Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

computer running slow

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

computer running slow

Unread postby paddy79 » February 13th, 2011, 4:10 pm

My computer is running slow and there seems to be a virus detected by microsoft security essentials which then cleans the virus




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:01:20, on 13/02/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18542)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskmgr.exe
C:\Users\Carl\Desktop\HijackThis.exe
C:\Windows\system32\taskeng.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MRT] "C:\Windows\system32\MRT.exe" /R
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [Developer Operations Network] C:\Users\Carl\AppData\Roaming\devon.exe
O4 - HKCU\..\Run: [1Class1] C:\Users\Carl\AppData\Roaming\igaul.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 4527 bytes







Abdio Free ASF Player (Free)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
AoA Audio Extractor 1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
Betfair Rapid
Bonjour
Compatibility Pack for the 2007 Office system
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
FLV Player 2.0 (build 25)
Foxit Reader
Free CD to MP3 Converter
Free YouTube to Mp3 Converter version 3.2
GoldWave v5.25
Google Chrome
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IrfanView (remove only)
iTunes
K-Lite Codec Pack 3.2.5 Standard
Launch
LG Internet Kit
LG USB Modem Drivers
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Security Essentials
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Works
mIRC
Mozilla Firefox (3.6.13)
MP4 Player
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Native Instruments Service Center
Native Instruments Service Center
OGA Notifier 2.0.0048.0
Ogg Codecs 0.81.15562
Orbit Downloader
PhotoScape
Power2Go
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Semagic (remove only)
SiS VGA Utilities
Spare Messaging
SpeedFan (remove only)
Switch Sound File Converter
Synaptics Pointing Device Driver
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.762
VLC media player 1.0.5
Windows Media Player Firefox Plugin
Windows Movie Maker 2.6
WinRAR archiver
XChat 2 (remove only)
paddy79
Regular Member
 
Posts: 16
Joined: February 13th, 2011, 3:54 pm
Advertisement
Register to Remove

Re: computer running slow

Unread postby Airscape » February 16th, 2011, 4:38 pm

Hello and welcome to the forum.
My name is Airscape and I'll be helping you with your malware issues.
The logs can take a while to research. Please be patient with me.

Take note of the following before we begin.
  • Post to this thread only and please stick to it until I say your pc is clean.
  • The instructions I give are for This computer only and should not be used on any other pc.
  • Do NOT run any tools/scans unless I instruct you to.
  • Try not to install/uninstall any programs while we work. This will add extra time researching your logs.
  • If you have found assistance elsewhere and no longer require our help, please say so, and this topic will be closed.
  • If you have any problems, please stop and ask before proceeding with any fixes.
  • ALL USERS OF THIS FORUM MUST READ THIS FIRST

Note: As I'm still in training, everything I post must be checked by a teacher first. So there may be a slight delay in between posts.

Important:
Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

In light of this it would be wise for you to back up any important files and folders that you don't want to lose before we start.

Thanks for your patience.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: computer running slow

Unread postby paddy79 » February 16th, 2011, 7:08 pm

Thanks i have backed up the files i need
paddy79
Regular Member
 
Posts: 16
Joined: February 13th, 2011, 3:54 pm

Re: computer running slow

Unread postby Airscape » February 17th, 2011, 3:00 pm

C:\Users\Carl\Desktop\HijackThis.exe

HijackThis will make backups of the items it fixes into the folder it's in.
Please right-click the desktop and choose to make a new folder then move HijackThis.exe into it.

Please then download This Tool and save it to your desktop.
Right-click MGADiag.exe and select Run as Admin to run it.
Click Continue. The program will run, please be patient.
Click Resolve Now (if available) and follow the prompts.
Once done, click on Copy then Paste the contents in your next reply.
---------------------------------------------------------------
Analyze file(s).
Please visit Virustotal.
Click on browse > copy the lines below (one by one) and paste on the file name box > Click Open:

C:\Users\Carl\AppData\Roaming\igaul.exe
C:\Users\Carl\AppData\Roaming\devon.exe


  • Press Send File - this will submit the file for testing.
  • Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
Example of each web address :
Image
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: computer running slow

Unread postby paddy79 » February 19th, 2011, 7:49 am

I was able to get the diagnostic report but didn't have success with the files on virus total. When I tried to open them, virustotal gave me the following messages respectively.

igaul.exe
file not found.
Check the file name and try again.


devon
You don't have permission to open this file.
Contact the file owner or an administrator to obtain permission.





Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-Y6GC8-BJMRH-9TYH4
Windows Product Key Hash: IYGv4sVxlmKfSj2rII7O0awW+Ag=
Windows Product ID: 89572-OEM-7332166-00117
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6001.2.00010300.1.0.002
ID: {208C66ED-0D2A-4CFE-9AEC-D9165313398A}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Basic
Architecture: 0x00000000
Build lab: 6001.vistasp1_gdr.101014-0432
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6002.16398

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Home and Student 2007 - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{208C66ED-0D2A-4CFE-9AEC-D9165313398A}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6001.2.00010300.1.0.002</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-9TYH4</PKey><PID>89572-OEM-7332166-00117</PID><PIDType>2</PIDType><SID>S-1-5-21-124230192-1773570001-2454789739</SID><SYSTEM><Manufacturer>DIXONSXP </Manufacturer><Model>DIXONSXP </Model></SYSTEM><BIOS><Manufacturer>OEM</Manufacturer><Version>1.13</Version><SMBIOSVersion major="2" minor="5"/><Date>20080704000000.000000+000</Date></BIOS><HWID>EB303507018400EA</HWID><UserLCID>1809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DSGLTD</OEMID><OEMTableID>DSGVISTA</OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>B975B02417870A</Val><Hash>o0BGYvDQLLKZlNUKBy8f/jlmhG4=</Hash><Pid>81602-901-7899664-68834</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6001.18000
Name: Windows(TM) Vista, HomeBasic edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: 199086aa-6cb8-4e5b-b698-f2be56f1e8ee
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89572-00146-321-600117-02-2057-6001.0000-0092009
Installation ID: 016093618126833736325122515625809190796485840152062930
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: 9TYH4
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: NAAAAAEABAABAAEAAQABAAAAAgABAAEAnJ/cH7gBHHeMpr7BAKIqjPDp8vR0JqiprFYqhQ==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC PTLTD APIC
FACP SiS 671MX
MCFG PTLTD MCFG
SLIC DSGLTD DSGVISTA
SLIC DSGLTD DSGVISTA
SSDT PmRef Cpu0Tst
SSDT PmRef Cpu0Tst
SSDT PmRef Cpu0Tst
SSDT PmRef Cpu0Tst
SSDT PmRef Cpu0Tst
SSDT PmRef Cpu0Tst
SSDT PmRef Cpu0Tst
SSDT PmRef Cpu0Tst
SSDT PmRef Cpu0Tst
paddy79
Regular Member
 
Posts: 16
Joined: February 13th, 2011, 3:54 pm

Re: computer running slow

Unread postby Airscape » February 19th, 2011, 1:53 pm

Hello,

Ok, run the following scans. Let me know if either of them won't run.

Run Malwarebytes Anti-Malware
  • Launch the program, click the Update tab, check for updates, and allow it to update.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Full Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • UNcheck all items in the C:\System Volume Information folder and click Remove Selected.
  • When completed, a log will open in Notepad. Save it somewhere you can find and post the results.
  • It may ask you to reboot the computer to finish cleaning. Please allow it.
Also go to the Logs tab and look for any other previous scans you have done then post the log/s (showing infections removed) in your next reply.
-------------------------------------------------------------
Download and Run DDS
Please download DDS by sUBs and save it to your desktop.
  • Alternate download links: here or here.
  • Double click the tool to run it.
  • A black Screen will open... read the contents but do nothing.
  • When DDS finishes... Notepad will open with 2 reports... DDS.txt and Attach.txt
  • Copy/paste both DDS.txt and Attach.txt reports in your next reply.
  • Once the reports have been posted, you can delete DDS from your desktop.
--------------------------------------------------------
Please post the following:
Malwarebytes log/s
Both DDS logs
Let me know how the pc is running?
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: computer running slow

Unread postby paddy79 » February 20th, 2011, 4:43 pm

the computer is running slow and i know there is a virus because microsoft security essentials finds one every time the computer starts but when i clean it, its still showing up next time i restart the computer so i dont think it is being fully cleaned.

i ran mal bytes, but ms security essentials was running in the background and may have been cleaning some viruses that came up? i got 5 detections. here is the log...



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5812

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

20/02/2011 20:00:54
mbam-log-2011-02-20 (20-00-53).txt

Scan type: Full scan (C:\|S:\|)
Objects scanned: 267578
Time elapsed: 1 hour(s), 22 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{1

9127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and

deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1Class1

(Trojan.Agent) -> Value: 1Class1 -> Quarantined and deleted

successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Develop

er Operations Network (Trojan.Backdoor) -> Value: Developer Operations

Network -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Carl\AppData\Roaming\Winlog\Winlogon.exe (Backdoor.Bot) ->

Quarantined and deleted successfully.
c:\Users\Carl\AppData\Roaming\devon.exe (Trojan.Backdoor) ->

Quarantined and deleted successfully.




DDS (Ver_10-12-12.02) - NTFSx86
Run by Carl at 20:39:05.85 on 20/02/2011
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Basic

6.0.6001.1.1252.353.1033.18.892.171 [GMT 0:00]

AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-

7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-

7ACE-0E8C-CBBC6A7A24DB}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device

Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Carl\Desktop\dds.com
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/redirectdomain?

brand=DSGI&bmod=DSGI;
mStart Page = hxxp://www.google.com/ig/redirectdomain?

brand=DSGI&bmod=DSGI
uInternet Settings,ProxyOverride = *.local
BHO: AutorunsDisabled - No File
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program

files\orbitdownloader\orbitcth.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-

76c02e2e7c4e} - c:\program files\google\google

toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-

9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program

files\orbitdownloader\GrabPro.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program

files\google\google toolbar\GoogleToolbar_32.dll
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -

atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MRT] "c:\windows\system32\MRT.exe" /R
mRun: [MSSE] "c:\program files\microsoft security

essentials\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program

files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download by Orbit - c:\program

files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program

files\orbitdownloader\orbitmxt.dll/204
IE: Copy to Semagic - c:\program files\semagic\copy.htm
IE: Do&wnload selected by Orbit - c:\program

files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program

files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12

\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - c:\program files\common

files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: Semagic - c:\program files\semagic\link.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-

F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-

96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://fpdownload2.macromedia.com/get/f ... wflash.cab

================= FIREFOX ===================

FF - ProfilePath -

c:\users\carl\appdata\roaming\mozilla\firefox\profiles\no7badff.default

\
FF - plugin: c:\program files\google\google updater\2.4.1536.6592

\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.29

\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla

firefox\plugins\npFoxitReaderPlugin.dll
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3

-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-

08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3

-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows

presentation foundation\DotNetAssistantExtension

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32

\drivers\MpFilter.sys [2010-3-25 151216]
R1 MpKsl1b0ff33f;MpKsl1b0ff33f;c:\programdata\microsoft\microsoft

antimalware\definition updates\{5cd6fbe4-2a64-40ad-918f-68482b514b41}

\MpKsl1b0ff33f.sys [2011-2-20 28752]
R3 MpNWMon;Microsoft Malware Protection Network

Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368]
R3 SiS6350;SiS6350;c:\windows\system32\drivers\SISGRKMD.sys [2008-9-2

458752]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0

Driver;c:\windows\system32\drivers\SiSGB6.sys [2008-9-2 48128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319

\mscorsvw.exe [2010-3-18 130384]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32

\drivers\mbamswissarmy.sys [2010-8-23 38224]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network

Adapter;c:\windows\system32\drivers\RTL8187B.sys [2008-9-2 283136]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache

4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319

\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 gupdate1c9f9105aaf10c5;Google Update Service

(gupdate1c9f9105aaf10c5);c:\program

files\google\update\GoogleUpdate.exe [2009-6-29 133104]

=============== Created Last 30 ================

2011-02-20 20:18:53 28752 ----a-w- c:\progra~2

\microsoft\microsoft antimalware\definition updates\{5cd6fbe4-2a64-

40ad-918f-68482b514b41}\MpKsl1b0ff33f.sys
2011-02-20 11:57:45 5890896 ----a-w- c:\progra~2

\microsoft\microsoft antimalware\definition updates\{5cd6fbe4-2a64-

40ad-918f-68482b514b41}\mpengine.dll
2011-02-18 18:02:25 -------- d-----w-

C:\MGADiagToolOutput
2011-02-13 19:52:08 2409784 ----a-w- c:\program

files\windows mail\OESpamFilter.dat
2011-02-13 19:51:01 634648 ----a-w- c:\program

files\internet explorer\iexplore.exe
2011-02-13 19:49:55 1205080 ----a-w- c:\windows\system32

\ntdll.dll
2011-02-13 19:49:54 3548048 ----a-w- c:\windows\system32

\ntoskrnl.exe
2011-02-13 19:49:52 3600272 ----a-w- c:\windows\system32

\ntkrnlpa.exe
2011-02-13 19:49:44 2038784 ----a-w- c:\windows\system32

\win32k.sys

==================== Find3M ====================

2011-01-08 07:50:00 34304 ----a-w- c:\windows\system32

\atmlib.dll
2011-01-08 05:57:10 292352 ----a-w- c:\windows\system32

\atmfd.dll
2010-12-28 14:57:35 409600 ----a-w- c:\windows\system32

\odbc32.dll
2010-12-20 15:40:24 833024 ----a-w- c:\windows\system32

\wininet.dll
2010-12-20 15:37:57 78336 ----a-w- c:\windows\system32

\ieencode.dll
2010-12-20 14:12:59 389632 ----a-w- c:\windows\system32

\html.iec
2010-12-20 13:51:45 1383424 ----a-w- c:\windows\system32

\mshtml.tlb
2010-12-14 15:49:30 1169408 ----a-w- c:\windows\system32

\sdclt.exe

============= FINISH: 20:41:57.83 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 09/01/2009 17:26:06
System Uptime: 20/02/2011 20:18:16 (0 hours ago)

Motherboard: DIXONSXP | | N/A
Processor: Genuine Intel(R) CPU T1500 @ 1.86GHz | uPGA 479M | 1866/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 101 GiB total, 17.722 GiB free.
E: is CDROM ()
S: is FIXED (NTFS) - 1 GiB total, 0.267 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0002
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #3
PNP Device ID: ROOT\*ISATAP\0002
Service: tunnel

==== System Restore Points ===================


==== Installed Programs ======================

AAC Decoder
Abdio Free ASF Player (Free)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
AoA Audio Extractor 1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AutoUpdate
Betfair Rapid
Bonjour
Compatibility Pack for the 2007 Office system
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
FLV Player 2.0 (build 25)
Foxit Reader
Free CD to MP3 Converter
Free YouTube to Mp3 Converter version 3.2
GoldWave v5.25
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
H.264 Decoder
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IrfanView (remove only)
iTunes
K-Lite Codec Pack 3.2.5 Standard
Launch
LG Internet Kit
LG USB Modem Drivers
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Works
mIRC
MKV Splitter
Mozilla Firefox (3.6.13)
MP4 Player
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Native Instruments Service Center
OGA Notifier 2.0.0048.0
Ogg Codecs 0.81.15562
Orbit Downloader
PhotoScape
Power2Go
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Semagic (remove only)
SiS VGA Utilities
Spare Messaging
SpeedFan (remove only)
Switch Sound File Converter
Synaptics Pointing Device Driver
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.762
VLC media player 1.0.5
Windows Media Player Firefox Plugin
Windows Movie Maker 2.6
WinRAR archiver
XChat 2 (remove only)

==== End Of File ===========================
paddy79
Regular Member
 
Posts: 16
Joined: February 13th, 2011, 3:54 pm

Re: computer running slow

Unread postby Airscape » February 21st, 2011, 9:54 am

BACKDOOR TROJAN

I'm afraid I have some bad news for you, unfortunatly One or more of the identified infections is a BACKDOOR TROJAN. Backdoor Trojans are the most dangerous and most widespread type of Trojan. Backdoor Trojans provide the author or "master" of the Trojan with remote "administration" of victims machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, Backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer, change settings on the computer and more. Please read this article by Roger A. Grimes on Remote Access Trojans it will give you an Idea of the severity of the type of infection you have.

What are Remote Access Trojans and why are they dangerous


You are strongly advised to do the following:

  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).

Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.


How do I respond to a possible identity theft and how do I prevent it


Because of the severity and the capabilities of this type of virus, (it cannot be known what changes to your system it has made or if it opened up other ways into your system) The only responsible course of action I can advise is to reformat your computer and reinstall windows.

Further reading:

When should do a reformat and reinstallation of my OS
Where to backup your files
How to backup your files in Windows
Restoring your backups

Should you have any questions please feel free to ask.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: computer running slow

Unread postby paddy79 » February 21st, 2011, 2:17 pm

thats bad news.

however i would like to try to remove the trojan if possible. can you give me instructions for doing so?i understand thst it may not remove the trojan completely but i would like to try it
paddy79
Regular Member
 
Posts: 16
Joined: February 13th, 2011, 3:54 pm

Re: computer running slow

Unread postby Airscape » February 21st, 2011, 2:45 pm

As stated the pc will "never" be fully secure unless you reformat and reinstall it.
If (knowing the dangers) you want to continue, please post a new DDS log (make sure you click Format > UNcheck Wordwrap before posting).

I would also like you to confirm that if we did attempt to clean it you would not use the pc for online banking or keeping any personal data ever again?

Thank you.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: computer running slow

Unread postby search9000 » February 21st, 2011, 7:32 pm

I will certainly not use the computer for internet banking and i understand it may be forever compromised. how does one obtain such a virus??

logs...



DDS (Ver_10-12-12.02) - NTFSx86
Run by Carl at 23:28:21.05 on 21/02/2011
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.353.1033.18.892.69 [GMT 0:00]

AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Carl\Desktop\dds.com
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/redirectdomain ... bmod=DSGI;
mStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=DSGI
uInternet Settings,ProxyOverride = *.local
BHO: AutorunsDisabled - No File
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MRT] "c:\windows\system32\MRT.exe" /R
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Copy to Semagic - c:\program files\semagic\copy.htm
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - c:\program files\common files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: Semagic - c:\program files\semagic\link.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/f ... wflash.cab

================= FIREFOX ===================

FF - ProfilePath - c:\users\carl\appdata\roaming\mozilla\firefox\profiles\no7badff.default\
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R1 MpKsl043931fe;MpKsl043931fe;c:\programdata\microsoft\microsoft antimalware\definition updates\{5cb4bf60-28f3-41a1-a58c-63a2077be244}\MpKsl043931fe.sys [2011-2-21 28752]
R1 MpKsl2d2d137d;MpKsl2d2d137d;c:\programdata\microsoft\microsoft antimalware\definition updates\{5cb4bf60-28f3-41a1-a58c-63a2077be244}\MpKsl2d2d137d.sys [2011-2-21 28752]
R3 SiS6350;SiS6350;c:\windows\system32\drivers\SISGRKMD.sys [2008-9-2 458752]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2008-9-2 48128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-8-23 38224]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2008-9-2 283136]
S4 gupdate1c9f9105aaf10c5;Google Update Service (gupdate1c9f9105aaf10c5);c:\program files\google\update\GoogleUpdate.exe [2009-6-29 133104]

=============== Created Last 30 ================

2011-02-21 22:44:00 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{5cb4bf60-28f3-41a1-a58c-63a2077be244}\MpKsl043931fe.sys
2011-02-21 17:48:25 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{5cb4bf60-28f3-41a1-a58c-63a2077be244}\MpKsl2d2d137d.sys
2011-02-21 13:35:14 5890896 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{5cb4bf60-28f3-41a1-a58c-63a2077be244}\mpengine.dll
2011-02-20 22:13:14 -------- d-----w- C:\Downloads
2011-02-18 18:02:25 -------- d-----w- C:\MGADiagToolOutput
2011-02-13 19:52:08 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-02-13 19:51:01 634648 ----a-w- c:\program files\internet explorer\iexplore.exe
2011-02-13 19:49:55 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-02-13 19:49:54 3548048 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-13 19:49:52 3600272 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-13 19:49:44 2038784 ----a-w- c:\windows\system32\win32k.sys

==================== Find3M ====================

2011-01-08 07:50:00 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 05:57:10 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-28 14:57:35 409600 ----a-w- c:\windows\system32\odbc32.dll
2010-12-20 15:40:24 833024 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 15:37:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 14:12:59 389632 ----a-w- c:\windows\system32\html.iec
2010-12-20 13:51:45 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-14 15:49:30 1169408 ----a-w- c:\windows\system32\sdclt.exe

============= FINISH: 23:30:42.51 ===============






UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 09/01/2009 17:26:06
System Uptime: 21/02/2011 22:43:22 (1 hours ago)

Motherboard: DIXONSXP | | N/A
Processor: Genuine Intel(R) CPU T1500 @ 1.86GHz | uPGA 479M | 1866/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 101 GiB total, 16.786 GiB free.
E: is CDROM ()
S: is FIXED (NTFS) - 1 GiB total, 0.267 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0002
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #3
PNP Device ID: ROOT\*ISATAP\0002
Service: tunnel

==== System Restore Points ===================


==== Installed Programs ======================

AAC Decoder
Abdio Free ASF Player (Free)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
AoA Audio Extractor 1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AutoUpdate
Betfair Rapid
Bonjour
Compatibility Pack for the 2007 Office system
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
FLV Player 2.0 (build 25)
Foxit Reader
Free CD to MP3 Converter
Free YouTube to Mp3 Converter version 3.2
GoldWave v5.25
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
H.264 Decoder
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IrfanView (remove only)
iTunes
K-Lite Codec Pack 3.2.5 Standard
Launch
LG Internet Kit
LG USB Modem Drivers
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Works
mIRC
MKV Splitter
Mozilla Firefox (3.6.13)
MP4 Player
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Native Instruments Service Center
OGA Notifier 2.0.0048.0
Ogg Codecs 0.81.15562
Orbit Downloader
PhotoScape
Power2Go
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Semagic (remove only)
SiS VGA Utilities
Spare Messaging
SpeedFan (remove only)
Switch Sound File Converter
Synaptics Pointing Device Driver
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.762
VLC media player 1.0.5
Windows Media Player Firefox Plugin
Windows Movie Maker 2.6
WinRAR archiver
XChat 2 (remove only)

==== End Of File ===========================
search9000
Regular Member
 
Posts: 21
Joined: September 5th, 2010, 2:58 pm

Re: computer running slow

Unread postby Airscape » February 22nd, 2011, 12:06 pm

Why are you posting using different user accounts? is this the pc from this topic upgraded to vista?
viewtopic.php?f=12&t=53351
It makes the job harder if users create new accounts, we need to see what scans were run on the pc etc.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: computer running slow

Unread postby paddy79 » February 22nd, 2011, 1:45 pm

sorry about that, i couldnt remember the password from the other account. it was saved automatically by explorere on my other computer and when i transfered the dds files to that computer to be uploaded to the net, i didnt realize it was already logged in. that is a different computer than the one this topic is about.
paddy79
Regular Member
 
Posts: 16
Joined: February 13th, 2011, 3:54 pm

Re: computer running slow

Unread postby Airscape » February 22nd, 2011, 4:02 pm

Ok, no problem...

Download and Run CKScanner
Download CKScanner from here: http://downloads.malwareremoval.com/CKScanner.exe
Important - Save it to your desktop.
Right-click CKScanner.exe, select Run as Admin and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
---------------------------------------------------------
TFC(Temp File Cleaner)
  • Please download TFC to your desktop.
  • Save any unsaved work. TFC will close all open application windows.
  • Right-click TFC.exe and select Run as Admin to run the program.
  • Click the Start button in bottom left of TFC.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted.
It should not take longer than a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.
-------------------------------------------------------
Disable Microsoft Security Essentials

  • Open MSE and go to Settings > Real Time Protection.
  • Then uncheck "Turn on real time protection".
  • Exit MSE when done.
  • Note: Don't forget to Re-enable it after the below fix.
---------------------------------------------------------
ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Hold down Control then click on the following link to open a new window to ESET online scannner
  • Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
----------------------------------------------------------
Please post the following:
CKScanner log
ESET log
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: computer running slow

Unread postby paddy79 » February 23rd, 2011, 9:17 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=e6fbf4137ebfb845a7a81074934348cb
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-02-24 12:46:44
# local_time=2011-02-24 12:46:44 (+0000, GMT Standard Time)
# country="Ireland"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 7964365 7964365 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 88521 88521 0 0
# scanned=120377
# found=16
# cleaned=0
# scan_time=5077
C:\Qoobox\Quarantine\C\Users\Carl\wuaucldt.exe.vir a variant of Win32/Wigon.ON trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Carl\AppData\Roaming\baoezuh.exe.vir MSIL/Autorun.Agent.U worm (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Carl\AppData\Roaming\locagxa.exe.vir MSIL/Autorun.Agent.U worm (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Carl\AppData\Roaming\nksklwr.exe.vir probably a variant of Win32/Injector.EKT trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Carl\AppData\Roaming\ohydy.exe.vir Win32/Bflient.K worm (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Carl\AppData\Roaming\sdra64.exe.vir Win32/Spy.Zbot.XL trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Carl\AppData\Roaming\DD42632F63BE5ED71A228945E1AA97EE\enemies-names.txt.vir Win32/Adware.AntimalwareDoctor.AE.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Carl\AppData\Roaming\DD42632F63BE5ED71A228945E1AA97EE\fixcore70700bin.exe.vir a variant of Win32/Kryptik.BHY trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Carl\AppData\Roaming\DD42632F63BE5ED71A228945E1AA97EE\libcore707en0setup.exe.vir a variant of Win32/Kryptik.BHY trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Carl\AppData\Roaming\DD42632F63BE5ED71A228945E1AA97EE\local.ini.vir Win32/Adware.AntimalwareDoctor.AE.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Carl\AppData\Roaming\DD42632F63BE5ED71A228945E1AA97EE\smartcore70700bin.exe.vir a variant of Win32/Kryptik.BHY trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Carl\AppData\Roaming\Microsoft\TaskManager.exe.vir probably a variant of Win32/Injector.EKT trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Carl\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp.vir a variant of Win32/Injector.DEL trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Carl\AppData\Roaming\euxhhov.exe Win32/Spy.Zbot.XL trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Carl\AppData\Roaming\ywtidsv.exe a variant of Win32/Injector.EPH trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Public\Documents\Server\hlp.dat Win32/Bamital.EB trojan (unable to clean) 00000000000000000000000000000000 I












CKScanner - Additional Security Risks - These are not necessarily bad
c:\users\carl\desktop\pua\routines serious\routines\mmforumdatabase\lozang's huge material contribution\pua writing\tylerdurden\chick crack.html
scanner sequence 3.AP.11
----- EOF -----
paddy79
Regular Member
 
Posts: 16
Joined: February 13th, 2011, 3:54 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 111 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware