Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer Slow, Adobe Reader 11 virus?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Computer Slow, Adobe Reader 11 virus?

Unread postby vict0r » December 29th, 2011, 10:32 am

t-risk7 wrote:I opened run and typed in E:\autorun.inf and got nothing.

Did one for F:\autorun.inf and got an old flash disinfector log I could not open, nor did I know what program created it.

I deleted combofix, should I delete the Qoobox folder on my C: drive also?
Please do not run or delete anything yet. I will post when and how to do it properly.


t-risk7 wrote:Would it make a difference if the printer and external harddrive were in different usb ports?
Would the printer then be F: drive and external hard drive E: drive?
It is possible that the drive letters are changing for us. Are you able to match the information in the following quote box to one of your external devices?
t-risk7 wrote:Drive E: | 246.71 Mb Total Space | 246.70 Mb Free Space | 100.00% Space Free | Partition Type: FAT



t-risk7 wrote:I forgot my routers password. Either that or my username.
When you reset the router you also reset the password. Refer to the Quick Installation Guide on the webpage found here to find the default username and password and information on how to setup wireless networking:
http://www.trendnet.com/products/proddetail.asp?prod=190_TEW-651BR&cat=41
If wireless has been enabled on the router since the reset, I would recommend another reset and that you immediately change the login password. Also please tell me if wireless performance (loading of new websites etc.) is good after the reset.

From my experience there's no router that will not require a reset from time to time. If you set up wireless again now, hopefully performance will be ok and you have a reference when it was done. If a reset is needed again within less than a month or two, then maybe you should consider a new router.

What is the make and model of the box giving you internet? What internet product are you subscribing to?
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm
Advertisement
Register to Remove

Re: Computer Slow, Adobe Reader 11 virus?

Unread postby t-risk7 » December 29th, 2011, 6:43 pm

I have a 256 MB Jump drive that may be the culprit.
Do you want me to put it in and do some type of scan?
t-risk7
Regular Member
 
Posts: 118
Joined: July 7th, 2010, 12:27 pm

Re: Computer Slow, Adobe Reader 11 virus?

Unread postby vict0r » December 29th, 2011, 11:36 pm

t-risk7 wrote:I have a 256 MB Jump drive that may be the culprit.
Do you want me to put it in and do some type of scan?

Yes, plug it in, verify that it's drive E:\ or F:\ and do this scan:


SystemLook

  • Double-click SystemLook.exe on your desktop to run it.
  • Copy the content of the following codebox into the main text field:
    Code: Select all
    :contents
    E:\AUTORUN.INF
    F:\AUTORUN.INF
    

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • The log can also be found on your Desktop entitled SystemLook.txt



What about the "router part" of my previous post?
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: Computer Slow, Adobe Reader 11 virus?

Unread postby t-risk7 » December 30th, 2011, 5:32 am

SystemLook 30.07.11 by jpshortstuff
Log created at 04:29 on 30/12/2011 by Tad Palmer
Administrator - Elevation successful

========== contents ==========

E:\AUTORUN.INF - Unable to open file.

F:\AUTORUN.INF - Unable to open file.

-= EOF =-



I accessed the router, but when I attempted to access wireless, it failed to connect with the router.
t-risk7
Regular Member
 
Posts: 118
Joined: July 7th, 2010, 12:27 pm

Re: Computer Slow, Adobe Reader 11 virus?

Unread postby vict0r » December 30th, 2011, 11:07 am

t-risk7 wrote:I accessed the router, but when I attempted to access wireless, it failed to connect with the router.
I need a more detailed description to understand the problem.
  • Maybe you must connect your computer and router with a wire to access it?
  • Refer to the Quick Installation Guide to set up wireless.

If you have not already changed the router's default password, then do another reset (hold reset button for minimum 15 seconds) and immediately change the login password.


Re-scan with OTL

Make sure the jump drive is plugged it in and verify that it shows up with a drive letter.

  • Double click on OTL.exe on your desktop to run it.
  • Under Output, ensure that Standard Output is selected.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, this Notepad file will open.
    • OTL.txt
  • Please post the contents of this file in your next reply.
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: Computer Slow, Adobe Reader 11 virus?

Unread postby t-risk7 » December 30th, 2011, 4:46 pm

I am able to connect to the router while it is plugged in, but I cannot connect wireless. I am using Intel Pro Set Wireless and when I click on it, it takes me to a wireless setup wizard. I put in the pin #, change the device name, but when I press the next button it says configuring WPS network. But then it stops and says failed to connect to network.

Modem is Scientific Atlanta
DPC 2100 R2

Road Runner is provider.
t-risk7
Regular Member
 
Posts: 118
Joined: July 7th, 2010, 12:27 pm

Re: Computer Slow, Adobe Reader 11 virus?

Unread postby vict0r » December 30th, 2011, 5:00 pm

Were you able to login to the router and change your password?
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: Computer Slow, Adobe Reader 11 virus?

Unread postby t-risk7 » December 30th, 2011, 5:18 pm

Yeah I changed it. I am able to work through it when plugged in, but still having trouble connecting to wireless.
It would go to a page where I can set password, but still wouldn't connect.

OTL

OTL logfile created on: 12/30/2011 4:05:49 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Tad Palmer\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 73.05% Memory free
3.85 Gb Paging File | 3.43 Gb Available in Paging File | 89.03% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 26.74 Gb Free Space | 71.78% Space Free | Partition Type: NTFS
Drive E: | 246.71 Mb Total Space | 246.70 Mb Free Space | 100.00% Space Free | Partition Type: FAT
Drive F: | 189.92 Gb Total Space | 154.98 Gb Free Space | 81.60% Space Free | Partition Type: NTFS

Computer Name: SILVER_BULLET | User Name: Tad Palmer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/30 14:43:00 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/27 09:14:00 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/12/23 04:47:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tad Palmer\Desktop\OTL(1).exe
PRC - [2011/07/06 11:39:58 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/06/30 12:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/05/15 14:53:20 | 000,325,512 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/02/09 15:43:16 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/21 10:19:58 | 000,819,200 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/02/21 10:19:40 | 000,294,912 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/02/21 10:17:42 | 000,970,752 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/02/21 10:13:26 | 000,487,424 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/30 14:42:59 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/10/13 04:18:34 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/13 04:11:24 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/13 04:11:14 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/04/14 20:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2007/02/21 10:13:02 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/10/17 15:13:20 | 001,167,360 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (CiSvc)
SRV - [2011/12/27 09:14:00 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/07/06 11:39:58 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/06/30 12:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/07/23 20:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/02/21 10:19:40 | 000,294,912 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)


========== Driver Services (SafeList) ==========

DRV - [2011/12/30 07:58:56 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D19A7DFB-B333-4CAC-9177-94A2DB033CB6}\MpKslc7983392.sys -- (MpKslc7983392)
DRV - [2007/02/21 10:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/02/08 12:51:16 | 002,209,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2005/08/03 22:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/05/03 14:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 14:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 14:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 14:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/05/26 14:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1547161642-287218729-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Tad Palmer\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Tad Palmer\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/30 14:43:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/10/11 06:57:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tad Palmer\Application Data\Mozilla\Extensions
[2011/12/24 22:07:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/16 13:44:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/12/30 14:43:00 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 09:47:15 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/15 18:12:06 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-287218729-1417001333-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1547161642-287218729-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1547161642-287218729-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1547161642-287218729-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30F4F4BD-9581-485C-8D47-7889B282CA43}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB015A66-3C56-42D0-9DC8-ED11386EBE90}: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\PFW: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/10 18:34:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/10/08 04:41:22 | 000,000,000 | RHSD | M] - E:\AUTORUN_.INF -- [ FAT ]
O32 - AutoRun File - [2011/10/08 04:51:52 | 000,000,016 | -H-- | M] () - E:\AUTORUN.INF -- [ FAT ]
O32 - AutoRun File - [2011/10/08 03:41:21 | 000,000,000 | R--D | M] - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/28 20:49:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/28 20:16:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tad Palmer\Desktop\FixPolicies
[2011/12/27 15:37:35 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fsquirt.exe
[2011/12/27 15:37:35 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fsquirt.exe
[2011/12/27 09:14:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/27 09:14:19 | 000,637,848 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2011/12/27 09:14:19 | 000,223,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2011/12/27 09:14:19 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2011/12/27 09:14:19 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2011/12/27 09:14:19 | 000,141,312 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2011/12/27 09:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/12/23 04:47:48 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tad Palmer\Desktop\OTL(1).exe
[2011/12/23 04:42:33 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2011/12/23 04:42:33 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2011/12/22 20:58:55 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/12/22 20:50:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/20 17:24:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/20 17:24:53 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/20 17:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/17 14:40:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tad Palmer\Local Settings\Application Data\Google
[2011/12/14 13:43:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/12/14 13:37:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/14 13:35:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/14 13:35:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/14 13:35:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/14 13:35:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/13 22:01:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/13 11:03:35 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/12/09 07:31:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/12/08 06:41:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tad Palmer\My Documents\My Videos

========== Files - Modified Within 30 Days ==========

[2011/12/30 08:03:57 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/30 07:59:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/30 07:58:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/27 15:37:35 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fsquirt.exe
[2011/12/27 15:37:35 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fsquirt.exe
[2011/12/27 09:14:00 | 000,223,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2011/12/27 09:14:00 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2011/12/27 09:14:00 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2011/12/27 09:14:00 | 000,141,312 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2011/12/27 09:13:59 | 000,637,848 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2011/12/27 09:13:59 | 000,567,184 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2011/12/23 04:47:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tad Palmer\Desktop\OTL(1).exe
[2011/12/22 20:51:41 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/12/22 20:41:33 | 000,987,676 | ---- | M] () -- C:\WINDOWS\System32\drivers\KmxAgent.asc
[2011/12/20 17:24:58 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Tad Palmer\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/18 19:27:11 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/15 18:12:06 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/12/15 07:36:03 | 000,135,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/15 04:34:37 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/14 13:37:45 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/12/13 11:03:35 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/12/12 15:58:51 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Tad Palmer\Desktop\SystemLook.exe

========== Files Created - No Company Name ==========

[2011/12/25 09:48:25 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/22 20:51:41 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/12/22 20:51:01 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/12/20 17:24:58 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Tad Palmer\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/14 13:37:45 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2011/12/14 13:37:41 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/14 13:35:48 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/14 13:35:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/14 13:35:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/14 13:35:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/14 13:35:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/12 15:58:47 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Tad Palmer\Desktop\SystemLook.exe
[2011/11/08 18:00:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/16 19:20:49 | 000,126,440 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/10/11 08:10:03 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2011/10/11 06:50:18 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2011/10/11 06:50:18 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2011/10/11 06:50:03 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/10/11 06:46:17 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10A.DAT
[2011/10/11 06:46:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2011/10/11 06:37:20 | 000,031,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2011/10/10 19:24:29 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/10/10 18:37:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/10/10 18:30:36 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/10/10 14:24:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/10/10 14:23:16 | 000,135,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 04:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/12/31 06:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/20 09:14:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,439,182 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,070,192 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

< End of report >
t-risk7
Regular Member
 
Posts: 118
Joined: July 7th, 2010, 12:27 pm

Re: Computer Slow, Adobe Reader 11 virus?

Unread postby t-risk7 » December 30th, 2011, 5:22 pm

I get to page that is Wi-Fi protected setup. It tells me to choose a network name and select security settings.
Should I be using WPA-2 Personal OR WPA Personal and then the other option is AES-CCMP or TKIP.
Then it has a password key with a bunch of random letters in it.
Should I change this password key?
t-risk7
Regular Member
 
Posts: 118
Joined: July 7th, 2010, 12:27 pm

Re: Computer Slow, Adobe Reader 11 virus?

Unread postby vict0r » December 30th, 2011, 6:15 pm

O32 - AutoRun File - [2011/10/08 04:51:52 | 000,000,016 | -H-- | M] () - E:\AUTORUN.INF -- [ FAT ]
This line in the OTL log shows the file I'm worried about. Click Start -> Run..., copy and paste the following line into the run box, then click OK:
notepad E:\AUTORUN.INF
The Jump drive must be plugged in and show up as E:\. Please post the contents of the notepad window.


Also, please disable wireless encryption on the router and test if you can connect to the router wirelessly.
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: Computer Slow, Adobe Reader 11 virus?

Unread postby t-risk7 » December 30th, 2011, 9:43 pm

A blank notepad box pops up and another box that says access is denied.
Would I be better off to just pitch the jump drive and get a new one?

Yeah, I can connect with the wireless encryption off.

I turned encryption back on though.
t-risk7
Regular Member
 
Posts: 118
Joined: July 7th, 2010, 12:27 pm

Re: Computer Slow, Adobe Reader 11 virus?

Unread postby vict0r » December 30th, 2011, 10:28 pm

t-risk7 wrote:Would I be better off to just pitch the jump drive and get a new one?

No need for that. It looks like it's unused/blank, is this correct?

t-risk7 wrote:I turned encryption back on though.

Does your computer connect to the router wirelessly now? Which encryption did you setup (wep/wpa/wpa2)?
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: Computer Slow, Adobe Reader 11 virus?

Unread postby t-risk7 » January 1st, 2012, 12:26 pm

Yeah. It's empty. Although, when it is plugged in, the computer seems to run more.

The computer doesn't connect wireless with encryption on.
It is set to WPA.
t-risk7
Regular Member
 
Posts: 118
Joined: July 7th, 2010, 12:27 pm

Re: Computer Slow, Adobe Reader 11 virus?

Unread postby t-risk7 » January 1st, 2012, 12:27 pm

BTW

Happy New Year.
t-risk7
Regular Member
 
Posts: 118
Joined: July 7th, 2010, 12:27 pm

Re: Computer Slow, Adobe Reader 11 virus?

Unread postby vict0r » January 1st, 2012, 2:50 pm

Happy New Year.

Can you give me the make and model of the jump drive?
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 252 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware