Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Slow computer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Slow computer

Unread postby thebhound8 » March 3rd, 2011, 12:25 am

DDS (Ver_10-12-12.02) - NTFSx86
Run by Gerrett at 22:13:42.59 on Wed 03/02/2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3582.2175 [GMT -6:00]

AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\SiteRanker\SiteRankTray.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\rundll32.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Users\Gerrett\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Gerrett\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gerrett\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gerrett\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
c:\Users\Gerrett\Downloads\dds (1).scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.mywebsearch.com/mywebsear ... PpeszAf2eQ
uDefault_Page_URL = hxxp://www.msn.com
uSearch Page =
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_custom ... tbid=80305
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\program files\bearsharetb\BearShareDx.dll
BHO: : {11bf46c6-b3de-48bd-bf70-3ad85cab80b5} - c:\progra~1\sitera~1\SiteRank.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: MediaBar: {abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f} - c:\program files\imeshmediabartb\iMeshMediaBarDx.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2380.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: MediaBar: {abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f} - c:\program files\imeshmediabartb\iMeshMediaBarDx.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\program files\bearsharetb\BearShareDx.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: @c:\program files\msn toolbar\platform\6.3.2380.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2380.0\npwinext.dll
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
TB: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Google Update] "c:\users\gerrett\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [SiteRanker] "c:\program files\siteranker\SiteRankTray.exe"
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [DVDAgent] "c:\program files\hewlett-packard\media\dvd\DVDAgent.exe"
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe" -delete
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\philip~1.lnk - c:\philips\gogear vibe device manager\GoGear_Vibe_DeviceManager.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Mystery%20Solitaire/Images/stg_drm.ocx
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Mystery%20Solitaire/Images/armhelper.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-5 385536]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-20 21504]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-7-14 1443584]
R3 hcw85cir;Hauppauge Consumer IR 3;c:\windows\system32\drivers\hcw85cir3.sys [2009-7-14 28160]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-5-24 501248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca8fcb2944f33a;Google Update Service (gupdate1ca8fcb2944f33a);c:\program files\google\update\GoogleUpdate.exe [2010-1-7 133104]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-8-21 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mr97310c;CIF Dual-Mode Camera;c:\windows\system32\drivers\mr97310c.sys [2008-3-27 116992]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-03-03 00:21:36 -------- d-----w- c:\program files\ESET
2011-03-03 00:07:24 -------- d-----w- C:\_OTL
2011-03-02 00:33:25 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{4f8dcb99-972c-411b-9a81-4ef87565a81d}\mpengine.dll
2011-03-02 00:31:54 -------- d-----w- c:\users\gerrett\appdata\roaming\Malwarebytes
2011-03-02 00:31:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-02 00:31:48 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-02 00:31:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-02 00:31:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-01 02:40:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-01 02:15:02 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2011-03-01 02:15:01 32656 ----a-w- c:\windows\system32\msonpmon.dll
2011-03-01 01:40:02 -------- d-----w- c:\users\gerrett\appdata\local\Microsoft Help
2011-03-01 00:37:04 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
2011-02-28 22:07:52 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-02-28 22:07:52 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-02-28 22:07:52 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-02-28 22:07:36 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-02-28 21:52:32 15712 ----a-w- c:\program files\common files\windows live\.cache\cd6d58a61cbd7911f\MeshBetaRemover.exe
2011-02-28 21:52:20 94040 ----a-w- c:\program files\common files\windows live\.cache\c579f9f61cbd79119\DSETUP.dll
2011-02-28 21:52:20 525656 ----a-w- c:\program files\common files\windows live\.cache\c579f9f61cbd79119\DXSETUP.exe
2011-02-28 21:52:20 1691480 ----a-w- c:\program files\common files\windows live\.cache\c579f9f61cbd79119\dsetup32.dll
2011-02-28 21:52:07 94040 ----a-w- c:\program files\common files\windows live\.cache\bd1cdcf61cbd79117\DSETUP.dll
2011-02-28 21:52:07 525656 ----a-w- c:\program files\common files\windows live\.cache\bd1cdcf61cbd79117\DXSETUP.exe
2011-02-28 21:52:07 1691480 ----a-w- c:\program files\common files\windows live\.cache\bd1cdcf61cbd79117\dsetup32.dll
2011-02-28 21:51:04 -------- d-----w- c:\users\gerrett\appdata\local\Windows Live
2011-02-28 21:50:41 754688 ----a-w- c:\windows\system32\webservices.dll
2011-02-28 21:48:02 -------- d-----w- c:\program files\MSN Toolbar
2011-02-28 21:47:07 -------- d-----w- c:\program files\Bing Bar Installer
2011-02-28 09:07:40 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-02-28 09:07:40 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-02-28 09:07:40 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-02-28 09:07:40 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-02-28 09:07:40 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-02-28 09:01:06 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-02-27 17:55:34 502272 ----a-w- c:\windows\system32\usp10.dll
2011-02-27 17:55:30 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-27 17:55:30 17920 ----a-w- c:\windows\system32\netevent.dll
2011-02-27 17:55:30 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-27 17:55:30 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-02-27 17:55:30 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-27 17:55:10 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2011-02-27 17:55:09 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2011-02-27 17:53:53 128000 ----a-w- c:\windows\system32\spoolsv.exe
2011-02-27 17:52:52 601600 ----a-w- c:\windows\system32\schedsvc.dll
2011-02-27 17:52:52 352768 ----a-w- c:\windows\system32\taskschd.dll
2011-02-27 17:52:52 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-02-27 17:52:51 270336 ----a-w- c:\windows\system32\taskcomp.dll
2011-02-27 17:52:51 171520 ----a-w- c:\windows\system32\taskeng.exe
2011-02-27 17:52:48 81920 ----a-w- c:\windows\system32\consent.exe
2011-02-27 17:52:46 1248768 ----a-w- c:\windows\system32\msxml3.dll
2011-02-27 17:52:36 2048 ----a-w- c:\windows\system32\tzres.dll
2011-02-27 17:51:55 72704 ----a-w- c:\windows\system32\fontsub.dll
2011-02-27 17:51:55 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-27 17:51:55 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-27 17:51:52 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-02-27 17:51:49 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-02-27 17:51:46 531968 ----a-w- c:\windows\system32\comctl32.dll
2011-02-27 17:51:43 231424 ----a-w- c:\windows\system32\msshsq.dll

==================== Find3M ====================

2011-02-02 23:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:22:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:22:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-18 06:22:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-12-18 06:22:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-18 05:25:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:48:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-18 04:47:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-14 14:49:23 1169408 ----a-w- c:\windows\system32\sdclt.exe

============= FINISH: 22:14:45.18 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/27/2008 2:51:50 PM
System Uptime: 3/2/2011 6:11:55 PM (4 hours ago)

Motherboard: PEGATRON CORPORATION | | NARRA3
Processor: AMD Athlon(tm) Dual Core Processor 4450e | Socket AM2 | 1000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 686 GiB total, 522.745 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.656 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================


ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Adobe Shockwave Player 11.5
AIM Toolbar
Ask Toolbar
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Brain Training for Dummies
Canon MP Navigator EX 1.0
Canon MX310 series
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Cards_Calendar_OrderGift_DoMorePlugout
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
Download Updater (AOL LLC)
eMusic Download Manager 4.1.3.1
Enhanced Multimedia Keyboard Solution
False Flesh 1.00
GoGear VIBE Device Manager
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hardware Diagnostic Tools
Hauppauge MCE XP/Vista Software Encoder (2.0.26057)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Advisor
HP Customer Experience Enhancements
HP Customer Feedback
HP Demo
HP MediaSmart DVD
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Update
HPAsset component for HP Active Support Library
HPPhotoSmartPhotobookWebPack1
HPTCSSetup
Java Auto Updater
Java(TM) 6 Update 24
Junk Mail filter update
LabelPrint
LightScribe System Software
LightScribeTemplateLabeler
LucasArts' Grim Fandango
LucasArts' Rogue Squadron 3D-Elite Missions
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
MediaBar
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 60 day trial
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
Mystery Solitaire
Netflix Movie Viewer
Norton Internet Security (Symantec Corporation)
NSIS Mixxx
NVIDIA Drivers
Oblivion
OGA Notifier 2.0.0048.0
PlayReady PC runtime
Power2Go
PowerDirector
Presto! PageManager 7.15.16
PSSWCORE
Python 2.5.2
Realtek High Definition Audio Driver
ScanSoft OmniPage SE 4
Scrabble
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
SiteRanker
sp44626
SPORE Creature Creator Trial Edition
TBS WMP Plug-in
Tony Hawk's Pro Skater 2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VideoToolkit01
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
Yahoo! BrowserPlus
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

==== End Of File ===========================
thebhound8
Regular Member
 
Posts: 22
Joined: November 12th, 2010, 8:58 pm
Advertisement
Register to Remove

Re: Slow computer

Unread postby Carolyn » March 3rd, 2011, 10:32 am

Have you been able to run the ESET online scan? Please post those results for my review.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Slow computer

Unread postby thebhound8 » March 3rd, 2011, 6:57 pm

Below the OTL scan is the ESET scan results. I did not notice that it did not have a title.
thebhound8
Regular Member
 
Posts: 22
Joined: November 12th, 2010, 8:58 pm

Re: Slow computer

Unread postby Carolyn » March 4th, 2011, 8:17 am

It looks like the ESET log was cut off (not just the header). Please post it again.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Slow computer

Unread postby thebhound8 » March 4th, 2011, 3:28 pm

So this is exactly what was there the last time. Its says it found 29 threats and gives this list. I've done it three times and and each time take 3hrs 29min. So I'm not sure if it is just not working. It gives me an option to view list of threats, unistall and finish.

C:\Program Files\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application
C:\Program Files\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application
C:\Program Files\Zwangi\Zwangi_deleted_\zwangi.dll a variant of Win32/Adware.OneStep.D application
C:\Program Files\Zwangi\Zwangi_deleted_\zwangi.exe Win32/Adware.OneStep.A application
C:\ProgramData\Zwangi\zwangi110.exe Win32/Adware.OneStep.A application
C:\Users\All Users\Zwangi\zwangi110.exe Win32/Adware.OneStep.A application
C:\Users\Devin\AppData\Local\1447916283.dll a variant of Win32/Kryptik.DJM trojan
C:\Users\Devin\AppData\Local\Temp\00007576 a variant of Win32/Kryptik.CMB trojan
C:\Users\Devin\AppData\Local\VirtualStore\Windows\infocard.exb a variant of Win32/Injector.BLQ trojan
C:\Users\Devin\AppData\Roaming\Cerberus\server.exe Win32/TrojanDropper.Delf.NQD trojan
C:\Users\Devin\Downloads\BlubsterSetup.exe Win32/Adware.Toolbar.Dealio application
C:\Users\Devin\Downloads\PDF_Reader_Setup(2).exe a variant of Win32/SweetIM.A application
C:\Users\Devin\Downloads\PDF_Reader_Setup.exe a variant of Win32/SweetIM.A application
C:\Users\Devin\Downloads\SetupGamevance(2).exe a variant of Win32/Adware.Gamevance.AK application
C:\Users\Devin\Downloads\SetupPlaySushi.exe a variant of Win32/Adware.Gamevance.AK application
C:\Windows\System32\f3PSSavr.scr Win32/Toolbar.MyWebSearch application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2UIGO7A4\cache_readme[1].pdf PDF/Exploit.Gen trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2UIGO7A4\cache_readme[2].pdf PDF/Exploit.Gen trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2UIGO7A4\cache_readme[3].pdf PDF/Exploit.Gen trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\91I999ZZ\oU2773a43bH9b94f9f9V0100f080006Rf6917724108Td0fed7b8201l0409K1d0842e1317[1].pdf JS/Exploit.Pdfka.ASD trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WEGIM6YW\oH9b94f9f9V0100f080006Rc242424a108Td0ca812b201l0409K694c7141317[1].pdf JS/Exploit.Pdfka.ASD trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YU12PKLZ\cache_readme[1].pdf PDF/Exploit.Gen trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YU12PKLZ\oH9b94f9f9V0100f080006R2accc283108Td0f343ab201l0409K86ba5f5d317[1].pdf JS/Exploit.Pdfka.ASD trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YU12PKLZ\pdf[1].pdf PDF/Exploit.Gen trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\53fddd81-1b030571 multiple threats
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\2aec6bd3-36c97bf4 probably a variant of Java/TrojanDownloader.Agent.AB trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\aba135b-6b613537 probably a variant of Win32/Agent.FQRCZBA trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\9b47178-4e4a653a a variant of Java/TrojanDownloader.Agent.NAN trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\b92a7a-515dd006 multiple threats
thebhound8
Regular Member
 
Posts: 22
Joined: November 12th, 2010, 8:58 pm

Re: Slow computer

Unread postby Carolyn » March 5th, 2011, 3:28 pm

Hello again,

Sorry thebhound8, I'm sure that running ESET so many times was frustrating. Are you certain that you launched your web browser by right-clicking the icon and selecting "Run as administrator"? No matter, lets continue with the cleaning process.

Please download ATF Cleaner to your desktop.

  • Right-click ATF-Cleaner.exe And select " Run as administrator " to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

=====================

Create a System Restore Point
  1. Right-click on Computer ... select Properties.
  2. In the left pane under Tasks ... click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection ...then choose Create.
  4. In the System Restore dialog box, type a description for the restore point ... click Create, again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK ...then close the System Restore dialog.
    Now you have a clean restore point to use if you need to restore your system.

=====================

Run another OTL Script
  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :Files
    C:\Windows\System32\drivers\usmaoq.sys
    C:\Program Files\Windows Live\Messenger\msimg32.dll
    C:\Program Files\Windows Live\Messenger\riched20.dll
    C:\Program Files\Zwangi\Zwangi_deleted_\zwangi.dll
    C:\Program Files\Zwangi\Zwangi_deleted_\zwangi.exe
    C:\ProgramData\Zwangi\zwangi110.exe
    C:\Users\All Users\Zwangi\zwangi110.exe
    C:\Users\Devin\AppData\Local\1447916283.dll
    C:\Users\Devin\AppData\Local\Temp\00007576
    C:\Users\Devin\AppData\Local\VirtualStore\Windows\infocard.exb
    C:\Users\Devin\AppData\Roaming\Cerberus\server.exe
    C:\Users\Devin\Downloads\BlubsterSetup.exe
    C:\Users\Devin\Downloads\PDF_Reader_Setup(2).exe
    C:\Users\Devin\Downloads\PDF_Reader_Setup.exe
    C:\Users\Devin\Downloads\SetupGamevance(2).exe
    C:\Users\Devin\Downloads\SetupPlaySushi.exe
    C:\Windows\System32\f3PSSavr.scr
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2UIGO7A4\cache_readme[1].pdf
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2UIGO7A4\cache_readme[2].pdf
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2UIGO7A4\cache_readme[3].pdf
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\91I999ZZ\oU2773a43bH9b94f9f9V0100f080006Rf6917724108Td0fed7b8201l0409K1d0842e1317[1].pdf
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WEGIM6YW\oH9b94f9f9V0100f080006Rc242424a108Td0ca812b201l0409K694c7141317[1].pdf
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YU12PKLZ\cache_readme[1].pdf
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YU12PKLZ\oH9b94f9f9V0100f080006R2accc283108Td0f343ab201l0409K86ba5f5d317[1].pdf
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YU12PKLZ\pdf[1].pdf
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\53fddd81-1b030571
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\2aec6bd3-36c97bf4
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\aba135b-6b613537
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\9b47178-4e4a653a
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\b92a7a-515dd006
    

  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

=====================

Update and Run a Full System Scan with MBAM
  1. Right-click Malwarebytes' Anti-Malware and select Run as administrator.
  2. Select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
  3. Select the Scanner tab. Click on Perform full scan, then click on Scan.
  4. Leave the default options as it is and click on Start Scan.
  5. When done, you will be prompted. Click OK, then click on Show Results.
  6. Check (tick) all items except items in the C:\System Volume Information folder and click on Remove Selected.
  7. After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

=====================

Security Application Check

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1
Link 2

  • Right-click SecurityCheck.exe, select Run as administrator and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document in your next reply.

=====================

Scan with OTL
  • Right-click on OTL.exe and select Run as administrator.
  • Click on Run Scan at the top left hand corner.
  • When done, one Notepad files will open.
  • Please post the contents of OTL.txt in your next reply.

=====================

Please post the following in your next reply:
  1. The log from running the OTL script
  2. The MBAM log
  3. The SecurityCheck log
  4. The new OTL.txt log
  5. A description of how your computer is behaving
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Slow computer

Unread postby Carolyn » March 9th, 2011, 7:59 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 290 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware