48 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo49 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo5 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo50 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo51 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo52 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo53 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo54 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo55 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo56 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo57 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo58 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo59 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo6 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo60 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo61 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo62 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo63 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo64 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo65 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo7 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo8 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo9 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\~DF322D.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\~DF32A2.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\~DFB039.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\~DFB05E.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\~ROMFN_00000164 scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_3a4.dat scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. Explorer started successfully OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10182008_153719 Files moved on Reboot... File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\Acr13E3.tmp not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\etilqs_ExgymsOf 5gPoIgm-journal not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\etilqs_fBIVZTsv c2jnqrO not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\etilqs_JV2Mms8Q Vr2qcrfAT9VA not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo10 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo11 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo12 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo13 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo14 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo15 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo16 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo17 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo18 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo19 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo2 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo20 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo21 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo22 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo23 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo24 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo25 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo26 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo27 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo28 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo29 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo3 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo30 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo31 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo32 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo33 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo34 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo35 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo36 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo37 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo38 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo39 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo4 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo40 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo41 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo42 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo43 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo44 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo45 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo46 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo47 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo48 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo49 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo5 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo50 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo51 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo52 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo53 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo54 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo55 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo56 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo57 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo58 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo59 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo6 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo60 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo61 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo62 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo63 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo64 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo65 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo7 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo8 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\lilo9 not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\~DF322D.tmp not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\~DF32A2.tmp not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\~DFB039.tmp not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\~DFB05E.tmp not found! File C:\DOCUME~1\KEVINK~1\LOCALS~1\Temp\~ROMFN_00000164 not found! File C:\WINDOWS\temp\Perflib_Perfdata_3a4.dat not found! But the weird service is still in services.msc
__________________
HI :) |
|
#8
18th Oct 2008, 08:23
|
|||
|
|||
|
Download random's system information tool (RSIT) by random/random from and save it to your Desktop.
__________________
|
|
#9
18th Oct 2008, 15:45
|
|||
|
|||
|
Copy pasting made the message go over the character limit, so I attached instead. The logs themselves also went over the attachment limit so I had to zip them.
 So many limits. Anyway they attached now.
__________________
HI :) |
|
#10
18th Oct 2008, 16:09
|
|||
|
|||
|
Open HijackThis and select Do a system scan only.
Place a check mark next to the following entries: (if there) O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) Important: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis. ---------- Go to Start > Run > copy/paste the command below and hit OK. “%PROGRAMFILES%\Bonjour\mDNSResponder.exe” -remove---------- Download and run TurnOffBonjour.exe ---------- Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system Go to Start > Run and type notepad.exe then click OK Copy and paste the below into Notepad and save as fixme.reg to Your Desktop Code:
REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run] "Alcmtr"=- Make sure that you tell me if you receive a success message about adding the above to the registry. If you do not get a success message, it did not work. Delete the fixme.reg from the Desktop. Run CCleaner. Restart the computer. ---------- Run the Kaspersky Online Scanner In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.
When the scan is done, in the Scan is complete window, any infection is displayed. There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report: Click on: Save Report As
 Copy and paste the Kaspersky Online Scanner Report in your next reply. Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
__________________
|
