Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help Comp Slow

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Help Comp Slow

Unread postby gamerking#1 » January 27th, 2008, 2:29 pm

I never installed it It came with the comp.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:20:21 PM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Trend Micro\PC-cillin 2000\PNTIOMON.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Trend Micro\PC-cillin 2000\pccntupd.exe
C:\WINDOWS\System32\svchost.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [CleanupProgram] C:\Sonysys\cleanup.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Real-time Monitor.lnk = ?
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4911586539
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe

--
End of file - 6101 bytes


Sorry for taking so long I had alot of homework and I had to study for midterms. :-(
gamerking#1
Regular Member
 
Posts: 96
Joined: April 16th, 2007, 4:14 pm
Advertisement
Register to Remove

Re: Help Comp Slow

Unread postby Shaba » January 27th, 2008, 2:38 pm

Hi

Ok, if you open that program, when virus definitions are updated last time?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Help Comp Slow

Unread postby gamerking#1 » January 29th, 2008, 6:59 pm

doesnt say
gamerking#1
Regular Member
 
Posts: 96
Joined: April 16th, 2007, 4:14 pm

Re: Help Comp Slow

Unread postby Shaba » January 30th, 2008, 5:54 am

Hi

How old is that computer?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Help Comp Slow

Unread postby gamerking#1 » January 31st, 2008, 9:39 pm

lol atleast 5 years old. :D
gamerking#1
Regular Member
 
Posts: 96
Joined: April 16th, 2007, 4:14 pm

Re: Help Comp Slow

Unread postby Shaba » February 1st, 2008, 5:40 am

Hi

Ok, then we can assume that pc cillin is outdated.

Uninstall it via add/remove programs.

After that, install one antivirus from below and post back a fresh HijackThis log, please. Also ensure that windows own firewall is on.

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic- Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Help Comp Slow

Unread postby gamerking#1 » February 8th, 2008, 7:25 pm

srry i havent been able to do the scan yet. I have the anti virus but i cant find the time to do the scan.
nvm I did it.



AntiVir PersonalEdition Classic
Report file date: Thursday, February 07, 2008 18:13

Scanning for 1095787 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: PATRIK

Version information:
BUILD.DAT : 270 15603 Bytes 9/19/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 8/23/2007 19:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 8/16/2007 18:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 8/14/2007 21:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 8/21/2007 18:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 02:54:23
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 12/14/2007 02:54:24
ANTIVIR2.VDF : 7.0.2.49 1339904 Bytes 1/25/2008 02:54:25
ANTIVIR3.VDF : 7.0.2.107 350208 Bytes 2/7/2008 02:47:23
AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 2/6/2008 02:54:26
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2/26/2007 16:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 7/18/2007 13:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 19:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 2/6/2008 02:54:26
AVREG.DLL : 7.0.1.6 30760 Bytes 7/18/2007 13:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 8/28/2007 18:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 7/18/2007 13:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 3/8/2007 17:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 8/7/2007 18:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 8/21/2007 18:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 7/23/2007 15:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Thursday, February 07, 2008 18:13

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'tgcmd.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'VAServ.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'CloneCDTray.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'wscript.exe' - '1' Module(s) have been scanned
Scan process 'LTSMMSG.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
32 processes with 32 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '33' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071225-123919-528.dll
[DETECTION] Is the Trojan horse TR/BHO.abo.7
[INFO] The file was deleted!
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071225-123953-354.dll
[DETECTION] Is the Trojan horse TR/BHO.abo.7
[INFO] The file was deleted!
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071225-124020-262.dll
[DETECTION] Is the Trojan horse TR/BHO.abo.7
[INFO] The file was deleted!
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071225-124228-850.dll
[DETECTION] Is the Trojan horse TR/BHO.abo.7
[INFO] The file was deleted!
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071225-124554-178.dll
[DETECTION] Is the Trojan horse TR/BHO.abo.7
[INFO] The file was deleted!
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071225-124724-970.dll
[DETECTION] Is the Trojan horse TR/BHO.abo.7
[INFO] The file was deleted!
C:\QooBox\Quarantine\catchme2008-01-09_210207.39.zip
[0] Archive type: ZIP
--> ficdygvx.dat
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
--> ficdygvx.dat.1
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> ciadminm.dll
[DETECTION] Is the Trojan horse TR/BHO.abo.7
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\ciadminm.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{9064A718-8822-4594-9843-DDC9AD7DED22}\RP32\A0013439.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{9064A718-8822-4594-9843-DDC9AD7DED22}\RP35\A0014540.exe
[DETECTION] Contains detection pattern of the dropper DR/180Solutions.BJ.4
[INFO] The file was deleted!
C:\System Volume Information\_restore{9064A718-8822-4594-9843-DDC9AD7DED22}\RP54\A0015228.exe
[DETECTION] Contains detection pattern of the dropper DR/MartShop.2
[INFO] The file was deleted!
C:\System Volume Information\_restore{9064A718-8822-4594-9843-DDC9AD7DED22}\RP57\A0018292.exe
[0] Archive type: ZIP SFX (self extracting)
--> Prog extras/DFX.8.352.All.Players.Incl.Crack.Winall.rar
[1] Archive type: RAR
--> Crack DFX 8.xx for all\Keygen.exe
[DETECTION] Is the Trojan horse TR/Delf.121344
--> DFX 8.352 JRiver\Keygen.exe
[DETECTION] Is the Trojan horse TR/Delf.121344
--> DFX 8.352 Real\KeyGen.exe
[DETECTION] Is the Trojan horse TR/Small.142336.B
[INFO] The file was deleted!
C:\System Volume Information\_restore{9064A718-8822-4594-9843-DDC9AD7DED22}\RP64\A0020628.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{9064A718-8822-4594-9843-DDC9AD7DED22}\RP64\A0020631.dll
[DETECTION] Is the Trojan horse TR/BHO.abo.7
[INFO] The file was deleted!
C:\System Volume Information\_restore{9064A718-8822-4594-9843-DDC9AD7DED22}\RP64\A0020632.dll
[DETECTION] Is the Trojan horse TR/BHO.abo.7
[INFO] The file was deleted!
C:\System Volume Information\_restore{9064A718-8822-4594-9843-DDC9AD7DED22}\RP64\A0020633.dll
[DETECTION] Is the Trojan horse TR/BHO.abo.7
[INFO] The file was deleted!
C:\System Volume Information\_restore{9064A718-8822-4594-9843-DDC9AD7DED22}\RP64\A0020634.dll
[DETECTION] Is the Trojan horse TR/BHO.abo.7
[INFO] The file was deleted!
C:\System Volume Information\_restore{9064A718-8822-4594-9843-DDC9AD7DED22}\RP64\A0020635.dll
[DETECTION] Is the Trojan horse TR/BHO.abo.7
[INFO] The file was deleted!
C:\System Volume Information\_restore{9064A718-8822-4594-9843-DDC9AD7DED22}\RP64\A0020636.dll
[DETECTION] Is the Trojan horse TR/BHO.abo.7
[INFO] The file was deleted!
C:\WINDOWS\system32\ciadminm.1
[DETECTION] Is the Trojan horse TR/BHO.YR.4
[INFO] The file was deleted!
C:\WINDOWS\system32\ciadminm.2
[DETECTION] Is the Trojan horse TR/Dldr.Delf.dbo.5
[INFO] The file was deleted!
C:\WINDOWS\system32\ciadminm.3
[DETECTION] Is the Trojan horse TR/BHO.ABM.2
[INFO] The file was deleted!
C:\WINDOWS\system32\ciadminm.4
[DETECTION] Is the Trojan horse TR/BHO.abo.7
[INFO] The file was deleted!
Begin scan in 'D:\'


End of the scan: Thursday, February 07, 2008 19:17
Used time: 1:03:21 min

The scan has been done completely.

9621 Scanning directories
244367 Files were scanned
27 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
23 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
244340 Files not concerned
10243 Archives were scanned
2 Warnings
0 Notes

























Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:23:59 PM, on 2/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [CleanupProgram] C:\Sonysys\cleanup.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MonAppli] C:\DOCUME~1\VGAMEC~1\LOCALS~1\Temp\IXP013.TMP\isys32.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4911586539
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 6347 bytes
gamerking#1
Regular Member
 
Posts: 96
Joined: April 16th, 2007, 4:14 pm

Re: Help Comp Slow

Unread postby Shaba » February 9th, 2008, 5:47 am

Hi

Re-scan with kaspersky.

Post:

- a fresh HijackThis log
- kaspersky report
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Help Comp Slow

Unread postby gamerking#1 » February 19th, 2008, 8:47 pm

KASPERSKY ONLINE SCANNER REPORT
Sunday, February 17, 2008 7:20:52 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/02/2008
Kaspersky Anti-Virus database records: 572562


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics
Total number of scanned objects 78251
Number of viruses found 6
Number of infected objects 6
Number of suspicious objects 0
Duration of the scan process 01:54:23

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Vgamecoder\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Vgamecoder\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Vgamecoder\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Vgamecoder\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Vgamecoder\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Vgamecoder\Local Settings\History\History.IE5\MSHist012008021720080218\index.dat Object is locked skipped

C:\Documents and Settings\Vgamecoder\Local Settings\Temp\~DFA0D9.tmp Object is locked skipped

C:\Documents and Settings\Vgamecoder\Local Settings\Temp\~DFA130.tmp Object is locked skipped

C:\Documents and Settings\Vgamecoder\Local Settings\Temp\~DFE0D6.tmp Object is locked skipped

C:\Documents and Settings\Vgamecoder\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Vgamecoder\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Vgamecoder\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Vgamecoder\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Veoh Networks\Veoh\client.log Object is locked skipped

C:\Program Files\Veoh Networks\Veoh\upload.log Object is locked skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\ficdygvx.dat.vir Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{9064A718-8822-4594-9843-DDC9AD7DED22}\RP35\A0014534.dll Infected: not-a-virus:AdWare.Win32.HotBar.ch skipped

C:\System Volume Information\_restore{9064A718-8822-4594-9843-DDC9AD7DED22}\RP35\A0014538.dll Infected: not-a-virus:AdWare.Win32.180Solutions.bo skipped

C:\System Volume Information\_restore{9064A718-8822-4594-9843-DDC9AD7DED22}\RP35\A0014539.exe Infected: not-a-virus:AdWare.Win32.180Solutions.bp skipped

C:\System Volume Information\_restore{9064A718-8822-4594-9843-DDC9AD7DED22}\RP36\A0014558.dll Infected: not-a-virus:AdWare.Win32.180Solutions.bq skipped

C:\System Volume Information\_restore{9064A718-8822-4594-9843-DDC9AD7DED22}\RP36\A0014561.dll Infected: not-a-virus:AdWare.Win32.180Solutions.bl skipped

C:\System Volume Information\_restore{9064A718-8822-4594-9843-DDC9AD7DED22}\RP54\A0015229.dll Infected: not-a-virus:AdWare.Win32.Shopper.q skipped

C:\System Volume Information\_restore{9064A718-8822-4594-9843-DDC9AD7DED22}\RP70\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\S96688BC1.tmp Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{324CCDF3-5FD9-43B4-9312-D9DDA6141B60}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\4444a31c7615d5cebb46b\1394bus.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\61883.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\6to4svc.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\ac97ali.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\ac97via.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\acgenral.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\aclayers.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\aclua.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\acpi.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\acspecfc.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\activ.htm Object is locked skipped

D:\4444a31c7615d5cebb46b\activsvc.htm Object is locked skipped

D:\4444a31c7615d5cebb46b\actlan.htm Object is locked skipped

D:\4444a31c7615d5cebb46b\actshell.htm Object is locked skipped

D:\4444a31c7615d5cebb46b\acverfyr.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\acxtrnal.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\adeskerr.htm Object is locked skipped

D:\4444a31c7615d5cebb46b\admin.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\admin.exe Object is locked skipped

D:\4444a31c7615d5cebb46b\admjoy.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\adsldp.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\adsldpc.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\adsmsext.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\adsnt.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\advapi32.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\advpack.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\aec.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\afd.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\ahui.exe Object is locked skipped

D:\4444a31c7615d5cebb46b\alg.exe Object is locked skipped

D:\4444a31c7615d5cebb46b\amdk6.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\amdk7.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\an983.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\apphelp.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\apphelp.sdb Object is locked skipped

D:\4444a31c7615d5cebb46b\apps.chm Object is locked skipped

D:\4444a31c7615d5cebb46b\appwiz.cpl Object is locked skipped

D:\4444a31c7615d5cebb46b\arial.ttf Object is locked skipped

D:\4444a31c7615d5cebb46b\arp1394.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\asctrls.ocx Object is locked skipped

D:\4444a31c7615d5cebb46b\asferror.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\asfsipc.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\at.exe Object is locked skipped

D:\4444a31c7615d5cebb46b\atapi.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\ati2dvaa.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\ati2dvag.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\ati2mtaa.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\ati2mtag.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\ati3d1ag.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\ati3d2ag.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\atinbtxx.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\atinmdxx.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\atinpdxx.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\atinraxx.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\atinrvxx.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\atinsnxx.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\atinttxx.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\atintuxx.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\atinxbxx.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\atinxsxx.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\atiradn1.inf Object is locked skipped

D:\4444a31c7615d5cebb46b\ativdaxx.ax Object is locked skipped

D:\4444a31c7615d5cebb46b\ativmvxx.ax Object is locked skipped

D:\4444a31c7615d5cebb46b\atl.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\atmlane.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\audiosrv.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\author.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\author.exe Object is locked skipped

D:\4444a31c7615d5cebb46b\autochk.exe Object is locked skipped

D:\4444a31c7615d5cebb46b\autolfn.exe Object is locked skipped

D:\4444a31c7615d5cebb46b\auupdate.exe Object is locked skipped

D:\4444a31c7615d5cebb46b\avc.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\avifil32.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\basesrv.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\batt.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\bridge.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\browselc.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\browser.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\browseui.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\browsewm.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\cabinet.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\callcont.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\catsrvut.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\ccdecode.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\cdfs.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\cdm.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\cdrom.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\certcli.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\cewmdm.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\cfgbkend.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\cfgwiz.exe Object is locked skipped

D:\4444a31c7615d5cebb46b\cimwin32.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\ciodm.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\classpnp.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\clipbrd.exe Object is locked skipped

D:\4444a31c7615d5cebb46b\clusapi.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\cmbatt.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\cmdial32.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\cmdl32.exe Object is locked skipped

D:\4444a31c7615d5cebb46b\comadmin.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\comctl32.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\comdlg32.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\compatui.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\comsvcs.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\conf.exe Object is locked skipped

D:\4444a31c7615d5cebb46b\conime.exe Object is locked skipped

D:\4444a31c7615d5cebb46b\copymar.exe Object is locked skipped

D:\4444a31c7615d5cebb46b\courtney.acs Object is locked skipped

D:\4444a31c7615d5cebb46b\credui.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\crusoe.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\crypt32.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\cryptdlg.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\cryptsvc.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\cryptui.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\cscui.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\csrsrv.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\ctfmon.exe Object is locked skipped

D:\4444a31c7615d5cebb46b\custdial.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\d3d8.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\danim.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\dbghelp.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\dbmsadsn.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\dbmsrpcn.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\dbmsvinn.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\dbnetlib.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\dbnmpntw.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\dcache.bin Object is locked skipped

D:\4444a31c7615d5cebb46b\dcap32.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\ddraw.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\defrag.exe Object is locked skipped

D:\4444a31c7615d5cebb46b\desk.cpl Object is locked skipped

D:\4444a31c7615d5cebb46b\devmgr.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\dfrgfat.exe Object is locked skipped

D:\4444a31c7615d5cebb46b\dfrgntfs.exe Object is locked skipped

D:\4444a31c7615d5cebb46b\dfrgsnap.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\dfrgui.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\dfsshlex.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\dgnet.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\dhcpcsvc.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\dhtmled.ocx Object is locked skipped

D:\4444a31c7615d5cebb46b\digest.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\dinput.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\dinput8.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\disk.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\diskdump.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\dlimport.exe Object is locked skipped

D:\4444a31c7615d5cebb46b\dmband.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\dmcompos.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\dmime.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\dmloader.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\dmscript.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\dmstyle.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\dmusic.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\dnsapi.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\docprop2.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\download\explorer.exe._p0 Object is locked skipped

D:\4444a31c7615d5cebb46b\dpnet.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\dpnhpast.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\dpnhupnp.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\dpvoice.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\dpvsetup.exe Object is locked skipped

D:\4444a31c7615d5cebb46b\dpwsockx.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\drmclien.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\drmk.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\drmkaud.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\drmstor.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\drmv2clt.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\drvmain.sdb Object is locked skipped

D:\4444a31c7615d5cebb46b\ds32gt.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\dshowext.ax Object is locked skipped

D:\4444a31c7615d5cebb46b\dsprop.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\dsquery.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\dssenh.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\dumprep.exe Object is locked skipped

D:\4444a31c7615d5cebb46b\duser.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\dw.exe Object is locked skipped

D:\4444a31c7615d5cebb46b\dwwin.exe Object is locked skipped

D:\4444a31c7615d5cebb46b\dxdiag.exe Object is locked skipped

D:\4444a31c7615d5cebb46b\dxg.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\dxmasf.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\dxmrtp.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\dxtmsft.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\dxtrans.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\earl.acs Object is locked skipped

D:\4444a31c7615d5cebb46b\els.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\ersvc.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\es.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\esscli.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\essm2e.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\eudcedit.exe Object is locked skipped

D:\4444a31c7615d5cebb46b\eventlog.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\evntrprv.dll Object is locked skipped

D:\4444a31c7615d5cebb46b\ic\battery.inf Object is locked skipped

D:\4444a31c7615d5cebb46b\ic\cdrom.inf Object is locked skipped

D:\4444a31c7615d5cebb46b\ic\iis.inf Object is locked skipped

D:\4444a31c7615d5cebb46b\lang\pintlgl.imd Object is locked skipped

D:\4444a31c7615d5cebb46b\licwmi.mfl Object is locked skipped

D:\4444a31c7615d5cebb46b\lvback.gif Object is locked skipped

D:\4444a31c7615d5cebb46b\msdtctr.mof Object is locked skipped

D:\4444a31c7615d5cebb46b\newalert.wav Object is locked skipped

D:\4444a31c7615d5cebb46b\newemail.wav Object is locked skipped

D:\4444a31c7615d5cebb46b\online.wav Object is locked skipped

D:\4444a31c7615d5cebb46b\secdrv.sys Object is locked skipped

D:\4444a31c7615d5cebb46b\type.wav Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\ic\acpi.inf._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\ic\au.inf._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\ic\bda.inf._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\ic\cpu.inf._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\ic\disk.inf._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\ic\dpcdll.dll._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\ic\dpup.inf._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\ic\drvindex.inf._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\ic\hiddigi.inf._p0 Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\ic\hidserv.inf._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\ic\ie.inf._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\ic\ieaccess.inf._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\ic\ims.inf._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\ic\input.inf._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\ic\intl.inf._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\ic\keyboard.inf._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\ic\kscaptur.inf._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\ic\layout.inf._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\ic\miscp.chm._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\ic\mshdc.inf._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\ic\msoe50.inf._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\ic\netip6.inf._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\ic\netoc.inf._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\ic\netrass.inf._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\ic\nt5inf.cat._p0 Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\ic\ntprint.inf._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\ic\pchealth.inf._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\ic\pidgen.dll._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\ic\pnpscsi.inf._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\ic\scsi.inf._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\ic\swflash.inf._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\ic\sysoc.inf._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\ic\syssetup.inf._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\ic\tape.inf._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\ic\tsoc.inf._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\ic\usbport.inf._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\ic\whatnewp.chm._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\chajei.ime._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\chtmbx.dll._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\chtskdic.dll._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\chtskf.dll._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\cintime.dll._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\cintlgnt.ime._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\cintsetp.exe._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\cplexe.exe._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\dayi.ime._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\imekr61.ime._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\imekrcic.dll._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\imjp81.ime._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\imjp81k.dll._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\imjpcd.dic._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\imjpcic.dll._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\imjpcus.dll._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\imjpdct.dll._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\imjpdct.exe._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\imjpdsvr.exe._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\imjpinst.exe._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\imjpinst.ini._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\imjpmig.exe._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\imjprw.exe._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\imjputy.exe._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\imjputyc.dll._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\imlang.dll._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\imscinst.exe._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\miniime.tpl._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\padrs404.dll._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\padrs804.dll._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\phon.ime._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\pintlcsa.dll._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\pintlcsd.dic._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\pintlcsd.dll._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\pintlcsk.dic._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\pintlgc.imd._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\pintlgd.imd._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\pintlgdx.imd._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\pintlgi.imd._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\pintlgix.imd._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\pintlgne.chm._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\pintlgnt.chm._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\pintlgnt.ime._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\pintlgr.imd._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\pintlgs.imd._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\pintlphr.exe._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\pmigrate.dll._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\quick.ime._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\romanime.ime._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\tintlgnt.ime._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\tintlphr.exe._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\tintsetp.exe._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\tmigrate.dll._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\unicdime.ime._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\uniime.dll._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\voicepad.dll._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\voicesub.dll._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\winar30.ime._p Object is locked skipped

D:\585fbf9ed53b40f16a857554ab157141\download\lang\winime.ime._p Object is locked skipped

D:\c14b83931382d45f0b66\sp2\spmsg.dll Object is locked skipped

D:\c14b83931382d45f0b66\sp2\spuninst.exe Object is locked skipped

D:\c14b83931382d45f0b66\sp2\update\eula.txt Object is locked skipped

D:\c14b83931382d45f0b66\sp2\update\spcustom.dll Object is locked skipped

D:\c14b83931382d45f0b66\sp2\update\update.exe Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

D:\System Volume Information\_restore{9064A718-8822-4594-9843-DDC9AD7DED22}\RP70\change.log Object is locked skipped

Scan process completed.











Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:40:01 PM, on 2/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [CleanupProgram] C:\Sonysys\cleanup.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MonAppli] C:\DOCUME~1\VGAMEC~1\LOCALS~1\Temp\IXP013.TMP\isys32.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4911586539
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 6264 bytes













Sorry it took so long to reply but my internet wasnt working.
gamerking#1
Regular Member
 
Posts: 96
Joined: April 16th, 2007, 4:14 pm

Re: Help Comp Slow

Unread postby Shaba » February 20th, 2008, 5:18 am

Hi

Logs look good.

All viruses are in system restore and inactive.

I give you later instructions how to empty it.

Other than that, any problems left?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Help Comp Slow

Unread postby gamerking#1 » February 21st, 2008, 6:38 pm

no my computer seems fine. Its not slow anymore or anything.
gamerking#1
Regular Member
 
Posts: 96
Joined: April 16th, 2007, 4:14 pm

Re: Help Comp Slow

Unread postby Shaba » February 22nd, 2008, 5:02 am

Hi

Then you're clean!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

You can fix this, it's a leftover:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) Comodo
2) Online Armor
3) Sunbelt/Kerio
4) Agnitum
5) ZoneAlarm (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 4 and save it to your desktop.
  • Scroll down to where it saysThe J2SE Runtime Environment (JRE) allows end-users to run Java applications.
  • Click the Download button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u4-windows-i586-p.exe to install the newest version.

Update Adobe Reader
It looks like your version of Adobe Reader is out of date and you're vulnerable for infections.
Please download the newest version here:
http://www.adobe.com/products/acrobat/r ... =1&dlm=nos

Install it, then go to Add/Remove Programs and remove any older versions that may remain.

Next we remove all used tools.

Please download OTMoveIt2 and save it to desktop.
  • Double-click OTMoveIt2.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTMoveIt2 attempting to contact the internet, please allow it to do so.

  • Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and re-enable system restore here:

    Windows XP System Restore Guide

Re-enable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.

    This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:

    Instructions for Spybot S & D

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Comodo BOCLEAN <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
  • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
    Using Winpatrol to protect your computer from malicious software

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean! :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Help Comp Slow

Unread postby Shaba » February 28th, 2008, 9:18 am

Glad we could be of assistance.

This topic is now closed. If you wish it
reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.


You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 47 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware