Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

computer running slow

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: computer running slow

Unread postby Airscape » February 24th, 2011, 2:57 pm

I see ComboFix has been run on this PC, did you run it yourself or did you receive help at another forum?
We need to see the log it made at Start > Computer > C:\ComboFix.txt etc

Download and Run OTM
Download OTM by OldTimer Here or Here & save it to your desktop.
  • Right click OTM and select Run as Admin to run it
  • Copy & paste the contents of the Code box below into Paste Instructions for Items to be Moved
Note: Do not type it out to minimize the risk of typo error
Code: Select all
:Files
C:\Users\Carl\AppData\Roaming\euxhhov.exe
C:\Users\Carl\AppData\Roaming\ywtidsv.exe
C:\Users\Public\Documents\Server\hlp.dat
:Commands
[CreateRestorePoint]
[EmptyTemp]
[Start Explorer]
[Reboot]

  • Click on MoveIt!
  • When done, click on Exit
Note: If a file or folder can't be moved immediately, you may be asked to restart your computer. Choose Yes.
A log will be produced at C:\_OTM\MovedFiles\date_time.log, where date_time are numbers.
Please copy/paste this log in your next reply. It should appear after restarting the computer, if not locate it manually.
-----------------------------------------------------------------------
Please post the following:
OTM log
Combofix log/s from previous run/s
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm
Advertisement
Register to Remove

Re: computer running slow

Unread postby paddy79 » February 24th, 2011, 7:28 pm

I think I ran it myself a few months back after reading something about it on a forum but I didn't really understand and still don't. Anyway here is the log..

ComboFix 10-11-23.05 - Carl 24/11/2010 17:09:20.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.353.1033.18.892.263 [GMT 0:00]
Running from: c:\users\Carl\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\data
c:\users\Carl\AppData\Roaming\baoezuh.exe
c:\users\Carl\AppData\Roaming\DD42632F63BE5ED71A228945E1AA97EE
c:\users\Carl\AppData\Roaming\DD42632F63BE5ED71A228945E1AA97EE\enemies-names.txt
c:\users\Carl\AppData\Roaming\DD42632F63BE5ED71A228945E1AA97EE\fixcore70700bin.exe
c:\users\Carl\AppData\Roaming\DD42632F63BE5ED71A228945E1AA97EE\libcore707en0setup.exe
c:\users\Carl\AppData\Roaming\DD42632F63BE5ED71A228945E1AA97EE\local.ini
c:\users\Carl\AppData\Roaming\DD42632F63BE5ED71A228945E1AA97EE\lsrslt.ini
c:\users\Carl\AppData\Roaming\DD42632F63BE5ED71A228945E1AA97EE\smartcore70700bin.exe
c:\users\Carl\AppData\Roaming\locagxa.exe
c:\users\Carl\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
c:\users\Carl\AppData\Roaming\Microsoft\TaskManager.exe
c:\users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk
c:\users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
c:\users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk
c:\users\Carl\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp
c:\users\Carl\AppData\Roaming\nksklwr.exe
c:\users\Carl\AppData\Roaming\ohydy.exe
c:\users\Carl\AppData\Roaming\sdra64.exe
c:\users\Carl\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\users\Carl\wuaucldt.exe
c:\users\Public\Documents\Server\admin.txt
c:\users\Public\Documents\Server\server.dat

.
((((((((((((((((((((((((( Files Created from 2010-10-24 to 2010-11-24 )))))))))))))))))))))))))))))))
.

2010-11-24 17:22 . 2010-11-24 17:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-24 17:22 . 2010-11-24 17:23 -------- d-----w- c:\users\Carl\AppData\Local\temp
2010-11-24 09:41 . 2010-11-09 20:33 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{03F48F23-CBE4-4AB7-9028-C80382A210DA}\mpengine.dll
2010-11-24 09:31 . 2010-11-24 09:31 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-11-23 20:02 . 2010-11-23 20:03 -------- d-----w- C:\rsit
2010-11-23 08:18 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0AC8A2A6-DDC9-42CF-969D-A97B618C98F6}\mpengine.dll
2010-11-23 08:13 . 2010-11-23 20:02 -------- d-----w- c:\program files\trend micro
2010-11-11 03:49 . 2010-10-07 11:35 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-11-08 22:48 . 2010-11-10 07:30 -------- d-----w- c:\program files\Movie Maker 2.6
2010-10-27 00:11 . 2010-08-26 16:01 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 00:11 . 2010-08-26 14:11 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 20:51 . 2009-10-02 20:09 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-29 13:18 . 2010-09-29 13:18 105984 ----a-w- c:\users\Carl\AppData\Roaming\ywtidsv.exe
2010-09-29 08:40 . 2010-09-29 01:11 94720 ----a-w- c:\users\Carl\AppData\Roaming\devon.exe
2010-09-29 01:12 . 2010-09-29 01:12 184320 ----a-w- c:\users\Carl\AppData\Roaming\euxhhov.exe
2010-09-29 01:12 . 2010-09-29 01:12 110592 ---h--w- c:\users\Carl\AppData\Roaming\igaul.exe
2010-09-29 01:12 . 2010-09-29 01:12 110592 ---h--w- c:\users\Carl\AppData\Roaming\talshpmt.exe
2010-09-20 09:25 . 2010-10-14 05:50 231936 ----a-w- c:\windows\system32\msshsq.dll
2010-09-10 16:37 . 2010-10-13 19:52 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 17:26 . 2010-10-13 19:45 833024 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 17:23 . 2010-10-13 19:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 15:53 . 2010-10-13 19:45 389632 ----a-w- c:\windows\system32\html.iec
2010-09-08 15:28 . 2010-10-13 19:45 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:24 . 2010-10-13 19:52 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:23 . 2010-10-13 19:52 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 14:13 . 2010-10-13 19:52 303616 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 14:12 . 2010-10-13 19:52 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 14:12 . 2010-10-13 19:52 101888 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-31 15:41 . 2010-10-13 19:47 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:41 . 2010-10-13 19:47 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:40 . 2010-10-13 19:46 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:39 . 2010-10-13 19:46 2037248 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Developer Operations Network"="c:\users\Carl\AppData\Roaming\devon.exe" [2010-09-29 94720]
"1Class1"="c:\users\Carl\AppData\Roaming\igaul.exe" [2010-09-29 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-28 6144000]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"MRT"="c:\windows\system32\MRT.exe" [2010-11-12 35758536]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Launch.lnk
backup=c:\windows\pss\Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-08-06 10:30 20480 ----a-w- c:\program files\Google\Google EULA\GoogleEULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-09-02 11:07 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-02-17 11:26 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 CEBFilter;CEBFilter;c:\program files\C&E\OSD\OsdService\cebuffer.sys [x]
R4 CEIO;CEIO;c:\program files\C&E\OSD\OsdService\ceio.sys [x]
R4 cKBFilter;cKBFilter;c:\program files\C&E\OSD\OsdService\kbfiltr.sys [x]
R4 gupdate1c9f9105aaf10c5;Google Update Service (gupdate1c9f9105aaf10c5);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-29 133104]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-08-07 283136]
S3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [2008-05-23 458752]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-11-15 48128]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2010-08-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-02 23:46]

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-29 23:21]

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-29 23:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain ... bmod=DSGI;
mStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=DSGI
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Copy to Semagic - c:\program files\Semagic\copy.htm
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: Semagic - c:\program files\Semagic\link.htm
FF - ProfilePath - c:\users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-wuaucldt - c:\users\carl\wuaucldt.exe
HKCU-Run-Regedit32 - c:\windows\system32\regedit.exe
HKCU-Run-fixcore70700bin.exe - c:\users\Carl\AppData\Roaming\DD42632F63BE5ED71A228945E1AA97EE\fixcore70700bin.exe
HKLM-Run-SiSTray - %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
HKLM-Run-ClientGW - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-eSnips - c:\program files\eSnips\ClientGW.exe
MSConfigStartUp-ICQ - c:\program files\ICQ6.5\ICQ.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-24 17:23
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-11-24 17:28:09
ComboFix-quarantined-files.txt 2010-11-24 17:28

Pre-Run: 41,874,874,368 bytes free
Post-Run: 42,823,348,224 bytes free

- - End Of File - - D89134F6E9C1AB0396C1B0CFC420293B




All processes killed
========== FILES ==========
C:\Users\Carl\AppData\Roaming\euxhhov.exe moved successfully.
C:\Users\Carl\AppData\Roaming\ywtidsv.exe moved successfully.
C:\Users\Public\Documents\Server\hlp.dat moved successfully.
========== COMMANDS ==========
Restore point Set: OTM Restore Point

[EMPTYTEMP]

User: All Users

User: Carl
->Temp folder emptied: 83132012 bytes
->Temporary Internet Files folder emptied: 1292723 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 45338505 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 705 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 529806 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 124.00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 02242011_231059
paddy79
Regular Member
 
Posts: 16
Joined: February 13th, 2011, 3:54 pm

Re: computer running slow

Unread postby Airscape » February 25th, 2011, 12:46 pm

Hello,
I recommend reading over this topic, it will give you an idea about the dangers of running Combofix on your own:
http://www.bleepingcomputer.com/forums/topic273628.html

Please let me know how the pc is running now?
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: computer running slow

Unread postby paddy79 » February 25th, 2011, 4:01 pm

Hi, yes I understand I should not be running combofix on my own!

As for the computer, it seems ok. Firefox directs me to a different search page other than google whenever i type something into the address bar and doesn't let me log in to some sites or watch youtube videos but other than that it seems to be ok.
paddy79
Regular Member
 
Posts: 16
Joined: February 13th, 2011, 3:54 pm

Re: computer running slow

Unread postby Airscape » February 25th, 2011, 4:33 pm

When did the redirects start?

GMER Rootkit Scanner
Please download GMER Rootkit Scanner from Here to your desktop.
  • Right click the .exe file and select Run as Admin. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
    See image below
    Image
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

If GMER has problems running (blue screens, crashes) try it in Safe Mode:
http://www.malwareremoval.com/tutorials ... deboot.php
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: computer running slow

Unread postby paddy79 » February 27th, 2011, 5:00 pm

I tried running gmer but got the blue screen error. tried it in safe mode but it was taking too long and i have to run. i will post the log tomorrow as i am going to let it run overnight
paddy79
Regular Member
 
Posts: 16
Joined: February 13th, 2011, 3:54 pm

Re: computer running slow

Unread postby Airscape » February 27th, 2011, 6:10 pm

No, do not run it again... please wait until I post back... thanks for mentioning it.

Thanks.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: computer running slow

Unread postby paddy79 » February 27th, 2011, 6:33 pm

ok... i will wait
paddy79
Regular Member
 
Posts: 16
Joined: February 13th, 2011, 3:54 pm

Re: computer running slow

Unread postby Airscape » February 28th, 2011, 12:23 pm

Please try this scan instead. If it still fails try disabling your antivirus.

Scan with RKUnhooker
Please download Rootkit Unhooker and save it to your desktop.
  • Right-click RKUnhookerLE.exe and select Run as Admin to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it. Click Close
  • Copy the entire contents of the report and paste it in your next reply.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: computer running slow

Unread postby Airscape » March 2nd, 2011, 2:48 pm

Do you still need help?
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: computer running slow

Unread postby paddy79 » March 2nd, 2011, 3:03 pm

yes i tried to run that scan yesterday and again it took too long and looked like it was stalling.

when i started my computer yesterday, i noticed security essentials wasnt working. i couldn't get it working, couldn't find it on my computer to turn it on. it was strange. i downloaded a clean up tool from microsoft and removed it. i currently have no anti virus program so i am wondering if you could recommend one.

also, when that last scan you told me to run was running, security essentials found several viruses and cleaned them, although they came up as "not found" when SE went to clean them but they were detected. this was the list of viruses it found

trojandownloader:win32/cutwail.BA
rogue:win32/FakeYak
PWS:Win32/Zbot
Trojan:Win32/Rimecud.A
Worm:Win32/Pushbot/gen!C
TrojanDropper:Win32/Bamital.C
Win32/Dynamer!dtc

i am worried that the computer is still infected.

one more thing, i bought a sound recorder on ebay and the last two times i connected it to my computer, security essentials found a virus and cleaned it so i am sure that this recorder is infected. perhaps the ebay seller did this on purpose?

anyway i find myself in the same position as the last time i posted but i have no anti virus program this time. im thinking avast could be a good choice
paddy79
Regular Member
 
Posts: 16
Joined: February 13th, 2011, 3:54 pm

Re: computer running slow

Unread postby Airscape » March 2nd, 2011, 4:51 pm

Hello,

Download and Run Combofix
Download a new version of ComboFix from one of the links below (Delete any previous versions, this is a new one I need you to download)

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.infospyware.net/antimalware/combofix/

IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, so they do not interfere with Combofix.
    Disable Windows Defender
    • Go to Start > All Programs > Windows Defender.
    • Click on Tools at the top.
    • Under Settings, click on Options.
    • Under Automatic scanning, uncheck (untick) Automatically scan my computer (recommended) box.
    • Under Real-time protection options, uncheck (untick) Use real-time protection (recommended) box.
    • Click on the Save button at the bottom right hand corner.
    • Note: Please do not Re-enable this until i tell you to do so.
  • Right click on ComboFix.exe and select Run as Admin & follow the prompts.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  • If CF does not restore your internet connection, reboot (restart) the computer and try to re-connect.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofi ... e-combofix
----------------------------------------------------
Then Install an Antivirus software
http://dlce.antivir.com/package/wks_avi ... nal_en.exe
(Don't have it fix anything yet)
----------------------------------------------------
Please post the following:

Combofix log
New DDS log
Avira antivirus log <--- don't worry if you can't find it
Update on how the pc is running?
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: computer running slow

Unread postby paddy79 » March 3rd, 2011, 4:58 pm

DDS (Ver_10-12-12.02) - NTFSx86
Run by Carl at 20:28:56.37 on 03/03/2011
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.353.1033.18.892.139 [GMT 0:00]

AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Users\Carl\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/redirectdomain ... bmod=DSGI;
mStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=DSGI
uInternet Settings,ProxyOverride = *.local
BHO: AutorunsDisabled - No File
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Copy to Semagic - c:\program files\semagic\copy.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - c:\program files\common files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: Semagic - c:\program files\semagic\link.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/f ... wflash.cab

================= FIREFOX ===================

FF - ProfilePath - c:\users\carl\appdata\roaming\mozilla\firefox\profiles\no7badff.default\
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R3 SiS6350;SiS6350;c:\windows\system32\drivers\SISGRKMD.sys [2008-9-2 458752]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2008-9-2 48128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 A27C56FD;A27C56FD;c:\windows\system32\A27C56FD.exe [2011-2-28 6656]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-8-23 38224]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2008-9-2 283136]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 gupdate1c9f9105aaf10c5;Google Update Service (gupdate1c9f9105aaf10c5);c:\program files\google\update\GoogleUpdate.exe [2009-6-29 133104]

=============== Created Last 30 ================

2011-03-03 20:23:17 -------- d-sh--w- C:\$RECYCLE.BIN
2011-03-03 20:23:10 -------- d-----w- c:\users\carl\appdata\local\temp
2011-03-03 20:05:09 -------- d-----w- C:\ComboFix
2011-03-03 19:52:10 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{18824cd8-9cc9-4fb3-bb9d-ee9eddf89587}\mpengine.dll
2011-03-01 22:07:31 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2011-03-01 22:07:31 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2011-03-01 22:04:49 -------- d-----w- c:\program files\common files\InfoWatch
2011-03-01 22:04:40 -------- d-----w- c:\program files\Kaspersky Lab
2011-03-01 22:04:40 -------- d-----w- c:\progra~2\Kaspersky Lab
2011-03-01 21:46:17 -------- d-----w- c:\progra~2\Kaspersky Lab Setup Files
2011-03-01 21:12:38 15682 ----a-w- C:\FixitRegBackup.reg
2011-02-28 17:22:46 6656 ----a-w- c:\windows\system32\A27C56FD.exe
2011-02-28 09:34:59 5943120 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{6aea88e0-ff70-44c2-bf7b-31618e6db91d}\mpengine.dll
2011-02-27 13:20:05 86016 ----a-w- c:\progra~2\microsoft\microsoft antimalware\localcopy\{23C67337-EDFC-4FB6-8C35-176303AE6E34}-TaskManager.exe
2011-02-26 20:58:26 86016 ----a-w- c:\progra~2\microsoft\microsoft antimalware\localcopy\{5D143D63-2893-415B-8EA5-B5103DB99102}-TaskManager.exe
2011-02-24 23:10:59 -------- d-----w- C:\_OTM
2011-02-24 08:12:28 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-02-24 08:11:17 40448 ----a-w- c:\windows\system32\winrs.exe
2011-02-24 08:11:17 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-02-24 08:11:17 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-02-24 08:11:10 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-02-24 08:11:10 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-02-20 22:13:14 -------- d-----w- C:\Downloads
2011-02-18 18:02:25 -------- d-----w- C:\MGADiagToolOutput
2011-02-13 19:52:08 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-02-13 19:51:01 634648 ----a-w- c:\program files\internet explorer\iexplore.exe
2011-02-13 19:49:55 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-02-13 19:49:54 3548048 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-13 19:49:52 3600272 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-13 19:49:44 2038784 ----a-w- c:\windows\system32\win32k.sys

==================== Find3M ====================

2011-02-02 17:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-08 07:50:00 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 05:57:10 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-28 14:57:35 409600 ----a-w- c:\windows\system32\odbc32.dll
2010-12-20 15:40:24 833024 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 15:37:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 14:12:59 389632 ----a-w- c:\windows\system32\html.iec
2010-12-20 13:51:45 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-14 15:49:30 1169408 ----a-w- c:\windows\system32\sdclt.exe

============= FINISH: 20:30:11.83 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 09/01/2009 17:26:06
System Uptime: 03/03/2011 19:02:04 (1 hours ago)

Motherboard: DIXONSXP | | N/A
Processor: Genuine Intel(R) CPU T1500 @ 1.86GHz | uPGA 479M | 1866/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 101 GiB total, 13.137 GiB free.
S: is FIXED (NTFS) - 1 GiB total, 0.267 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0002
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #3
PNP Device ID: ROOT\*ISATAP\0002
Service: tunnel

==== System Restore Points ===================

RP1056: 25/02/2011 03:00:17 - Windows Update
RP1057: 26/02/2011 03:44:30 - Windows Update
RP1058: 26/02/2011 03:52:04 - Windows Update
RP1059: 27/02/2011 05:14:09 - Windows Update
RP1060: 27/02/2011 05:22:01 - Windows Update
RP1061: 27/02/2011 17:43:49 - Scheduled Checkpoint
RP1062: 28/02/2011 09:25:19 - Windows Update
RP1063: 28/02/2011 09:34:07 - Windows Update
RP1064: 28/02/2011 17:53:43 - Windows Update
RP1065: 28/02/2011 18:05:46 - Windows Update
RP1066: 28/02/2011 18:25:01 - Windows Update
RP1067: 28/02/2011 23:17:44 - Installed Microsoft Security Essentials
RP1068: 28/02/2011 23:24:08 - Windows Update
RP1069: 28/02/2011 23:30:09 - Windows Update
RP1070: 28/02/2011 23:32:52 - Installed Microsoft Security Essentials
RP1071: 01/03/2011 10:42:45 - Windows Update
RP1072: 01/03/2011 21:11:34 - Installed Microsoft Fix it 50535
RP1073: 01/03/2011 21:59:32 - Installed Kaspersky PURE.
RP1074: 02/03/2011 03:59:53 - Windows Update
RP1075: 03/03/2011 08:24:09 - Windows Update
RP1076: 03/03/2011 19:51:06 - Windows Update

==== Installed Programs ======================

AAC Decoder
Abdio Free ASF Player (Free)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
AoA Audio Extractor 1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AutoUpdate
Betfair Rapid
Bonjour
Compatibility Pack for the 2007 Office system
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
FLV Player 2.0 (build 25)
Foxit Reader
Free CD to MP3 Converter
Free YouTube to Mp3 Converter version 3.2
GoldWave v5.25
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
H.264 Decoder
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IrfanView (remove only)
iTunes
K-Lite Codec Pack 3.2.5 Standard
Launch
LG Internet Kit
LG USB Modem Drivers
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Works
mIRC
MKV Splitter
Mozilla Firefox (3.6.14)
MP4 Player
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Native Instruments Service Center
OGA Notifier 2.0.0048.0
Ogg Codecs 0.81.15562
PhotoScape
Power2Go
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Semagic (remove only)
SiS VGA Utilities
Spare Messaging
SpeedFan (remove only)
Switch Sound File Converter
Synaptics Pointing Device Driver
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.762
VLC media player 1.0.5
Windows Media Player Firefox Plugin
Windows Movie Maker 2.6
WinRAR archiver
XChat 2 (remove only)

==== Event Viewer Messages From Past Week ========

28/02/2011 23:37:59, Error: PlugPlayManager [12] - The device 'TSSTcorp CDDVDW TS-L632H ATA Device' (IDE\CdRomTSSTcorp_CDDVDW_TS-L632H________________TMC0____\5&273a8cb0&0&0.0.0) disappeared from the system without first being prepared for removal.
28/02/2011 23:37:58, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
28/02/2011 23:37:48, Error: cdrom [15] - The device, \Device\CdRom0, is not ready for access yet.
28/02/2011 23:10:04, Error: EventLog [6008] - The previous system shutdown at 20:00:05 on 28/02/2011 was unexpected.
28/02/2011 18:47:15, Error: EventLog [6008] - The previous system shutdown at 18:34:13 on 28/02/2011 was unexpected.
28/02/2011 18:30:21, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
28/02/2011 18:11:20, Error: Service Control Manager [7023] - The Microsoft Antimalware Service service terminated with the following error: The system license has expired. Your logon request is denied.
28/02/2011 18:10:27, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
28/02/2011 18:06:45, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Microsoft Security Essentials Client Update Package - KB2290031 (2.0.657.0).
28/02/2011 17:46:48, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147599924 User: Carl-PC\Carl Name: Worm:Win32/Pushbot.gen!C ID: 2147599924 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.99.240.0, AS: 1.99.240.0 Engine Version: 1.1.6603.0
28/02/2011 17:46:48, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147637455 User: Carl-PC\Carl Name: TrojanDropper:Win32/Bamital.C ID: 2147637455 Severity: Severe Category: Trojan Dropper Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.99.240.0, AS: 1.99.240.0 Engine Version: 1.1.6603.0
28/02/2011 17:46:48, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147632585 User: Carl-PC\Carl Name: TrojanDownloader:Win32/Cutwail.BA ID: 2147632585 Severity: Severe Category: Trojan Downloader Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.99.240.0, AS: 1.99.240.0 Engine Version: 1.1.6603.0
28/02/2011 17:46:48, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147632584 User: Carl-PC\Carl Name: Trojan:Win32/Rimecud.A ID: 2147632584 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.99.240.0, AS: 1.99.240.0 Engine Version: 1.1.6603.0
28/02/2011 17:46:48, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147638124 User: Carl-PC\Carl Name: Trojan:Win32/Dynamer!dtc ID: 2147638124 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.99.240.0, AS: 1.99.240.0 Engine Version: 1.1.6603.0
28/02/2011 17:46:48, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147632663 User: Carl-PC\Carl Name: Rogue:Win32/FakeYak ID: 2147632663 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.99.240.0, AS: 1.99.240.0 Engine Version: 1.1.6603.0
28/02/2011 17:46:48, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147598479 User: Carl-PC\Carl Name: PWS:Win32/Zbot ID: 2147598479 Severity: Severe Category: Password Stealer Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.99.240.0, AS: 1.99.240.0 Engine Version: 1.1.6603.0
28/02/2011 17:44:52, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147599924 User: Carl-PC\Carl Name: Worm:Win32/Pushbot.gen!C ID: 2147599924 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.99.240.0, AS: 1.99.240.0 Engine Version: 1.1.6603.0
28/02/2011 17:40:38, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... tid=159633 User: Carl-PC\Carl Name: Adware:Win32/OpenCandy ID: 159633 Severity: Low Category: Adware Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.99.240.0, AS: 1.99.240.0 Engine Version: 1.1.6603.0
28/02/2011 16:47:58, Error: EventLog [6008] - The previous system shutdown at 10:55:03 on 28/02/2011 was unexpected.
28/02/2011 09:20:29, Error: EventLog [6008] - The previous system shutdown at 01:32:18 on 28/02/2011 was unexpected.
27/02/2011 20:00:59, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC MpFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
27/02/2011 20:00:59, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
27/02/2011 20:00:59, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
27/02/2011 20:00:59, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
27/02/2011 20:00:59, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
27/02/2011 20:00:59, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
27/02/2011 20:00:59, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
27/02/2011 20:00:59, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
27/02/2011 20:00:59, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
27/02/2011 20:00:59, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
27/02/2011 20:00:59, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
27/02/2011 20:00:59, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
27/02/2011 20:00:59, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
27/02/2011 20:00:59, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
27/02/2011 20:00:59, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
27/02/2011 20:00:59, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
27/02/2011 20:00:53, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
27/02/2011 20:00:52, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
27/02/2011 20:00:16, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
27/02/2011 20:00:16, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
27/02/2011 20:00:14, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
27/02/2011 20:00:05, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
27/02/2011 19:52:13, Error: EventLog [6008] - The previous system shutdown at 19:50:26 on 27/02/2011 was unexpected.
27/02/2011 13:20:38, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147599924 User: Carl-PC\Carl Name: Worm:Win32/Pushbot.gen!C ID: 2147599924 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.99.185.0, AS: 1.99.185.0 Engine Version: 1.1.6603.0
27/02/2011 12:07:59, Error: EventLog [6008] - The previous system shutdown at 11:11:35 on 27/02/2011 was unexpected.
27/02/2011 05:09:47, Error: EventLog [6008] - The previous system shutdown at 21:21:23 on 26/02/2011 was unexpected.
26/02/2011 20:59:19, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147599924 User: Carl-PC\Carl Name: Worm:Win32/Pushbot.gen!C ID: 2147599924 Severity: Severe Category: Worm Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.99.138.0, AS: 1.99.138.0 Engine Version: 1.1.6603.0
26/02/2011 17:44:20, Error: EventLog [6008] - The previous system shutdown at 12:12:39 on 26/02/2011 was unexpected.
26/02/2011 11:40:04, Error: EventLog [6008] - The previous system shutdown at 11:23:06 on 26/02/2011 was unexpected.
26/02/2011 10:36:41, Error: EventLog [6008] - The previous system shutdown at 04:25:15 on 26/02/2011 was unexpected.
25/02/2011 18:31:12, Error: EventLog [6008] - The previous system shutdown at 17:41:03 on 25/02/2011 was unexpected.
25/02/2011 15:51:15, Error: EventLog [6008] - The previous system shutdown at 10:43:09 on 25/02/2011 was unexpected.
25/02/2011 09:40:39, Error: EventLog [6008] - The previous system shutdown at 03:37:14 on 25/02/2011 was unexpected.
24/02/2011 23:13:09, Error: Ntfs [137] - The default transaction resource manager on volume Vista encountered a non-retryable error and could not start. The data contains the error code.
24/02/2011 23:11:00, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
24/02/2011 23:04:31, Error: EventLog [6008] - The previous system shutdown at 18:43:59 on 24/02/2011 was unexpected.
24/02/2011 16:25:53, Error: EventLog [6008] - The previous system shutdown at 08:37:28 on 24/02/2011 was unexpected.
24/02/2011 08:33:37, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800b0100: Update for Windows Vista (KB970430).
24/02/2011 08:05:15, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
24/02/2011 08:03:38, Error: EventLog [6008] - The previous system shutdown at 01:17:43 on 24/02/2011 was unexpected.
24/02/2011 08:03:26, Error: Microsoft-Windows-Kernel-Processor-Power [2] - Performance power management features on processor 1 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
24/02/2011 08:03:26, Error: Microsoft-Windows-Kernel-Processor-Power [2] - Performance power management features on processor 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
03/03/2011 20:09:31, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
03/03/2011 17:08:16, Error: EventLog [6008] - The previous system shutdown at 17:06:01 on 03/03/2011 was unexpected.
03/03/2011 15:57:54, Error: EventLog [6008] - The previous system shutdown at 08:51:02 on 03/03/2011 was unexpected.
03/03/2011 08:20:12, Error: EventLog [6008] - The previous system shutdown at 00:00:34 on 03/03/2011 was unexpected.
02/03/2011 23:02:48, Error: EventLog [6008] - The previous system shutdown at 23:01:24 on 02/03/2011 was unexpected.
02/03/2011 22:24:35, Error: EventLog [6008] - The previous system shutdown at 21:47:32 on 02/03/2011 was unexpected.
02/03/2011 18:08:47, Error: EventLog [6008] - The previous system shutdown at 10:52:39 on 02/03/2011 was unexpected.
02/03/2011 10:16:21, Error: EventLog [6008] - The previous system shutdown at 04:22:26 on 02/03/2011 was unexpected.
02/03/2011 10:15:30, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
02/03/2011 10:15:30, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume .
02/03/2011 03:55:46, Error: EventLog [6008] - The previous system shutdown at 22:27:41 on 01/03/2011 was unexpected.
01/03/2011 18:19:55, Error: EventLog [6008] - The previous system shutdown at 14:01:00 on 01/03/2011 was unexpected.
01/03/2011 13:17:12, Error: EventLog [6008] - The previous system shutdown at 10:51:50 on 01/03/2011 was unexpected.
01/03/2011 10:39:42, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
01/03/2011 10:38:43, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00030DAE0AB7. The following error occurred: The wait operation timed out.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
01/03/2011 10:38:20, Error: EventLog [6008] - The previous system shutdown at 01:40:33 on 01/03/2011 was unexpected.

==== End Of File ===========================


ComboFix 11-03-03.01 - Carl 03/03/2011 20:10:04.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.353.1033.18.892.430 [GMT 0:00]
Running from: c:\users\Carl\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Java
c:\program files\Java\jre6\lib\ext\dns_sd.jar
c:\program files\Java\jre6\lib\ext\QTJava.zip
c:\users\Carl\AppData\Roaming\winlog

.
((((((((((((((((((((((((( Files Created from 2011-02-03 to 2011-03-03 )))))))))))))))))))))))))))))))
.

2011-03-03 20:19 . 2011-03-03 20:19 -------- d-----w- c:\users\Carl\AppData\Local\temp
2011-03-03 20:19 . 2011-03-03 20:19 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-03-03 20:19 . 2011-03-03 20:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-03 19:52 . 2011-02-23 09:35 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18824CD8-9CC9-4FB3-BB9D-EE9EDDF89587}\mpengine.dll
2011-03-01 22:07 . 2009-12-14 12:44 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2011-03-01 22:07 . 2009-12-14 12:44 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2011-03-01 22:04 . 2011-03-01 22:04 -------- d-----w- c:\program files\Common Files\InfoWatch
2011-03-01 22:04 . 2011-03-02 04:02 -------- d-----w- c:\programdata\Kaspersky Lab
2011-03-01 22:04 . 2011-03-01 22:04 -------- d-----w- c:\program files\Kaspersky Lab
2011-03-01 21:46 . 2011-03-01 21:46 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-03-01 21:12 . 2011-03-01 21:12 15682 ----a-w- C:\FixitRegBackup.reg
2011-02-28 17:22 . 2011-02-28 17:22 6656 ----a-w- c:\windows\system32\A27C56FD.exe
2011-02-28 09:34 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6AEA88E0-FF70-44C2-BF7B-31618E6DB91D}\mpengine.dll
2011-02-27 13:20 . 2011-02-27 13:20 86016 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{23C67337-EDFC-4FB6-8C35-176303AE6E34}-TaskManager.exe
2011-02-26 20:58 . 2011-02-26 20:58 86016 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{5D143D63-2893-415B-8EA5-B5103DB99102}-TaskManager.exe
2011-02-24 23:10 . 2011-02-24 23:10 -------- d-----w- C:\_OTM
2011-02-24 08:12 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-02-24 08:11 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-02-24 08:11 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-02-24 08:11 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
2011-02-24 08:11 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-02-24 08:11 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-02-20 22:32 . 2011-03-01 20:06 -------- d-----w- c:\users\Carl\AppData\Roaming\dvdcss
2011-02-20 22:13 . 2011-02-20 22:14 -------- d-----w- C:\Downloads
2011-02-18 18:02 . 2011-02-19 11:45 -------- d-----w- C:\MGADiagToolOutput
2011-02-13 19:52 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-02-13 19:51 . 2010-12-20 15:42 634648 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2011-02-13 19:49 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-02-13 19:49 . 2010-10-15 14:08 3548048 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-13 19:49 . 2010-10-15 14:08 3600272 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-13 19:49 . 2010-12-31 13:25 2038784 ----a-w- c:\windows\system32\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-11 06:54 . 2010-11-25 12:17 5943120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-02 17:11 . 2009-10-02 20:09 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-28 14:57 . 2011-01-12 22:59 409600 ----a-w- c:\windows\system32\odbc32.dll
2010-12-20 18:09 . 2010-08-23 05:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 18:08 . 2010-08-23 05:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-14 15:49 . 2011-01-12 22:59 1169408 ----a-w- c:\windows\system32\sdclt.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-28 6144000]
"Skytel"="Skytel.exe" [2007-11-20 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Launch.lnk
backup=c:\windows\pss\Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-08-06 10:30 20480 ----a-w- c:\program files\Google\Google EULA\GoogleEULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 07:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2010-12-20 18:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT]
2011-02-14 07:26 37443528 ----a-w- c:\windows\System32\mrt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 04:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-09-02 11:07 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-02-17 11:26 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

R1 MpKsl043931fe;MpKsl043931fe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CB4BF60-28F3-41A1-A58C-63A2077BE244}\MpKsl043931fe.sys [x]
R1 MpKsl05486dce;MpKsl05486dce;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1E1D7671-4664-4645-AEBC-2BF1A979B19B}\MpKsl05486dce.sys [x]
R1 MpKsl087a8610;MpKsl087a8610;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E621BE0B-EF0C-4ADB-8596-75893F29FC33}\MpKsl087a8610.sys [x]
R1 MpKsl116acfbe;MpKsl116acfbe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C8BFA235-30F0-4037-B6EB-9677CD30F6D1}\MpKsl116acfbe.sys [x]
R1 MpKsl1e9872b0;MpKsl1e9872b0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6CCE084-4291-4375-85C7-736BF8407A3D}\MpKsl1e9872b0.sys [x]
R1 MpKsl1fe1034e;MpKsl1fe1034e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{42250DC0-17CF-460A-B83C-455966143A25}\MpKsl1fe1034e.sys [x]
R1 MpKsl232af958;MpKsl232af958;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A096048B-606A-48B4-A622-7388325B9F0A}\MpKsl232af958.sys [x]
R1 MpKsl2630b016;MpKsl2630b016;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E621BE0B-EF0C-4ADB-8596-75893F29FC33}\MpKsl2630b016.sys [x]
R1 MpKsl2cdcd736;MpKsl2cdcd736;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A096048B-606A-48B4-A622-7388325B9F0A}\MpKsl2cdcd736.sys [x]
R1 MpKsl2d2d137d;MpKsl2d2d137d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CB4BF60-28F3-41A1-A58C-63A2077BE244}\MpKsl2d2d137d.sys [x]
R1 MpKsl2e4f2bad;MpKsl2e4f2bad;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E621BE0B-EF0C-4ADB-8596-75893F29FC33}\MpKsl2e4f2bad.sys [x]
R1 MpKsl31f93767;MpKsl31f93767;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6AEA88E0-FF70-44C2-BF7B-31618E6DB91D}\MpKsl31f93767.sys [x]
R1 MpKsl387f365a;MpKsl387f365a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CB4BF60-28F3-41A1-A58C-63A2077BE244}\MpKsl387f365a.sys [x]
R1 MpKsl3d26ea74;MpKsl3d26ea74;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E621BE0B-EF0C-4ADB-8596-75893F29FC33}\MpKsl3d26ea74.sys [x]
R1 MpKsl47fb5354;MpKsl47fb5354;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1E1D7671-4664-4645-AEBC-2BF1A979B19B}\MpKsl47fb5354.sys [x]
R1 MpKsl4f398684;MpKsl4f398684;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1E1D7671-4664-4645-AEBC-2BF1A979B19B}\MpKsl4f398684.sys [x]
R1 MpKsl5f56ec47;MpKsl5f56ec47;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB828177-EE3E-48F9-8EF7-5A737C7BBED6}\MpKsl5f56ec47.sys [x]
R1 MpKsl62c2b9f4;MpKsl62c2b9f4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5763317D-C956-4B29-A671-07280BF29BA9}\MpKsl62c2b9f4.sys [x]
R1 MpKsl74ef32c8;MpKsl74ef32c8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6CCE084-4291-4375-85C7-736BF8407A3D}\MpKsl74ef32c8.sys [x]
R1 MpKsl797dbb70;MpKsl797dbb70;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E621BE0B-EF0C-4ADB-8596-75893F29FC33}\MpKsl797dbb70.sys [x]
R1 MpKsl85775efb;MpKsl85775efb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A096048B-606A-48B4-A622-7388325B9F0A}\MpKsl85775efb.sys [x]
R1 MpKsl910e235a;MpKsl910e235a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76007F20-AA1C-4659-88C1-2B2543E8FB43}\MpKsl910e235a.sys [x]
R1 MpKsl91d5f318;MpKsl91d5f318;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A096048B-606A-48B4-A622-7388325B9F0A}\MpKsl91d5f318.sys [x]
R1 MpKsl92fd6e49;MpKsl92fd6e49;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A096048B-606A-48B4-A622-7388325B9F0A}\MpKsl92fd6e49.sys [x]
R1 MpKsl9469d47c;MpKsl9469d47c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E621BE0B-EF0C-4ADB-8596-75893F29FC33}\MpKsl9469d47c.sys [x]
R1 MpKsla317d795;MpKsla317d795;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6CCE084-4291-4375-85C7-736BF8407A3D}\MpKsla317d795.sys [x]
R1 MpKslc40f8d23;MpKslc40f8d23;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB828177-EE3E-48F9-8EF7-5A737C7BBED6}\MpKslc40f8d23.sys [x]
R1 MpKslc79eec1d;MpKslc79eec1d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1E1D7671-4664-4645-AEBC-2BF1A979B19B}\MpKslc79eec1d.sys [x]
R1 MpKslc9b60dc3;MpKslc9b60dc3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A096048B-606A-48B4-A622-7388325B9F0A}\MpKslc9b60dc3.sys [x]
R1 MpKsld507f2a2;MpKsld507f2a2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76007F20-AA1C-4659-88C1-2B2543E8FB43}\MpKsld507f2a2.sys [x]
R1 MpKsld6967b9f;MpKsld6967b9f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6CCE084-4291-4375-85C7-736BF8407A3D}\MpKsld6967b9f.sys [x]
R1 MpKsle6275802;MpKsle6275802;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C8BFA235-30F0-4037-B6EB-9677CD30F6D1}\MpKsle6275802.sys [x]
R1 MpKsledf75447;MpKsledf75447;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C8BFA235-30F0-4037-B6EB-9677CD30F6D1}\MpKsledf75447.sys [x]
R1 MpKslf881d9c6;MpKslf881d9c6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0EF1AE9F-7347-40F4-A502-D69C8EE273BC}\MpKslf881d9c6.sys [x]
R1 MpKslfa308138;MpKslfa308138;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A096048B-606A-48B4-A622-7388325B9F0A}\MpKslfa308138.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 A27C56FD;A27C56FD;c:\windows\system32\A27C56FD.exe [2011-02-28 6656]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-12-20 38224]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 Normandy;Normandy SR2; [x]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-08-07 283136]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 CEBFilter;CEBFilter;c:\program files\C&E\OSD\OsdService\cebuffer.sys [x]
R4 CEIO;CEIO;c:\program files\C&E\OSD\OsdService\ceio.sys [x]
R4 cKBFilter;cKBFilter;c:\program files\C&E\OSD\OsdService\kbfiltr.sys [x]
R4 gupdate1c9f9105aaf10c5;Google Update Service (gupdate1c9f9105aaf10c5);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-29 133104]
S3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [2008-05-23 458752]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-11-15 48128]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2010-08-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-02 23:46]

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-29 23:21]

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-29 23:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain ... bmod=DSGI;
mStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=DSGI
uInternet Settings,ProxyOverride = *.local
IE: Copy to Semagic - c:\program files\Semagic\copy.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: Semagic - c:\program files\Semagic\link.htm
FF - ProfilePath - c:\users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-03 20:19
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-03-03 20:23:08
ComboFix-quarantined-files.txt 2011-03-03 20:23

Pre-Run: 14,305,820,672 bytes free
Post-Run: 14,105,415,680 bytes free

- - End Of File - - 20A4B7B5FDDA1049EB5973762B252281



the computer seems to be running ok. firefox searches are not redirected. however im not sure if the viruses are gone?
paddy79
Regular Member
 
Posts: 16
Joined: February 13th, 2011, 3:54 pm

Re: computer running slow

Unread postby Airscape » March 4th, 2011, 2:26 pm

Please make sure you follow all instructions carefully and in the same order given.
Microsoft Security Essentials is not in the uninstall list but parts are still active in the logs, and you haven't installed Avira as I asked?

Uninstall Programs
Click Start > Control Panel > Programs and Features
Right-click on the following programs (if present) and click Uninstall..

Microsoft Security Essentials
Microsoft Antimalware

Then run this MSE removal tool (via right-click > run as admin) and follow the prompts.
Make sure you Restart the computer.
-------------------------------------------
CFScript
Close any open browsers.
Open notepad and copy/paste the text in the code box below into it:
Code: Select all
Driver::
A27C56FD
File::
c:\windows\system32\A27C56FD.exe
Reglock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
Registry::
[-HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launch.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
SecCenter::
{BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
{043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
DDS::
uStart Page = hxxp://www.google.com/ig/redirectdomain ... bmod=DSGI;
mStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=DSGI
BHO: AutorunsDisabled - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

Save this as CFScript.txt, in the same location as ComboFix.exe

Image

Refering to the picture above, drag CFScript into ComboFix.exe
If CF prompts to update at any time, please allow it.
When finished, it shall produce a log for you. Please save it somewhere you can find and post the results.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own.
----------------------------------------------------------------
Install an Antivirus software:
http://dlce.antivir.com/package/wks_avi ... nal_en.exe
Once installed have it update, run a full scan, and Fix anything found.
After scanning launch the program again and click Overview > Reports
Double-click the red magnifying glass named Scan and click Report File
Save the report to your desktop then post the results in your next reply.
---------------------------------------------------------------
Security Application Check
  • Please download SecurityCheck by screen317 from Here or Here and save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document in your next reply.
--------------------------------------------------------------
Logs/Information to Post in your Next Reply
  • Combofix log
  • SecurityCheck log
  • Avira antivirus log
  • New HijackThis log (when everything is complete)
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: computer running slow

Unread postby paddy79 » March 6th, 2011, 8:16 pm

logs coming within the next few hours!
paddy79
Regular Member
 
Posts: 16
Joined: February 13th, 2011, 3:54 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 146 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware