Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

do I have malware? My computer is slow

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

do I have malware? My computer is slow

Unread postby Chipotle » October 18th, 2008, 4:44 pm

Hi, I'm Casey. I was hoping if you guys could see if I had any malicious ware. And if any, potentially eliminate them. Would be great help. Thanks :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:41:55 AM, on 10/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\WINDOWS\system32\MPK\MPK.exe
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{28E23A2E-5397-4CA9-86C3-295A1475228F}: NameServer = 4.2.2.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{28E23A2E-5397-4CA9-86C3-295A1475228F}: NameServer = 4.2.2.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 5551 bytes
Chipotle
Regular Member
 
Posts: 46
Joined: August 22nd, 2007, 9:41 am
Advertisement
Register to Remove

Re: do I have malware? My computer is slow

Unread postby Katana » October 25th, 2008, 6:27 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
  1. Please Read All Instructions Carefully
  2. If you don't understand something, stop and ask! Don't keep going on.
  3. Please do not run any other tools or scans whilst I am helping you
  4. Please continue to respond until I give you the "All Clear"
    (Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly :D

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe


----------------------------------------------------------------------------------------

I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.

If you still require help please do the following


Download and Run RSIT
  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: do I have malware? My computer is slow

Unread postby Chipotle » October 27th, 2008, 2:41 am

Here is the log.txt:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Brent at 2008-10-27 11:39:12
Microsoft Windows XP Professional Service Pack 3
System drive C: has 28 GB (73%) free of 38 GB
Total RAM: 511 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:18 AM, on 10/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Brent\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Brent.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\WINDOWS\system32\MPK\MPK.exe
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{28E23A2E-5397-4CA9-86C3-295A1475228F}: NameServer = 4.2.2.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{28E23A2E-5397-4CA9-86C3-295A1475228F}: NameServer = 4.2.2.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 5541 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-08-05 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-08 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-08-05 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"=C:\WINDOWS\system32\atiptaxx.exe [2001-08-30 245760]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-09-08 68856]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Starcraft\StarCraft.exe"="C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Documents and Settings\Brent\Desktop\utorrent.exe"="C:\Documents and Settings\Brent\Desktop\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\MPK\Mpk.exe"="C:\WINDOWS\system32\MPK\Mpk.exe:*:Enabled:TCP\IP"
"C:\WINDOWS\system32\MPK\MpkView.exe"="C:\WINDOWS\system32\MPK\MpkView.exe:*:Enabled:TCP\IP"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ffcaa6e-8a5d-11dd-bb31-0021296eee9d}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{832faef8-7641-11dd-bb14-000423292a24}]
shell\AutoRun\command - E:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0e660ac-6755-11dd-bafc-0021296eee9d}]
shell\AutoRun\command - E:\SETUP.EXE


======List of files/folders created in the last 1 months======

2008-10-27 11:39:12 ----D---- C:\rsit
2008-10-24 23:22:04 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-20 12:15:34 ----D---- C:\Program Files\Full Tilt Poker
2008-10-19 01:41:40 ----D---- C:\Program Files\Trend Micro
2008-10-19 01:34:29 ----D---- C:\WINDOWS\CSC
2008-10-19 01:34:19 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-16 03:02:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 03:02:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 03:02:30 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 03:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 03:02:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-16 03:00:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-15 00:44:58 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-10-15 00:16:44 ----D---- C:\WINDOWS\system32\appmgmt
2008-10-01 10:12:25 ----D---- C:\WINDOWS\system32\LogFiles

======List of files/folders modified in the last 1 months======

2008-10-27 11:36:11 ----D---- C:\WINDOWS\Temp
2008-10-27 11:35:35 ----D---- C:\Program Files\Mozilla Firefox
2008-10-27 11:33:52 ----D---- C:\WINDOWS
2008-10-27 11:31:03 ----D---- C:\WINDOWS\system32
2008-10-24 23:22:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-24 23:22:12 ----HD---- C:\WINDOWS\inf
2008-10-24 23:22:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-24 23:21:57 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-24 23:21:56 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-24 23:21:24 ----D---- C:\Documents and Settings\Brent\Application Data\uTorrent
2008-10-24 21:51:13 ----D---- C:\Program Files\Starcraft
2008-10-22 20:20:09 ----D---- C:\Documents and Settings\Brent\Application Data\U3
2008-10-20 12:15:34 ----RD---- C:\Program Files
2008-10-20 12:15:33 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-19 01:37:29 ----D---- C:\Program Files\Yahoo!
2008-10-16 03:02:49 ----A---- C:\WINDOWS\imsins.BAK
2008-10-16 03:02:47 ----D---- C:\WINDOWS\system32\drivers
2008-10-16 03:00:22 ----D---- C:\WINDOWS\Prefetch
2008-10-15 09:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 02:18:34 ----D---- C:\WINDOWS\network diagnostic
2008-10-15 00:44:52 ----SD---- C:\Documents and Settings\Brent\Application Data\Microsoft
2008-10-15 00:22:12 ----SHD---- C:\Config.Msi
2008-10-15 00:20:23 ----D---- C:\Mach3
2008-10-15 00:18:35 ----D---- C:\Nexon
2008-10-15 00:16:44 ----SHD---- C:\WINDOWS\Installer
2008-10-07 12:19:40 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-08-05 20747]
R3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 ati2mtaa;ati2mtaa; C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-03 327040]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 Mach3;Mach3 Pulseing Service; C:\WINDOWS\System32\Drivers\Mach3.sys [2007-09-16 106176]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 RT73;Linksys Home Wireless-G USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-11-24 245248]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 BCM42RLY;BCM42RLY; \??\C:\WINDOWS\System32\BCM42RLY.SYS []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2000-11-30 57344]
S2 WUSB54GCSVC;WUSB54GCSVC; C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe [2005-07-04 53307]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-05 138168]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------


And here is the info.txt:

info.txt logfile of random's system information tool 1.04 2008-10-27 11:39:51

======Uninstall list======

-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {926CC8AE-8414-43DF-8EB4-CF26D9C3C663}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Compact Wireless-G USB Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F855C3AE-992D-4B84-A09D-07103CDCDAC2}\setup.exe" -l0x9
Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LazyCam 2.56-->"C:\Mach3\SETUP.1\setup.exe" /u
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
StealthBot v2.6 Revision 3 (remove only)-->"C:\Program Files\StealthBot\uninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 1 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0102
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------


Good Luck! Thanks again!
Chipotle
Regular Member
 
Posts: 46
Joined: August 22nd, 2007, 9:41 am

Re: do I have malware? My computer is slow

Unread postby Katana » October 27th, 2008, 6:25 am

Information

Full Tilt Poker

Note about poker games:

You appear to be a fan of games. but I think it's important to note that often these kind of programs are installed with other unwanted software, namely spyware or adware. If you did not install these programs yourself, or you do not use them any more, I would definitely recommend that you uninstall them from your computer, even if it is simply a precautionary measure. The amount of different poker software which arises on the internet means it is impossible to keep track of which ones are infected and which ones are not. If you do use the software, and wish to continue doing so, please ignore this. If you do decide to go ahead and remove the poker software, you should be able uninstall them via add/remove which can be found in the control panel. Let me know if you have any problems whilst doing so.
Here are links to some poker sites regarded as safe for your reference.


----------------------------------------------------------- -----------------------------------------------------------

Step 1


Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

----------------------------------------------------------- -----------------------------------------------------------
Step 2


Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)

NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partne ... bscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


----------------------------------------------------------- -----------------------------------------------------------
Step 3

Logs/Information to Post in Reply
Please post the following logs/Information in your reply
  • MalwareBytes Log
  • Kaspersky Log
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: do I have malware? My computer is slow

Unread postby Chipotle » October 27th, 2008, 11:50 pm

Here's the malwarebytes log:

Malwarebytes' Anti-Malware 1.30
Database version: 1329
Windows 5.1.2600 Service Pack 3

10/28/2008 3:33:23 AM
mbam-log-2008-10-28 (03-33-23).txt

Scan type: Full Scan (C:\|)
Objects scanned: 77122
Time elapsed: 30 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



And here is the Kaspersky log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, October 28, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, October 27, 2008 23:28:48
Records in database: 1352171
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 33909
Threat name: 4
Infected objects: 12
Suspicious objects: 0
Duration of the scan: 01:29:41


File name / Threat name / Threats count
C:\Documents and Settings\Brent\Desktop\New Folder\refog_setup_457.exe Infected: not-a-virus:Monitor.Win32.KGBSpy.bh 1
C:\Documents and Settings\Brent\Desktop\New Folder\refog_setup_457.exe Infected: not-a-virus:Monitor.Win32.KGBSpy.bm 1
C:\Documents and Settings\Brent\Desktop\New Folder\refog_setup_457.exe Infected: not-a-virus:Monitor.Win32.KGBSpy.bg 1
C:\Documents and Settings\Brent\Desktop\New Folder\refog_setup_457.exe Infected: not-a-virus:Monitor.Win32.KGBSpy.bj 2
C:\WINDOWS\system32\MPK\MPK64.exe Infected: not-a-virus:Monitor.Win32.KGBSpy.bj 1
C:\WINDOWS\system32\MPK\MpkNetInstall.exe Infected: not-a-virus:Monitor.Win32.KGBSpy.bh 1
C:\WINDOWS\system32\MPK\MpkNetInstall.exe Infected: not-a-virus:Monitor.Win32.KGBSpy.bm 1
C:\WINDOWS\system32\MPK\MpkNetInstall.exe Infected: not-a-virus:Monitor.Win32.KGBSpy.bg 1
C:\WINDOWS\system32\MPK\MpkNetInstall.exe Infected: not-a-virus:Monitor.Win32.KGBSpy.bj 2
C:\WINDOWS\system32\MPK\MPKView.exe Infected: not-a-virus:Monitor.Win32.KGBSpy.bm 1

The selected area was scanned.
Chipotle
Regular Member
 
Posts: 46
Joined: August 22nd, 2007, 9:41 am

Re: do I have malware? My computer is slow

Unread postby Katana » October 28th, 2008, 7:59 am

Information

Win32.KGB Spy
http://www.emsisoft.com/en/malware/?Adw ... GB+Spy+4.5

==============================WARNING==============================
There is some evidence of what may be a very nasty infection.
If the Computer has been used for any important data, you are strongly advised to do the following, immediately:
  • If you have ever used this computer for shopping, banking, or any transactions relating to your financial well being:
    Call all of your banks, credit card companies, and financial institutions, informing them that you may be a victim of identity theft, and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change ALL your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
  • DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new password and transaction information.
  • Take any other steps you think appropriate for an attempted identity theft.
==============================WARNING==============================


----------------------------------------------------------- -----------------------------------------------------------

Step 1


Fix With HJT

Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines IF still present
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\WINDOWS\system32\MPK\MPK.exe
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis


----------------------------------------------------------- -----------------------------------------------------------
Step 2


Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    See HERE for help
  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.
----------------------------------------------------------- -----------------------------------------------------------
Step 3


Logs/Information to Post in Reply
Please post the following logs/Information in your reply
  • Combofix Log
  • How are things running now ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: do I have malware? My computer is slow

Unread postby Chipotle » October 28th, 2008, 3:37 pm

It is better. But another problem I have (if you know if it is because of an infection or a hardware problem) is sometimes when I try to turn my computer on, it will go to the boot screen, then restart. It will do that several times before actual starting. It works in safe mode though. Thanks, here's your combofix log:

ComboFix 08-10-28.01 - Brent 2008-10-29 0:15:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.338 [GMT -7:00]
Running from: C:\Documents and Settings\Brent\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\setup.exe

.
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-29 )))))))))))))))))))))))))))))))
.

2008-10-28 02:49 . 2008-10-28 02:49 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-28 02:49 . 2008-10-28 02:49 <DIR> d-------- C:\Documents and Settings\Brent\Application Data\Malwarebytes
2008-10-28 02:49 . 2008-10-28 02:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-28 02:49 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-28 02:49 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-27 11:39 . 2008-10-27 11:39 <DIR> d-------- C:\rsit
2008-10-24 23:21 . 2008-10-24 23:21 268 --ah----- C:\sqmdata16.sqm
2008-10-24 23:21 . 2008-10-24 23:21 244 --ah----- C:\sqmnoopt16.sqm
2008-10-24 07:31 . 2008-10-15 09:34 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-23 04:50 . 2008-10-23 04:50 268 --ah----- C:\sqmdata15.sqm
2008-10-23 04:50 . 2008-10-23 04:50 244 --ah----- C:\sqmnoopt15.sqm
2008-10-23 03:34 . 2008-10-23 03:34 268 --ah----- C:\sqmdata14.sqm
2008-10-23 03:34 . 2008-10-23 03:34 244 --ah----- C:\sqmnoopt14.sqm
2008-10-22 08:59 . 2008-10-22 08:59 268 --ah----- C:\sqmdata13.sqm
2008-10-22 08:59 . 2008-10-22 08:59 244 --ah----- C:\sqmnoopt13.sqm
2008-10-20 12:15 . 2008-10-28 14:18 <DIR> d-------- C:\Program Files\Full Tilt Poker
2008-10-19 01:41 . 2008-10-19 01:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-18 14:43 . 2008-10-18 14:43 268 --ah----- C:\sqmdata12.sqm
2008-10-18 14:43 . 2008-10-18 14:43 244 --ah----- C:\sqmnoopt12.sqm
2008-10-17 01:34 . 2008-10-17 01:34 268 --ah----- C:\sqmdata11.sqm
2008-10-17 01:34 . 2008-10-17 01:34 244 --ah----- C:\sqmnoopt11.sqm
2008-10-16 03:07 . 2008-10-16 03:07 268 --ah----- C:\sqmdata10.sqm
2008-10-16 03:07 . 2008-10-16 03:07 244 --ah----- C:\sqmnoopt10.sqm
2008-10-15 14:38 . 2008-08-14 03:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 14:38 . 2008-08-14 03:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 14:38 . 2008-08-14 02:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 14:38 . 2008-08-14 02:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 14:38 . 2008-09-15 05:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 14:38 . 2008-09-08 03:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 00:44 . 2008-10-15 00:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-10-15 00:44 . 2008-10-15 00:44 268 --ah----- C:\sqmdata09.sqm
2008-10-15 00:44 . 2008-10-15 00:44 244 --ah----- C:\sqmnoopt09.sqm
2008-10-15 00:20 . 2008-10-15 00:20 268 --ah----- C:\sqmdata08.sqm
2008-10-15 00:20 . 2008-10-15 00:20 244 --ah----- C:\sqmnoopt08.sqm
2008-10-14 23:53 . 2008-10-14 23:53 268 --ah----- C:\sqmdata07.sqm
2008-10-14 23:53 . 2008-10-14 23:53 244 --ah----- C:\sqmnoopt07.sqm
2008-10-14 02:52 . 2008-10-14 02:52 268 --ah----- C:\sqmdata06.sqm
2008-10-14 02:52 . 2008-10-14 02:52 244 --ah----- C:\sqmnoopt06.sqm
2008-10-14 02:43 . 2008-10-14 02:43 268 --ah----- C:\sqmdata05.sqm
2008-10-14 02:43 . 2008-10-14 02:43 244 --ah----- C:\sqmnoopt05.sqm
2008-10-11 08:02 . 2008-10-11 08:02 268 --ah----- C:\sqmdata04.sqm
2008-10-11 08:02 . 2008-10-11 08:02 244 --ah----- C:\sqmnoopt04.sqm
2008-10-06 12:13 . 2008-10-06 12:13 268 --ah----- C:\sqmdata03.sqm
2008-10-06 12:13 . 2008-10-06 12:13 244 --ah----- C:\sqmnoopt03.sqm
2008-10-06 06:41 . 2008-10-06 06:41 268 --ah----- C:\sqmdata02.sqm
2008-10-06 06:41 . 2008-10-06 06:41 244 --ah----- C:\sqmnoopt02.sqm
2008-10-06 00:52 . 2008-10-06 00:52 268 --ah----- C:\sqmdata01.sqm
2008-10-06 00:52 . 2008-10-06 00:52 244 --ah----- C:\sqmnoopt01.sqm
2008-10-01 10:12 . 2008-10-01 10:12 <DIR> d-------- C:\WINDOWS\system32\LogFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-25 06:21 --------- d-----w C:\Documents and Settings\Brent\Application Data\uTorrent
2008-10-25 04:51 --------- d-----w C:\Program Files\Starcraft
2008-10-23 03:20 --------- d-----w C:\Documents and Settings\Brent\Application Data\U3
2008-10-20 19:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-19 08:37 --------- d-----w C:\Program Files\Yahoo!
2008-09-23 03:58 --------- d-----w C:\Program Files\MSN Messenger
2008-09-20 12:46 --------- d-sh--w C:\Documents and Settings\All Users\Application Data\MPK
2008-09-19 10:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\NexonUS
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-11 15:57 --------- d-----w C:\Program Files\StealthBot
2008-09-09 16:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-09 16:39 --------- d-----w C:\Program Files\Microsoft Works
2008-09-09 16:38 --------- d-----w C:\Program Files\MSBuild
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-20 05:30 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-15 02:56 94,208 ----a-w C:\WINDOWS\ScUnin.exe
2008-08-14 10:11 2,189,184 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2001-12-12 17:44 28,672 ----a-w C:\Program Files\Common Files\Whatsnew.doc
2001-11-29 07:54 10,618,393 ----a-w C:\Program Files\Common Files\Setup.exe
2001-10-22 20:23 562 ----a-w C:\Program Files\Common Files\ImLibPkg.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-08 68856]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AtiPTA"="atiptaxx.exe" [2001-08-30 C:\WINDOWS\system32\atiptaxx.exe]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Documents and Settings\\Brent\\Desktop\\utorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\system32\\MPK\\MpkView.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:blizzard6112
"6112:UDP"= 6112:UDP:blizzard6112udp

R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-03 327040]
R3 Mach3;Mach3 Pulseing Service;C:\WINDOWS\system32\Drivers\Mach3.sys [2007-09-16 106176]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ffcaa6e-8a5d-11dd-bb31-0021296eee9d}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{832faef8-7641-11dd-bb14-000423292a24}]
\Shell\AutoRun\command - E:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0e660ac-6755-11dd-bafc-0021296eee9d}]
\Shell\AutoRun\command - E:\SETUP.EXE

*Newly Created Service* - GTNDIS5
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Brent\Application Data\Mozilla\Firefox\Profiles\mo44hm4z.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox? ... S:official
FF -: plugin - C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 00:17:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-29 0:19:08
ComboFix-quarantined-files.txt 2008-10-29 07:19:01

Pre-Run: 29,101,920,256 bytes free
Post-Run: 29,171,695,616 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

167 --- E O F --- 2008-10-25 06:22:13
Chipotle
Regular Member
 
Posts: 46
Joined: August 22nd, 2007, 9:41 am

Re: do I have malware? My computer is slow

Unread postby Katana » October 28th, 2008, 4:34 pm

Information
it will go to the boot screen, then restart.

Let's clean up any see if it still happens.


Do you know anything about the following files ?
C:\Program Files\Common Files\Whatsnew.doc
C:\Program Files\Common Files\ImLibPkg.ini


If you do not know what they are, please do not open them


----------------------------------------------------------- -----------------------------------------------------------

Step 1


Flash Disinfector by sUBs
Please download Flash_Disinfector.exe by sUBs and save it to your desktop:


* Double-click Flash_Disinfector.exe to run it.
* Follow any prompts that may appear.
* Wait until the program has finished scanning, then please exit the program.
The tool may ask you to insert your flash drive, or other removable drives. Please do so and allow the tool to clean it up as well.


Please restart your computer.

----------------------------------------------------------- -----------------------------------------------------------
Step 2

Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    File::
    C:\Documents and Settings\Brent\Desktop\Flash_Disinfector.exe
    C:\Documents and Settings\Brent\Desktop\utorrent.exe
    C:\Program Files\Common Files\Setup.exe
    C:\Documents and Settings\Brent\Desktop\New Folder\refog_setup_457.exe
    Folder::
    C:\WINDOWS\system32\MPK
    C:\Program Files\LimeWire
    
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=-
    "C:\\Documents and Settings\\Brent\\Desktop\\utorrent.exe"=-
    "C:\\WINDOWS\\system32\\MPK\\MpkView.exe"=-
    
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{832faef8-7641-11dd-bb14-000423292a24}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0e660ac-6755-11dd-bafc-0021296eee9d}]
    
    ADS::

  • Save this as CFScript.txt and place it on your desktop.


    Image


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


----------------------------------------------------------- -----------------------------------------------------------
Step 3



Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan << LINK
  • Click the Scan Now button
  • Follow the prompts to install the Active X if necessary
  • Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
  • When the scan is finished, a report will be generated
  • Next to Scan Details click the small Save button and save the report to your desktop.
  • Please post the report in your reply.



----------------------------------------------------------- -----------------------------------------------------------
Step 4

Logs/Information to Post in Reply
Please post the following logs/Information in your reply
  • ComboFix Log
  • Active Scan Log
  • Info if any on the two files
  • How are things running now ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: do I have malware? My computer is slow

Unread postby Chipotle » October 29th, 2008, 5:57 am

Things are running pretty smoothly now. I am not sure of the restarting when booting...too scared to actually turn it off and never be able to start it again. However, here is your ComboFix Log:

ComboFix 08-10-29.02 - Brent 2008-10-29 10:39:19.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.273 [GMT -7:00]
Running from: C:\Documents and Settings\Brent\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Brent\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\Brent\Desktop\Flash_Disinfector.exe
C:\Documents and Settings\Brent\Desktop\New Folder\refog_setup_457.exe
C:\Documents and Settings\Brent\Desktop\utorrent.exe
C:\Program Files\Common Files\Setup.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Brent\Desktop\Flash_Disinfector.exe
C:\Documents and Settings\Brent\Desktop\New Folder\refog_setup_457.exe
C:\Documents and Settings\Brent\Desktop\utorrent.exe
C:\Program Files\Common Files\Setup.exe
C:\Program Files\LimeWire
C:\Program Files\LimeWire\lib\aopalliance.jar
C:\Program Files\LimeWire\lib\clink.jar
C:\Program Files\LimeWire\lib\commons-codec-1.3.jar
C:\Program Files\LimeWire\lib\commons-logging.jar
C:\Program Files\LimeWire\lib\commons-net.jar
C:\Program Files\LimeWire\lib\daap.jar
C:\Program Files\LimeWire\lib\dnsjava.jar
C:\Program Files\LimeWire\lib\forms.jar
C:\Program Files\LimeWire\lib\foxtrot.jar
C:\Program Files\LimeWire\lib\gettext-commons.jar
C:\Program Files\LimeWire\lib\guice-1.0.jar
C:\Program Files\LimeWire\lib\hsqldb.jar
C:\Program Files\LimeWire\lib\httpclient-4.0-alpha5-20080522.192134-5.jar
C:\Program Files\LimeWire\lib\httpcore-4.0-beta2-20080510.140437-10.jar
C:\Program Files\LimeWire\lib\httpcore-nio-4.0-beta2-20080510.140437-10.jar
C:\Program Files\LimeWire\lib\icu4j.jar
C:\Program Files\LimeWire\lib\jaudiotagger.jar
C:\Program Files\LimeWire\lib\jcraft.jar
C:\Program Files\LimeWire\lib\jdic.dll
C:\Program Files\LimeWire\lib\jdic.jar
C:\Program Files\LimeWire\lib\jdic_stub.jar
C:\Program Files\LimeWire\lib\jflac.jar
C:\Program Files\LimeWire\lib\jl.jar
C:\Program Files\LimeWire\lib\jmdns.jar
C:\Program Files\LimeWire\lib\jogg.jar
C:\Program Files\LimeWire\lib\jorbis.jar
C:\Program Files\LimeWire\lib\LimeWire.jar
C:\Program Files\LimeWire\lib\log4j.jar
C:\Program Files\LimeWire\lib\looks.jar
C:\Program Files\LimeWire\lib\messages.jar
C:\Program Files\LimeWire\lib\mp3spi.jar
C:\Program Files\LimeWire\lib\onion-common.jar
C:\Program Files\LimeWire\lib\onion-fec.jar
C:\Program Files\LimeWire\lib\ProgressTabs.jar
C:\Program Files\LimeWire\lib\swt.jar
C:\Program Files\LimeWire\lib\SystemUtilities.dll
C:\Program Files\LimeWire\lib\themes.jar
C:\Program Files\LimeWire\lib\tray.dll
C:\Program Files\LimeWire\lib\tritonus.jar
C:\Program Files\LimeWire\lib\vorbisspi.jar
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\MPK
C:\WINDOWS\system32\MPK\French.lng
C:\WINDOWS\system32\MPK\German.lng
C:\WINDOWS\system32\MPK\Help\English\alarms.htm
C:\WINDOWS\system32\MPK\Help\English\clipboard.htm
C:\WINDOWS\system32\MPK\Help\English\computer.htm
C:\WINDOWS\system32\MPK\Help\English\delivery.htm
C:\WINDOWS\system32\MPK\Help\English\file.htm
C:\WINDOWS\system32\MPK\Help\English\filters.htm
C:\WINDOWS\system32\MPK\Help\English\Help.chm
C:\WINDOWS\system32\MPK\Help\English\imhelp.htm
C:\WINDOWS\system32\MPK\Help\English\internet.htm
C:\WINDOWS\system32\MPK\Help\English\invisible.htm
C:\WINDOWS\system32\MPK\Help\English\keyboard.htm
C:\WINDOWS\system32\MPK\Help\English\log_size.htm
C:\WINDOWS\system32\MPK\Help\English\logging.htm
C:\WINDOWS\system32\MPK\Help\English\need_update_net.htm
C:\WINDOWS\system32\MPK\Help\English\password.htm
C:\WINDOWS\system32\MPK\Help\English\programs.htm
C:\WINDOWS\system32\MPK\Help\English\screenshot.htm
C:\WINDOWS\system32\MPK\Help\English\settings_node.htm
C:\WINDOWS\system32\MPK\Help\English\update.htm
C:\WINDOWS\system32\MPK\Help\English\users_node.htm
C:\WINDOWS\system32\MPK\Help\French\Help.chm
C:\WINDOWS\system32\MPK\Help\German\Help.chm
C:\WINDOWS\system32\MPK\Help\German\update.htm
C:\WINDOWS\system32\MPK\Help\Spanish\alarms.htm
C:\WINDOWS\system32\MPK\Help\Spanish\clipboard.htm
C:\WINDOWS\system32\MPK\Help\Spanish\computer.htm
C:\WINDOWS\system32\MPK\Help\Spanish\delivery.htm
C:\WINDOWS\system32\MPK\Help\Spanish\filters.htm
C:\WINDOWS\system32\MPK\Help\Spanish\Help.chm
C:\WINDOWS\system32\MPK\Help\Spanish\internet.htm
C:\WINDOWS\system32\MPK\Help\Spanish\invisible.htm
C:\WINDOWS\system32\MPK\Help\Spanish\keyboard.htm
C:\WINDOWS\system32\MPK\Help\Spanish\log_size.htm
C:\WINDOWS\system32\MPK\Help\Spanish\logging.htm
C:\WINDOWS\system32\MPK\Help\Spanish\password.htm
C:\WINDOWS\system32\MPK\Help\Spanish\programs.htm
C:\WINDOWS\system32\MPK\Help\Spanish\screenshot.htm
C:\WINDOWS\system32\MPK\Help\Spanish\settings_node.htm
C:\WINDOWS\system32\MPK\Help\Spanish\update.htm
C:\WINDOWS\system32\MPK\Help\Spanish\users_node.htm
C:\WINDOWS\system32\MPK\icon.ico
C:\WINDOWS\system32\MPK\Images\english.gif
C:\WINDOWS\system32\MPK\Images\german.gif
C:\WINDOWS\system32\MPK\Images\russian.gif
C:\WINDOWS\system32\MPK\Images\vista_hide.bmp
C:\WINDOWS\system32\MPK\Images\xp_hide.bmp
C:\WINDOWS\system32\MPK\key.bin
C:\WINDOWS\system32\MPK\libeay32.dll
C:\WINDOWS\system32\MPK\logstart.vbs
C:\WINDOWS\system32\MPK\loguninstall.vbs
C:\WINDOWS\system32\MPK\Mpk64.dll
C:\WINDOWS\system32\MPK\MPK64.exe
C:\WINDOWS\system32\MPK\MpkNetInstall.exe
C:\WINDOWS\system32\MPK\MPKView.exe
C:\WINDOWS\system32\MPK\Romanian.lng
C:\WINDOWS\system32\MPK\Spanish.lng
C:\WINDOWS\system32\MPK\sqlite3.dll
C:\WINDOWS\system32\MPK\ssleay32.dll
C:\WINDOWS\system32\MPK\temp1.bin
C:\WINDOWS\system32\MPK\trial_pro.ini
C:\WINDOWS\system32\MPK\unins000.dat
C:\WINDOWS\system32\MPK\unins000.exe

.
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-29 )))))))))))))))))))))))))))))))
.

2008-10-28 02:49 . 2008-10-28 02:49 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-28 02:49 . 2008-10-28 02:49 <DIR> d-------- C:\Documents and Settings\Brent\Application Data\Malwarebytes
2008-10-28 02:49 . 2008-10-28 02:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-28 02:49 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-28 02:49 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-27 11:39 . 2008-10-27 11:39 <DIR> d-------- C:\rsit
2008-10-24 23:21 . 2008-10-24 23:21 268 --ah----- C:\sqmdata16.sqm
2008-10-24 23:21 . 2008-10-24 23:21 244 --ah----- C:\sqmnoopt16.sqm
2008-10-24 07:31 . 2008-10-15 09:34 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-23 04:50 . 2008-10-23 04:50 268 --ah----- C:\sqmdata15.sqm
2008-10-23 04:50 . 2008-10-23 04:50 244 --ah----- C:\sqmnoopt15.sqm
2008-10-23 03:34 . 2008-10-23 03:34 268 --ah----- C:\sqmdata14.sqm
2008-10-23 03:34 . 2008-10-23 03:34 244 --ah----- C:\sqmnoopt14.sqm
2008-10-22 08:59 . 2008-10-22 08:59 268 --ah----- C:\sqmdata13.sqm
2008-10-22 08:59 . 2008-10-22 08:59 244 --ah----- C:\sqmnoopt13.sqm
2008-10-20 12:15 . 2008-10-28 14:18 <DIR> d-------- C:\Program Files\Full Tilt Poker
2008-10-19 01:41 . 2008-10-19 01:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-18 14:43 . 2008-10-18 14:43 268 --ah----- C:\sqmdata12.sqm
2008-10-18 14:43 . 2008-10-18 14:43 244 --ah----- C:\sqmnoopt12.sqm
2008-10-17 01:34 . 2008-10-17 01:34 268 --ah----- C:\sqmdata11.sqm
2008-10-17 01:34 . 2008-10-17 01:34 244 --ah----- C:\sqmnoopt11.sqm
2008-10-16 03:07 . 2008-10-16 03:07 268 --ah----- C:\sqmdata10.sqm
2008-10-16 03:07 . 2008-10-16 03:07 244 --ah----- C:\sqmnoopt10.sqm
2008-10-15 14:38 . 2008-08-14 03:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 14:38 . 2008-08-14 03:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 14:38 . 2008-08-14 02:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 14:38 . 2008-08-14 02:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 14:38 . 2008-09-15 05:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 14:38 . 2008-09-08 03:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 00:44 . 2008-10-15 00:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-10-15 00:44 . 2008-10-15 00:44 268 --ah----- C:\sqmdata09.sqm
2008-10-15 00:44 . 2008-10-15 00:44 244 --ah----- C:\sqmnoopt09.sqm
2008-10-15 00:20 . 2008-10-15 00:20 268 --ah----- C:\sqmdata08.sqm
2008-10-15 00:20 . 2008-10-15 00:20 244 --ah----- C:\sqmnoopt08.sqm
2008-10-14 23:53 . 2008-10-14 23:53 268 --ah----- C:\sqmdata07.sqm
2008-10-14 23:53 . 2008-10-14 23:53 244 --ah----- C:\sqmnoopt07.sqm
2008-10-14 02:52 . 2008-10-14 02:52 268 --ah----- C:\sqmdata06.sqm
2008-10-14 02:52 . 2008-10-14 02:52 244 --ah----- C:\sqmnoopt06.sqm
2008-10-14 02:43 . 2008-10-14 02:43 268 --ah----- C:\sqmdata05.sqm
2008-10-14 02:43 . 2008-10-14 02:43 244 --ah----- C:\sqmnoopt05.sqm
2008-10-11 08:02 . 2008-10-11 08:02 268 --ah----- C:\sqmdata04.sqm
2008-10-11 08:02 . 2008-10-11 08:02 244 --ah----- C:\sqmnoopt04.sqm
2008-10-06 12:13 . 2008-10-06 12:13 268 --ah----- C:\sqmdata03.sqm
2008-10-06 12:13 . 2008-10-06 12:13 244 --ah----- C:\sqmnoopt03.sqm
2008-10-06 06:41 . 2008-10-06 06:41 268 --ah----- C:\sqmdata02.sqm
2008-10-06 06:41 . 2008-10-06 06:41 244 --ah----- C:\sqmnoopt02.sqm
2008-10-06 00:52 . 2008-10-06 00:52 268 --ah----- C:\sqmdata01.sqm
2008-10-06 00:52 . 2008-10-06 00:52 244 --ah----- C:\sqmnoopt01.sqm
2008-10-01 10:12 . 2008-10-01 10:12 <DIR> d-------- C:\WINDOWS\system32\LogFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-25 06:21 --------- d-----w C:\Documents and Settings\Brent\Application Data\uTorrent
2008-10-25 04:51 --------- d-----w C:\Program Files\Starcraft
2008-10-23 03:20 --------- d-----w C:\Documents and Settings\Brent\Application Data\U3
2008-10-20 19:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-19 08:37 --------- d-----w C:\Program Files\Yahoo!
2008-09-23 03:58 --------- d-----w C:\Program Files\MSN Messenger
2008-09-20 12:46 --------- d-sh--w C:\Documents and Settings\All Users\Application Data\MPK
2008-09-19 10:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\NexonUS
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-11 15:57 --------- d-----w C:\Program Files\StealthBot
2008-09-09 16:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-09 16:39 --------- d-----w C:\Program Files\Microsoft Works
2008-09-09 16:38 --------- d-----w C:\Program Files\MSBuild
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-20 05:30 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-15 02:56 94,208 ----a-w C:\WINDOWS\ScUnin.exe
2008-08-14 10:11 2,189,184 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2001-12-12 17:44 28,672 ----a-w C:\Program Files\Common Files\Whatsnew.doc
2001-10-22 20:23 562 ----a-w C:\Program Files\Common Files\ImLibPkg.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-08 68856]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AtiPTA"="atiptaxx.exe" [2001-08-30 C:\WINDOWS\system32\atiptaxx.exe]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:blizzard6112
"6112:UDP"= 6112:UDP:blizzard6112udp

R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-03 327040]
R3 Mach3;Mach3 Pulseing Service;C:\WINDOWS\system32\Drivers\Mach3.sys [2007-09-16 106176]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 10:41:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\DOCUME~1\Brent\LOCALS~1\Temp\RGI2.tmp

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-10-29 10:43:18
ComboFix-quarantined-files.txt 2008-10-29 17:43:03
ComboFix2.txt 2008-10-29 07:19:11

Pre-Run: 29,165,744,128 bytes free
Post-Run: 29,127,098,368 bytes free

254 --- E O F --- 2008-10-25 06:22:13



And here is your ActiveScan log:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-10-29 14:50:28
PROTECTIONS: 0
MALWARE: 9
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Brent\Cookies\brent@atdmt[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Brent\Cookies\brent@fastclick[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Brent\Cookies\brent@mediaplex[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Brent\Cookies\brent@ad.yieldmanager[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Brent\Cookies\brent@apmebf[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Brent\Cookies\brent@advertising[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Brent\Cookies\brent@questionmarket[1].txt
00366244 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{9492B7F8-DF45-4D0B-9E6D-44A9A7030E84}\RP37\A0017835.exe[C:\System Volume Information\_restore{9492B7F8-DF45-4D0B-9E6D-44A9A7030E84}\RP37\A0017835.exe][nircmd.exe]
00366244 Application/NirCmd.A HackTools No 0 No No C:\Qoobox\Quarantine\C\Documents and Settings\Brent\Desktop\Flash_Disinfector.exe.vir[C:\Qoobox\Quarantine\C\Documents and Settings\Brent\Desktop\Flash_Disinfector.exe.vir][nircmd.exe]
03810038 Application/Keylogger.EG HackTools No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\MPK\MpkNetInstall.exe.vir
03810038 Application/Keylogger.EG HackTools No 0 Yes No C:\System Volume Information\_restore{9492B7F8-DF45-4D0B-9E6D-44A9A7030E84}\RP37\A0017836.exe
03810038 Application/Keylogger.EG HackTools No 0 Yes No C:\System Volume Information\_restore{9492B7F8-DF45-4D0B-9E6D-44A9A7030E84}\RP37\A0017849.exe
03810038 Application/Keylogger.EG HackTools No 0 Yes No C:\Qoobox\Quarantine\C\Documents and Settings\Brent\Desktop\New Folder\refog_setup_457.exe.vir
;===================================================================================================================================================================================
SUSPECTS
Sent Location g
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description g
;===================================================================================================================================================================================
;===================================================================================================================================================================================


Thanks :P
Chipotle
Regular Member
 
Posts: 46
Joined: August 22nd, 2007, 9:41 am

Re: do I have malware? My computer is slow

Unread postby Katana » October 29th, 2008, 6:06 am

katana wrote:Information
Do you know anything about the following files ?
C:\Program Files\Common Files\Whatsnew.doc
C:\Program Files\Common Files\ImLibPkg.ini


If you do not know what they are, please do not open them



Restart your machine and let's see what happens.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: do I have malware? My computer is slow

Unread postby Chipotle » October 29th, 2008, 11:13 pm

It started up just fine. Thanks
Chipotle
Regular Member
 
Posts: 46
Joined: August 22nd, 2007, 9:41 am

Re: do I have malware? My computer is slow

Unread postby Katana » October 30th, 2008, 5:32 am

Congratulations your logs look clean :)

Let's see if I can help you keep it that way

First lets tidy up



  • This will clear your System Volume Information restore points and remove all the infected files that were quarantined
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    • Image
You can also delete any logs we have produced, and empty your Recycle bin.





The following is some info to help you stay safe and clean.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partne ... bscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware
    AntiSpyware is not the same thing as Antivirus.
    Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
    You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
    Most of the programs in this list have a free (for Home Users ) and paid versions,
    it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
  • Spybot - Search & Destroy <<< A must have program
    • It includes host protection and registry protection
    • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
  • MalwareBytes Anti-malware <<< A New and effective program
  • a-squared Free <<< A good "realtime" or "on demand" scanner
  • superantispyware <<< A good "realtime" or "on demand" scanner

Prevention
    These programs don't detect malware, they help stop it getting on your machine in the first place.
    Each does a different job, so you can have more than one
  • Winpatrol
    • An excellent startup manager and then some !!
    • Notifies you if programs are added to startup
    • Allows delayed startup
    • A must have addition
  • SpywareBlaster 4.0
    • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
  • SpywareGuard 2.2
    • SpywareGuard provides real-time protection against spyware.
    • Not required if you have other "realtime" antispyware or Winpatrol
  • ZonedOut
    • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
  • MVPS HOSTS
    • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
    • For information on how to download and install, please read this tutorial by WinHelp2002.
    • Not required if you are using other host file protections

Internet Browsers
    Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
    Using a different web browser can help stop malware getting on your machine.
    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      1. From within Internet Explorer click on the Tools menu and then click on Options.
      2. Click once on the Security tab
      3. Click once on the Internet icon so it becomes highlighted.
      4. Click once on the Custom Level button.
        • Change the Download signed ActiveX controls to Prompt
        • Change the Download unsigned ActiveX controls to Disable
        • Change the Initialise and script ActiveX controls not marked as safe to Disable
        • Change the Installation of desktop items to Prompt
        • Change the Launching programs and files in an IFRAME to Prompt
        • Change the Navigate sub-frames across different domains to Prompt
        • When all these settings have been made, click on the OK button.
        • If it prompts you as to whether or not you want to save the settings, press the Yes button.
      5. Next press the Apply button and then the OK to exit the Internet Properties page.
    If you are still using IE6 then either update, or get one of the following.
    • FireFox
      • With many addons available that make customization easy this is a very popular choice
      • NoScript and AdBlockPlus addons are essential
    • Opera
      • Another popular alternative
    • Netscape
      • Another popular alternative
      • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies
    Temporary Internet Files are mainly the files that are downloaded when you open a web page.
    Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
    It is a good idea to empty the Temporary Internet Files folder on a regular basis.

    Tracking Cookies are files that websites use to monitor which sites you visit and how often.
    A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
    CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

    Both of these can be cleaned manually, but a quicker option is to use a program
  • ATF Cleaner
    • Free and very simple to use
  • CCleaner
    • Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: do I have malware? My computer is slow

Unread postby Chipotle » October 30th, 2008, 1:50 pm

Yea everything is fine. Thanks Katana!! You've been tremendous help. I know this is completely voluntary for you, and you do it on your free time...and I really appreciate that. Take care.
Chipotle
Regular Member
 
Posts: 46
Joined: August 22nd, 2007, 9:41 am

Re: do I have malware? My computer is slow

Unread postby NonSuch » November 1st, 2008, 4:33 pm

As this issue is resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 311 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware