| arnie70 |
| (regular) |
| Fri Sep 05 2008 08:10 PM |
Slow laptop - lop3 trojan??
|
Been trying to sort out a mates laptop which was running very sloowwwww. Removed a lot of junk, then did a AVG scan and it reported a Lop.3 trojan? Running better now but still seems bit sluggish.
Please check hijackthis log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:04, on 2008-09-05
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pcservicecall.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
--
End of file - 8680 bytes
| bricat |
| (HijackThis Helper) |
| Fri Sep 05 2008 10:15 PM |
|
Re: Slow laptop - lop3 trojan??
|
Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you don't know how to disable some of your security programs have a look :- HERE
--------------------------------------------------------------------
Double click on ComboFix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the C:\ComboFix.txt along with a new HijackThis log for further review.
| arnie70 |
| (regular) |
| Sat Sep 06 2008 09:55 AM |
|
Re: Slow laptop - lop3 trojan??
|
Downloaded combofix, disabled AVG but when running Combofix it has frozen on stage 9 (tried it twice)
| bricat |
| (HijackThis Helper) |
| Sat Sep 06 2008 10:26 AM |
|
|
|
Re: Slow laptop - lop3 trojan??
|
run this then try combofix again :-
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
| arnie70 |
| (regular) |
| Sat Sep 06 2008 10:41 AM |
|
Re: Slow laptop - lop3 trojan??
|
Managed to get Combofix to finish before saw your reply, Combofix & Hijackthis logs below.
ComboFix 08-09-05.02 - MICHAEL 2008-09-06 10:18:26.4 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\MICHAEL\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\SARAH\Application Data\SpyGuardPro
C:\Documents and Settings\SARAH\Application Data\SpyGuardPro\Logs\threats.log
C:\Documents and Settings\SARAH\Application Data\SpyGuardPro\Logs\update.log
C:\Documents and Settings\SARAH\Cookies\sarah@peach.bskyb[2].txt
C:\Documents and Settings\SARAH\ResErrors.log
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL
C:\Program Files\SpyGuardPro
C:\Program Files\SpyGuardPro\history.db
C:\SpyGuardPro
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\bkR11
C:\Temp\tpBe12
C:\Temp\tpBe12\etFr.log
C:\WINDOWS\system32\_000011_.tmp.dll
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\ineWc01
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pac.txt
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6TO4
-------\Legacy_DHLP
-------\Service_6to4
((((((((((((((((((((((((( Files Created from 2008-08-06 to 2008-09-06 )))))))))))))))))))))))))))))))
.
2008-09-06 10:17 . 2008-09-06 10:17 <DIR> d-------- C:\327882R2FWJFW
2008-09-05 19:42 . 2008-09-05 19:42 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-05 19:42 . 2008-09-05 19:42 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-05 19:42 . 2008-09-05 19:42 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-05 19:42 . 2008-09-05 19:42 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-05 19:35 . 2008-09-05 19:42 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-05 19:23 . 2008-09-05 19:23 <DIR> d-------- C:\WINDOWS\EHome
2008-09-05 18:36 . 2008-09-05 18:36 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-05 18:21 . 2008-04-14 01:12 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-09-05 18:19 . 2008-04-14 01:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-09-05 18:18 . 2008-04-14 01:12 155,136 --------- C:\WINDOWS\system32\mssha.dll
2008-09-05 18:18 . 2008-04-13 19:14 76,800 --------- C:\WINDOWS\system32\msshavmsg.dll
2008-09-05 18:17 . 2008-04-14 01:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-09-05 18:17 . 2008-04-14 01:11 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-05 18:17 . 2008-04-14 01:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-05 18:17 . 2008-04-14 01:12 33,792 --------- C:\WINDOWS\system32\mmcperf.exe
2008-09-05 18:16 . 2008-04-14 01:11 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll
2008-09-05 18:15 . 2008-04-14 01:11 61,440 --------- C:\WINDOWS\system32\kmsvc.dll
2008-09-05 18:15 . 2008-04-14 01:09 6,144 --------- C:\WINDOWS\system32\kbdpash.dll
2008-09-05 18:15 . 2008-04-14 01:09 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll
2008-09-05 18:15 . 2008-04-14 01:09 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll
2008-09-05 18:15 . 2008-04-14 01:09 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll
2008-09-05 18:14 . 2007-09-17 09:48 1,261 --------- C:\WINDOWS\system32\pid.inf
2008-09-05 18:12 . 2008-04-14 01:11 650,752 --------- C:\WINDOWS\system32\dot3ui.dll
2008-09-05 18:11 . 2008-04-14 01:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-09-05 18:10 . 2008-04-14 01:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-09-05 18:10 . 2008-04-14 01:11 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2008-09-05 18:10 . 2008-04-14 01:11 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2008-09-05 18:10 . 2008-04-14 01:11 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2008-09-05 18:10 . 2008-04-14 01:11 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2008-09-05 18:10 . 2008-04-14 01:11 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2008-09-05 18:10 . 2008-04-14 01:11 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2008-09-05 18:10 . 2008-04-14 01:11 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2008-09-05 17:24 . 2008-09-05 17:24 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-05 17:24 . 2008-09-05 17:24 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-09-05 17:24 . 2008-09-05 17:24 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-05 17:23 . 2008-09-05 17:26 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-05 17:23 . 2008-09-05 17:23 <DIR> d-------- C:\Program Files\AVG
2008-09-05 17:23 . 2008-09-05 17:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-05 16:55 . 2008-09-05 16:55 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-09-05 16:55 . 2008-09-05 16:55 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-09-05 16:55 . 2008-09-05 16:55 <DIR> d-------- C:\Program Files\MSBuild
2008-09-05 16:52 . 2008-09-05 16:54 <DIR> d-------- C:\549aecc01348795a04cffb25a0
2008-09-05 16:52 . 2008-07-06 13:06 1,676,288 --------- C:\WINDOWS\system32\xpssvcs.dll
2008-09-05 16:52 . 2008-07-06 13:06 1,676,288 -----c--- C:\WINDOWS\system32\dllcache\xpssvcs.dll
2008-09-05 16:52 . 2008-07-06 11:50 597,504 -----c--- C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2008-09-05 16:52 . 2008-07-06 13:06 575,488 --------- C:\WINDOWS\system32\xpsshhdr.dll
2008-09-05 16:52 . 2008-07-06 13:06 575,488 -----c--- C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2008-09-05 16:52 . 2008-07-06 13:06 117,760 --------- C:\WINDOWS\system32\prntvpt.dll
2008-09-05 16:52 . 2008-07-06 13:06 89,088 -----c--- C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2008-09-05 16:44 . 2008-09-05 16:44 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-09-05 15:13 . 2008-09-05 15:13 <DIR> d-------- C:\Program Files\CCleaner
2008-09-05 13:48 . 2008-09-05 20:00 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-05 13:48 . 2008-09-05 19:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-05 10:54 . 2008-09-05 10:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-05 10:12 . 2005-01-08 18:21 <DIR> d-------- C:\Documents and Settings\Administrator.STEPHENSON\WINDOWS
2008-09-05 10:12 . 2005-12-05 16:00 <DIR> d-------- C:\Documents and Settings\Administrator.STEPHENSON\Application Data\SampleView
2008-09-05 10:12 . 2005-01-08 12:25 <DIR> d-------- C:\Documents and Settings\Administrator.STEPHENSON\Application Data\Intel
2008-09-05 10:12 . 2006-06-06 11:33 <DIR> d-------- C:\Documents and Settings\Administrator.STEPHENSON\Application Data\CyberLink
2008-09-05 10:12 . 2008-09-05 17:24 <DIR> d-------- C:\Documents and Settings\Administrator.STEPHENSON
2008-09-04 19:10 . 2005-01-08 18:21 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-09-04 19:10 . 2008-09-04 19:10 <DIR> d-------- C:\Documents and Settings\Administrator
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-05 14:10 --------- d-----w C:\Program Files\Common Files\eAcceleration
2008-09-05 14:09 --------- d-----w C:\Program Files\Acceleration Software
2008-09-04 15:10 --------- d-----w C:\Documents and Settings\SARAH\Application Data\uTorrent
2008-08-11 11:17 --------- d-----w C:\Program Files\lx_cats
2006-12-24 02:40 0 ----a-w C:\Documents and Settings\MICHAEL\Application Data\wklnhst.dat
2006-10-07 16:41 0 ----a-w C:\Documents and Settings\SARAH\Application Data\wklnhst.dat
2003-08-27 22:19 36,963 ----a-r C:\Program Files\Common Files\SM1updtr.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-12-23 36864]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-23 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [2003-08-27 94208]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-29 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-29 126976]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-06-29 102490]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-29 708698]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-05-31 401408]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-06-03 385024]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-05-31 356352]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-08 496752]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-10-13 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-13 98304]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 78960]
"lxcymon.exe"="C:\Program Files\Lexmark 3400 Series\lxcymon.exe" [2006-03-06 286720]
"EzPrint"="C:\Program Files\Lexmark 3400 Series\ezprint.exe" [2006-02-07 98304]
"LXCYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-02-24 65536]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [2007-01-12 323216]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 284184]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 746520]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 244512]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-05 1235736]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 1:44:06 PM 29696]
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [10/13/2006 5:12:29 AM 156784]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [12/23/2007 7:57:36 PM 196608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2005-05-31 23:46 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-05 97928]
R1 mchInjDrv;madCodeHook DLL injection driver;C:\WINDOWS\system32\Drivers\mchInjDrv.sys [2008-02-01 2560]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-05 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-05 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-05 76040]
R3 lxcy_device;lxcy_device;C:\WINDOWS\system32\lxcycoms.exe [2006-02-20 495616]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4dbfd475-f573-11da-b289-806d6172696f}]
\Shell\AutoRun\command - D:\OEMBranding.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2044a21-6549-11da-a5a1-806d6172696f}]
\Shell\AutoRun\command - E:\Launch.exe
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Power2GoExpress - (no file)
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.pcservicecall.co.uk
O9 -: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-06 10:30:13
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\notepad.exe
.
**************************************************************************
.
Completion time: 2008-09-06 10:35:41 - machine was rebooted [MICHAEL]
ComboFix-quarantined-files.txt 2008-09-06 09:35:33
Pre-Run: 22,385,184,768 bytes free
Post-Run: 22,134,099,968 bytes free
215 --- E O F --- 2008-09-05 18:48:53
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:17, on 06/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pcservicecall.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
--
End of file - 8459 bytes
| bricat |
| (HijackThis Helper) |
| Sat Sep 06 2008 12:30 PM |
|
|
|
Re: Slow laptop - lop3 trojan??
|
that looks clean now, just some tidying up to do.
combofix cleanup.
Time for some housekeeping
- Click START then RUN
- Now type Combofix /u in the runbox and click OK
[list] 
The above procedure will:
- Delete the following:[list]
- ComboFix and its associated files and folders.
- VundoFix backups, if present
- The C:\Deckard folder, if present
- The C:_OtMoveIt folder, if present
Then :-
Download and scan with CCleaner
- CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build. - Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
Then select "Cookies"
Move any cookies you wish to retain, e.g. login cookies, in the left-hand window to the right-hand window by highlighting them and clicking the right arrow in the centre. - Then select the items you wish to clean up.
In the Windows Tab:
• Clean all entries in the "Internet Explorer" section.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.
In the Applications Tab:
• Clean all entries in the Mozilla Firefox Section.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose. - Click the "Run Cleaner" button.
- A pop up box will appear advising this process will permanently delete files from your system.
- Click "OK" and it will scan and clean your system.
- Click "exit" when done.
then DEFRAG your C:\ drive.
to help speed up your system.
then let us know how the computer is running.
HOW DID I GET INFECTED
| arnie70 |
| (regular) |
| Sat Sep 06 2008 05:55 PM |
|
Re: Slow laptop - lop3 trojan??
|
Done, running much smoother now, thanks for your help!
| bricat |
| (HijackThis Helper) |
| Sat Sep 06 2008 06:23 PM |
|
|
|
Re: Slow laptop - lop3 trojan??
|
happy to help.
