Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer is slow and some infections

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Computer is slow and some infections

Unread postby Negash » November 30th, 2008, 1:50 pm

Hello;
I did not response in time in my last forum. My last forum was cancelled and i was supposed to do kaspersky scan report but it took very long time on my laptop and everytime my comptuter would turn off. I finally have it scanned and i have a report. I was talking to someone called peku006 but i was too late so my forum was cancelled. I am sorry i was very busy and computer is really slow too.

Here is the KASPERSKY REPORT:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, November 30, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, November 30, 2008 01:42:04
Records in database: 1428315
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 192144
Threat name: 16
Infected objects: 24
Suspicious objects: 0
Duration of the scan: 04:03:51


File name / Threat name / Threats count
C:\My Backup -- 27-10-08 1346\Documents and Settings\Owner\Local Settings\Temp\TDSS526b.tmp Infected: Backdoor.Win32.TDSS.apk 1
C:\My Backup -- 27-10-08 1346\Documents and Settings\Owner\Local Settings\Temp\~uavsetup.exe Infected: not-a-virus:FraudTool.Win32.ErrClean.a 1
C:\My Backup -- 27-10-08 1346\Documents and Settings\Owner\Local Settings\Temp\~uavsetup.exe Infected: not-a-virus:RiskTool.Win32.PsKill.an 1
C:\My Backup -- 27-10-08 1346\Documents and Settings\Owner\Local Settings\Temp\~uavsetup.exe Infected: not-a-virus:FraudTool.Win32.BestSeller.n 1
C:\My Backup -- 27-10-08 1346\Documents and Settings\Owner\Local Settings\Temp\~uavsetup.exe Infected: not-a-virus:FraudTool.Win32.BestSeller.r 2
C:\My Backup -- 27-10-08 1346\Documents and Settings\Owner\Local Settings\Temp\~uavsetup.exe Infected: not-a-virus:FraudTool.Win32.BestSeller.w 1
C:\My Backup -- 27-10-08 1346\Documents and Settings\Owner\Local Settings\Temp\~uavsetup.exe Infected: not-a-virus:FraudTool.Win32.BestSeller.a 1
C:\My Backup -- 27-10-08 1346\Documents and Settings\Owner\Local Settings\Temp\~uavsetup.exe Infected: not-a-virus:Downloader.Win32.WinFixer.gn 1
C:\My Backup -- 27-10-08 1346\Program Files\GetModule\GetModule24.exe Infected: Trojan.Win32.Agent.aiae 1
C:\My Backup -- 27-10-08 1346\WINDOWS\system32\av.dat Infected: Backdoor.Win32.UltimateDefender.wm 1
C:\My Backup -- 27-10-08 1346\WINDOWS\system32\bswbpbmh.dll Infected: Trojan.Win32.Monderc.gen 1
C:\My Backup -- 27-10-08 1346\WINDOWS\system32\drivers\TDSSpvuu.sys Infected: Backdoor.Win32.TDSS.aov 1
C:\My Backup -- 27-10-08 1346\WINDOWS\system32\ijxlmhmv.dll Infected: Trojan.Win32.Monderc.gen 1
C:\My Backup -- 27-10-08 1346\WINDOWS\system32\liaepbhl.dll Infected: Trojan.Win32.Monderc.gen 1
C:\My Backup -- 27-10-08 1346\WINDOWS\system32\rxqnohun.dll Infected: Trojan.Win32.Monderc.gen 1
C:\My Backup -- 27-10-08 1346\WINDOWS\system32\TDSSktkl.dll Infected: Backdoor.Win32.TDSS.aru 1
C:\My Backup -- 27-10-08 1346\WINDOWS\system32\TDSSlajf.dll Infected: Backdoor.Win32.TDSS.arr 1
C:\My Backup -- 27-10-08 1346\WINDOWS\system32\TDSSoxut.dll Infected: Backdoor.Win32.Agent.tww 1
C:\My Backup -- 27-10-08 1346\WINDOWS\system32\TDSSurrb.dll Infected: Backdoor.Win32.TDSS.arv 1
C:\My Backup -- 27-10-08 1346\WINDOWS\system32\ucxakogu.dll Infected: Trojan.Win32.Monderc.gen 1
C:\My Backup -- 27-10-08 1346\WINDOWS\system32\vpvjgsyv.dll Infected: Trojan.Win32.Monderc.gen 1
C:\My Backup -- 27-10-08 1346\WINDOWS\Temp\TDSS81e3.tmp Infected: Backdoor.Win32.TDSS.apk 1
C:\My Backup -- 27-10-08 1346\WINDOWS\Temp\TDSSac6d.tmp Infected: Backdoor.Win32.TDSS.aru 1

The selected area was scanned.


Here is Hijackthis report

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:21 PM, on 11/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gatewaybiz.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {664088B0-6AF3-4514-AF9D-A0DC3A3DF24A} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols3beta/fscax.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 5720 bytes


Again i sorry i was too late in the forum before this. Thank you.
Negash
Active Member
 
Posts: 9
Joined: November 16th, 2008, 4:32 pm
Advertisement
Register to Remove

Re: Computer is slow and some infections

Unread postby Rodav » December 8th, 2008, 4:12 pm

Step 1:
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.


Step 2:
Run HijackThis, do a system scan and in your next reply please post:
  • The ComboFix report (C:\ComboFix.txt)
  • The new HijackThis log
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Computer is slow and some infections

Unread postby Negash » December 9th, 2008, 6:00 pm

Hello:
Thank you for helping me here, appreciate it. I ran combofix but in the instructions i was only able use windows xp home edition service pak 2 but my computer was service pak 3. Hope that doesnot affect. Combofix was complicate to run but i hope the report i have helps a little

1)Combo fix

ComboFix 08-12-07.04 - Owner 2008-12-09 16:46:58.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.161 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-11-09 to 2008-12-09 )))))))))))))))))))))))))))))))
.

2008-12-09 15:56 . 2008-12-09 15:56 <DIR> d-------- c:\windows\LastGood.Tmp
2008-12-09 15:51 . 2008-12-09 15:51 <DIR> d-------- c:\windows\system32\scripting
2008-12-09 15:51 . 2008-12-09 15:51 <DIR> d-------- c:\windows\system32\en
2008-12-09 15:51 . 2008-12-09 15:51 <DIR> d-------- c:\windows\system32\bits
2008-12-09 15:51 . 2008-12-09 15:51 <DIR> d-------- c:\windows\l2schemas
2008-12-09 15:45 . 2008-12-09 15:52 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-09 15:30 . 2008-12-09 15:30 <DIR> d-------- c:\windows\EHome
2008-11-25 19:55 . 2008-11-25 19:55 <DIR> d-------- c:\windows\Sun
2008-11-25 19:54 . 2008-11-10 03:39 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-25 19:51 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll
2008-11-22 17:13 . 2008-11-22 17:13 <DIR> d-------- C:\fsaua.data
2008-11-22 17:04 . 2008-11-22 17:04 <DIR> d-------- c:\program files\Avira
2008-11-22 17:04 . 2008-11-22 17:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-11-22 17:01 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-20 20:24 . 2008-11-20 20:24 <DIR> d-------- C:\rsit
2008-11-16 15:46 . 2008-11-16 15:46 <DIR> d-------- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-09 20:33 --------- d-----w c:\program files\Java
2008-11-21 00:37 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-03 18:56 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-11-03 18:21 --------- d-----w c:\program files\MSXML 4.0
2008-10-29 06:07 --------- d-----w c:\documents and settings\Owner\Application Data\Apple Computer
2008-10-29 06:06 --------- d-----w c:\program files\Bonjour
2008-10-29 06:06 --------- d-----w c:\program files\Apple Software Update
2008-10-29 06:06 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-10-27 21:50 --------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2008-10-27 21:50 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-27 21:38 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-27 21:38 --------- d-----w c:\program files\CyberLink
2008-10-27 21:38 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-10-27 21:38 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-10-27 21:37 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com
2008-10-27 21:35 --------- d-----w c:\program files\Gateway
2008-10-27 21:34 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-27 21:34 --------- d-----w c:\program files\Analog Devices
2008-10-27 21:34 --------- d-----w c:\documents and settings\Owner\Application Data\SampleView
2008-10-27 21:31 --------- d-----w c:\program files\Microsoft Picture It! 9
2008-10-27 21:30 --------- d-----w c:\program files\QuickTime
2008-10-27 21:29 --------- d-----w c:\program files\Synaptics
2008-10-27 21:29 --------- d-----w c:\program files\BigFix
2008-10-27 21:29 --------- d-----w c:\program files\Ahead
2008-10-27 21:28 --------- d-----w c:\program files\Viewpoint
2008-10-27 21:28 --------- d-----w c:\program files\Pure Networks
2008-10-27 21:28 --------- d-----w c:\program files\Learn2.com
2008-10-27 21:28 --------- d-----w c:\program files\Common Files\aolshare
2008-10-27 21:28 --------- d-----w c:\program files\Common Files\AOL
2008-10-27 21:28 --------- d-----w c:\program files\Common Files\Ahead
2008-10-27 21:28 --------- d-----w c:\program files\AOL Toolbar
2008-10-27 21:28 --------- d-----w c:\program files\AOL Companion
2008-10-27 21:28 --------- d-----w c:\program files\America Online 9.0
2008-10-27 21:28 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-10-27 21:28 --------- d-----w c:\documents and settings\All Users\Application Data\Pure Networks
2008-10-27 21:28 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-10-27 21:26 --------- d-----w c:\program files\Common Files\Nullsoft
2008-10-27 21:26 --------- d-----w c:\documents and settings\All Users\Application Data\QuickTime
2008-10-27 21:25 8,552 ----a-w c:\windows\system32\drivers\asctrm.sys
2008-10-27 21:25 --------- d-----w c:\program files\Real
2008-10-27 21:25 --------- d-----w c:\program files\Common Files\Real
2008-10-27 21:22 --------- d-----w c:\program files\Microsoft Money
2008-10-27 21:21 --------- d-----w c:\program files\MSN Encarta Plus
2008-10-27 21:21 --------- d-----w c:\program files\Common Files\Java
2008-10-27 21:20 --------- d-----w c:\program files\Microsoft Works
2008-10-27 21:20 --------- d-----w c:\program files\Common Files\New Boundary
2008-10-27 21:20 --------- d-----w c:\documents and settings\All Users\Application Data\Prism Deploy
2008-10-27 21:12 --------- d-----w c:\program files\CONEXANT
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 21:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 21:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-03-15 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 78960]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-08-12 102400]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-08-12 684032]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-10-27 98304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2008-10-27 1742384]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=


*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-10-27 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-04-13 19:12]

2008-10-27 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-04-13 19:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/
uInternet Connection Wizard,ShellNext = hxxp://www.gatewaybiz.com/
uInternet Settings,ProxyOverride = *.local
FireFox -: Profile - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc24pxtb.default\
FF -: plugin - c:\program files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-09 16:49:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-09 16:51:39
ComboFix-quarantined-files.txt 2008-12-09 21:50:22

Pre-Run: 39,257,206,784 bytes free
Post-Run: 39,410,626,560 bytes free

161 --- E O F --- 2008-12-09 20:58:17


Hijackthis report

2)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:55:21 PM, on 12/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\CF3804.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gatewaybiz.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {664088B0-6AF3-4514-AF9D-A0DC3A3DF24A} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols3beta/fscax.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 5965 bytes
Negash
Active Member
 
Posts: 9
Joined: November 16th, 2008, 4:32 pm

Re: Computer is slow and some infections

Unread postby Rodav » December 10th, 2008, 5:32 pm

Hi Negash,

Good job running combofix, it seems to have ran OK. Are you still having issues?

Step 1:
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    File::
    C:\My Backup -- 27-10-08 1346\Documents and Settings\Owner\Local Settings\Temp\TDSS526b.tmp 
    C:\My Backup -- 27-10-08 1346\Documents and Settings\Owner\Local Settings\Temp\~uavsetup.exe 
    C:\My Backup -- 27-10-08 1346\Documents and Settings\Owner\Local Settings\Temp\~uavsetup.exe 
    C:\My Backup -- 27-10-08 1346\Documents and Settings\Owner\Local Settings\Temp\~uavsetup.exe 
    C:\My Backup -- 27-10-08 1346\Documents and Settings\Owner\Local Settings\Temp\~uavsetup.exe 
    C:\My Backup -- 27-10-08 1346\Documents and Settings\Owner\Local Settings\Temp\~uavsetup.exe 
    C:\My Backup -- 27-10-08 1346\Documents and Settings\Owner\Local Settings\Temp\~uavsetup.exe 
    C:\My Backup -- 27-10-08 1346\Documents and Settings\Owner\Local Settings\Temp\~uavsetup.exe 
    C:\My Backup -- 27-10-08 1346\Program Files\GetModule\GetModule24.exe
    C:\My Backup -- 27-10-08 1346\WINDOWS\system32\av.dat
    C:\My Backup -- 27-10-08 1346\WINDOWS\system32\bswbpbmh.dll
    C:\My Backup -- 27-10-08 1346\WINDOWS\system32\drivers\TDSSpvuu.sys
    C:\My Backup -- 27-10-08 1346\WINDOWS\system32\ijxlmhmv.dll
    C:\My Backup -- 27-10-08 1346\WINDOWS\system32\liaepbhl.dll 
    C:\My Backup -- 27-10-08 1346\WINDOWS\system32\rxqnohun.dll
    C:\My Backup -- 27-10-08 1346\WINDOWS\system32\TDSSktkl.dll
    C:\My Backup -- 27-10-08 1346\WINDOWS\system32\TDSSlajf.dll 
    C:\My Backup -- 27-10-08 1346\WINDOWS\system32\TDSSoxut.dll
    C:\My Backup -- 27-10-08 1346\WINDOWS\system32\TDSSurrb.dll 
    C:\My Backup -- 27-10-08 1346\WINDOWS\system32\ucxakogu.dll
    C:\My Backup -- 27-10-08 1346\WINDOWS\system32\vpvjgsyv.dll 
    C:\My Backup -- 27-10-08 1346\WINDOWS\Temp\TDSS81e3.tmp
    C:\My Backup -- 27-10-08 1346\WINDOWS\Temp\TDSSac6d.tmp
    
    FileLook::
    C:\WINDOWS\system32\CF3804.exe
    
    Registry::
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -
    
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Step 2:
Run Eset NOD32 Online AntiVirus
http://www.eset.eu/online-scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current Antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Anvirisus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

Step 3:
Run HijackThis, do a system scan and in your next reply please post:
  • The ComboFix report (C:\ComboFix.txt)
  • The NOD32 results
  • The new HijackThis log
Also let me know how your computer is running.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Computer is slow and some infections

Unread postby Negash » December 12th, 2008, 4:03 pm

hello;
I ran combofix and i got a log file. But i cannot ran the online scanner. when i check the box next to yes and then click on start the website gives an error. It says page can not be found "HTTP 404 Not Found".. But still here is the combofix report

ComboFix 08-12-11.03 - Owner 2008-12-11 18:40:46.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.192 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\my backup -- 27-10-08 1346\Documents and Settings\Owner\Local Settings\Temp\~uavsetup.exe
c:\my backup -- 27-10-08 1346\Documents and Settings\Owner\Local Settings\Temp\TDSS526b.tmp
c:\my backup -- 27-10-08 1346\Program Files\GetModule\GetModule24.exe
c:\my backup -- 27-10-08 1346\WINDOWS\system32\av.dat
c:\my backup -- 27-10-08 1346\WINDOWS\system32\bswbpbmh.dll
c:\my backup -- 27-10-08 1346\WINDOWS\system32\drivers\TDSSpvuu.sys
c:\my backup -- 27-10-08 1346\WINDOWS\system32\ijxlmhmv.dll
c:\my backup -- 27-10-08 1346\WINDOWS\system32\liaepbhl.dll
c:\my backup -- 27-10-08 1346\WINDOWS\system32\rxqnohun.dll
c:\my backup -- 27-10-08 1346\WINDOWS\system32\TDSSktkl.dll
c:\my backup -- 27-10-08 1346\WINDOWS\system32\TDSSlajf.dll
c:\my backup -- 27-10-08 1346\WINDOWS\system32\TDSSoxut.dll
c:\my backup -- 27-10-08 1346\WINDOWS\system32\TDSSurrb.dll
c:\my backup -- 27-10-08 1346\WINDOWS\system32\ucxakogu.dll
c:\my backup -- 27-10-08 1346\WINDOWS\system32\vpvjgsyv.dll
c:\my backup -- 27-10-08 1346\WINDOWS\Temp\TDSS81e3.tmp
c:\my backup -- 27-10-08 1346\WINDOWS\Temp\TDSSac6d.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\my backup -- 27-10-08 1346\Documents and Settings\Owner\Local Settings\Temp\~uavsetup.exe
c:\my backup -- 27-10-08 1346\Documents and Settings\Owner\Local Settings\Temp\TDSS526b.tmp
c:\my backup -- 27-10-08 1346\Program Files\GetModule\GetModule24.exe
c:\my backup -- 27-10-08 1346\WINDOWS\system32\av.dat
c:\my backup -- 27-10-08 1346\WINDOWS\system32\bswbpbmh.dll
c:\my backup -- 27-10-08 1346\WINDOWS\system32\drivers\TDSSpvuu.sys
c:\my backup -- 27-10-08 1346\WINDOWS\system32\ijxlmhmv.dll
c:\my backup -- 27-10-08 1346\WINDOWS\system32\liaepbhl.dll
c:\my backup -- 27-10-08 1346\WINDOWS\system32\rxqnohun.dll
c:\my backup -- 27-10-08 1346\WINDOWS\system32\TDSSktkl.dll
c:\my backup -- 27-10-08 1346\WINDOWS\system32\TDSSlajf.dll
c:\my backup -- 27-10-08 1346\WINDOWS\system32\TDSSoxut.dll
c:\my backup -- 27-10-08 1346\WINDOWS\system32\TDSSurrb.dll
c:\my backup -- 27-10-08 1346\WINDOWS\system32\ucxakogu.dll
c:\my backup -- 27-10-08 1346\WINDOWS\system32\vpvjgsyv.dll
c:\my backup -- 27-10-08 1346\WINDOWS\Temp\TDSS81e3.tmp
c:\my backup -- 27-10-08 1346\WINDOWS\Temp\TDSSac6d.tmp

.
((((((((((((((((((((((((( Files Created from 2008-11-11 to 2008-12-11 )))))))))))))))))))))))))))))))
.

2008-12-11 17:45 . 2008-12-11 17:45 <DIR> d-------- c:\windows\LastGood
2008-12-09 15:51 . 2008-12-09 15:51 <DIR> d-------- c:\windows\system32\scripting
2008-12-09 15:51 . 2008-12-09 15:51 <DIR> d-------- c:\windows\system32\en
2008-12-09 15:51 . 2008-12-09 15:51 <DIR> d-------- c:\windows\system32\bits
2008-12-09 15:51 . 2008-12-09 15:51 <DIR> d-------- c:\windows\l2schemas
2008-12-09 15:45 . 2008-12-09 15:52 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-09 15:30 . 2008-12-09 15:30 <DIR> d-------- c:\windows\EHome
2008-11-25 19:55 . 2008-11-25 19:55 <DIR> d-------- c:\windows\Sun
2008-11-25 19:54 . 2008-11-10 03:39 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-25 19:51 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll
2008-11-22 17:13 . 2008-11-22 17:13 <DIR> d-------- C:\fsaua.data
2008-11-22 17:04 . 2008-11-22 17:04 <DIR> d-------- c:\program files\Avira
2008-11-22 17:04 . 2008-11-22 17:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-11-22 17:01 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-20 20:24 . 2008-11-20 20:24 <DIR> d-------- C:\rsit
2008-11-16 15:46 . 2008-11-16 15:46 <DIR> d-------- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-09 20:33 --------- d-----w c:\program files\Java
2008-11-21 00:37 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-03 18:56 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-11-03 18:21 --------- d-----w c:\program files\MSXML 4.0
2008-10-29 06:07 --------- d-----w c:\documents and settings\Owner\Application Data\Apple Computer
2008-10-29 06:06 --------- d-----w c:\program files\Bonjour
2008-10-29 06:06 --------- d-----w c:\program files\Apple Software Update
2008-10-29 06:06 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-10-27 21:50 --------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2008-10-27 21:50 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-27 21:38 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-27 21:38 --------- d-----w c:\program files\CyberLink
2008-10-27 21:38 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-10-27 21:38 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-10-27 21:37 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com
2008-10-27 21:35 --------- d-----w c:\program files\Gateway
2008-10-27 21:34 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-27 21:34 --------- d-----w c:\program files\Analog Devices
2008-10-27 21:34 --------- d-----w c:\documents and settings\Owner\Application Data\SampleView
2008-10-27 21:31 --------- d-----w c:\program files\Microsoft Picture It! 9
2008-10-27 21:30 --------- d-----w c:\program files\QuickTime
2008-10-27 21:29 --------- d-----w c:\program files\Synaptics
2008-10-27 21:29 --------- d-----w c:\program files\BigFix
2008-10-27 21:29 --------- d-----w c:\program files\Ahead
2008-10-27 21:28 --------- d-----w c:\program files\Viewpoint
2008-10-27 21:28 --------- d-----w c:\program files\Pure Networks
2008-10-27 21:28 --------- d-----w c:\program files\Learn2.com
2008-10-27 21:28 --------- d-----w c:\program files\Common Files\aolshare
2008-10-27 21:28 --------- d-----w c:\program files\Common Files\AOL
2008-10-27 21:28 --------- d-----w c:\program files\Common Files\Ahead
2008-10-27 21:28 --------- d-----w c:\program files\AOL Toolbar
2008-10-27 21:28 --------- d-----w c:\program files\AOL Companion
2008-10-27 21:28 --------- d-----w c:\program files\America Online 9.0
2008-10-27 21:28 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-10-27 21:28 --------- d-----w c:\documents and settings\All Users\Application Data\Pure Networks
2008-10-27 21:28 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-10-27 21:26 --------- d-----w c:\program files\Common Files\Nullsoft
2008-10-27 21:26 --------- d-----w c:\documents and settings\All Users\Application Data\QuickTime
2008-10-27 21:25 8,552 ----a-w c:\windows\system32\drivers\asctrm.sys
2008-10-27 21:25 --------- d-----w c:\program files\Real
2008-10-27 21:25 --------- d-----w c:\program files\Common Files\Real
2008-10-27 21:22 --------- d-----w c:\program files\Microsoft Money
2008-10-27 21:21 --------- d-----w c:\program files\MSN Encarta Plus
2008-10-27 21:21 --------- d-----w c:\program files\Common Files\Java
2008-10-27 21:20 --------- d-----w c:\program files\Microsoft Works
2008-10-27 21:20 --------- d-----w c:\program files\Common Files\New Boundary
2008-10-27 21:20 --------- d-----w c:\documents and settings\All Users\Application Data\Prism Deploy
2008-10-27 21:12 --------- d-----w c:\program files\CONEXANT
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 21:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 21:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\CF3804.exe -- Invalid filepath or file no longer exist


((((((((((((((((((((((((((((( snapshot@2008-12-09_16.49.45.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-11 22:38:39 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_fc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-03-15 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 78960]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-08-12 102400]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-08-12 684032]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-10-27 98304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2008-10-27 1742384]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

.
Contents of the 'Scheduled Tasks' folder

2008-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-10-27 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-04-13 19:12]

2008-10-27 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-04-13 19:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/
uInternet Connection Wizard,ShellNext = hxxp://www.gatewaybiz.com/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\bc24pxtb.default\
FF - plugin: c:\program files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-11 18:43:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-11 18:45:34
ComboFix-quarantined-files.txt 2008-12-11 23:44:17
ComboFix2.txt 2008-12-09 21:51:41

Pre-Run: 39,348,977,664 bytes free
Post-Run: 39,320,137,728 bytes free

202 --- E O F --- 2008-12-09 20:58:17
Negash
Active Member
 
Posts: 9
Joined: November 16th, 2008, 4:32 pm

Re: Computer is slow and some infections

Unread postby Rodav » December 13th, 2008, 7:04 pm

If you use Internet Explorer for the ESET scanner it should work, if it still doesn't try running Kaspersky again and post the results along with a new HijackThis log and let me know how your computer is running.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Computer is slow and some infections

Unread postby Rodav » December 16th, 2008, 10:47 am

Hi Negash, do you still need any help?
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Computer is slow and some infections

Unread postby Negash » December 16th, 2008, 12:11 pm

Hello;
i think need time more, i was using internet explorer whole time and eset scanner never works. But now i am running kasperksy but it takes very long time. I let it scan all night twice but take so long maybe 5 hour then computer pwer turns off. Last night it stop at 89% ... i turn off every anitivirus too.
Negash
Active Member
 
Posts: 9
Joined: November 16th, 2008, 4:32 pm

Re: Computer is slow and some infections

Unread postby Rodav » December 16th, 2008, 2:13 pm

We can try a different method, try doing this instead:

Step 1:
  • Create a folder on your desktop called Sysclean.
  • Go to http://www.trendmicro.com/download/dcs.asp and download sysclean package to the folder you made.
  • Go to http://www.trendmicro.com/download/pattern.asp and download the Virus Pattern File (Official Pattern Release) to your desktop.
    This file will be called lptXXX.zip (XXX represents the version number)
  • Unzip lptXXX.zip and you'll get the file lpt$vpn.XXX. Read here how to unzip/extract properly.
  • Move the lpt$vpn.XXX to the Sysclean-folder you created on your desktop.
  • Open the sysclean-folder and doubleclick sysclean.com.
  • Check: "Automatically clean or delete detected files".
  • Click scan.
Open your sysclean-folder and copy and paste the contents of sysclean.log in your next reply along with a new HijackThis log and a description of how your computer is running.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Computer is slow and some infections

Unread postby Rodav » December 18th, 2008, 2:58 pm

Are you still having issues?
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Computer is slow and some infections

Unread postby Negash » December 18th, 2008, 11:26 pm

HEllo:
I give up on kaspersky .... here is the report for micro system. It was working in DOS when scan. The computer is better than first time, but i don't understand why slow when virus scan like kasperky. ALso, other question do i need folder called my backup. Is it usefull?

1)


/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006-2007, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/


2008-12-17, 10:17:16, Auto-clean mode specified.
2008-12-17, 10:17:17, Initialized Rootkit Driver version 2.2.0.1004.
2008-12-17, 10:17:17, Running scanner "C:\Documents and Settings\Owner\Desktop\Sysclean\TSC.BIN"...
2008-12-17, 10:18:26, Scanner "C:\Documents and Settings\Owner\Desktop\Sysclean\TSC.BIN" has finished running.
2008-12-17, 10:18:26, TSC Log:

ÿþD a m a g e C l e a n u p E n g i n e ( D C E ) 6 . 0 ( B u i l d 1 0 6 4 )


W i n d o w s X P ( B u i l d 2 6 0 0 : S e r v i c e P a c k 3 )




S t a r t t i m e : W e d D e c 1 7 2 0 0 8 1 0 : 1 7 : 2 1





L o a d D a m a g e C l e a n u p T e m p l a t e ( D C T ) " C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ D e s k t o p \ S y s c l e a n \ T M R D C T . p t n " ( v e r s i o n ) [ f a i l ]


L o a d D a m a g e C l e a n u p T e m p l a t e ( D C T ) " C : \ D o c u m e n t s a n d S e t t i n g s \ O w n e r \ D e s k t o p \ S y s c l e a n \ t s c . p t n " ( v e r s i o n 9 9 8 ) [ s u c c e s s ]





C o m p l e t e t i m e : W e d D e c 1 7 2 0 0 8 1 0 : 1 8 : 2 6


E x e c u t e p a t t e r n c o u n t ( 3 0 3 1 ) , V i r u s f o u n d c o u n t ( 0 ) , V i r u s c l e a n c o u n t ( 0 ) , C l e a n f a i l e d c o u n t ( 0 )





2008-12-17, 10:18:26, Running scanner "C:\Documents and Settings\Owner\Desktop\Sysclean\VSCANTM.BIN"...
2008-12-17, 11:50:39, Scanner "C:\Documents and Settings\Owner\Desktop\Sysclean\VSCANTM.BIN" has finished running.
2008-12-17, 11:50:39, VSCANTM Log:

2008-12-17, 11:50:39, Files Detected:
Copyright (c) 1990 - 2006 Trend Micro Inc.
Report Date : 12/17/2008 10:18:27
VSAPI Engine Version : 8.910-1002
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 715 (347537/347537 Patterns) (2008/12/16) (571500)

Command Line: C:\Documents and Settings\Owner\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /HOSPITAL=.\BACKUP /LR C:\*.* /P=C:\Documents and Settings\Owner\Desktop\Sysclean\lpt$vpn.715

C:\My Backup -- 27-10-08 1346\WINDOWS\default.htm [HTML_FAKEALER.FA]
C:\Qoobox\Quarantine\C\My Backup -- 27-10-08 1346\Program Files\GetModule\GetModule24.exe.vir [TROJ_AGENT.DCZ]
C:\Qoobox\Quarantine\C\My Backup -- 27-10-08 1346\WINDOWS\system32\av.dat.vir [TROJ_VIRANTIX.BH]
C:\Qoobox\Quarantine\C\My Backup -- 27-10-08 1346\WINDOWS\system32\drivers\TDSSpvuu.sys.vir [BKDR_TDSS.AJ]
C:\Qoobox\Quarantine\C\My Backup -- 27-10-08 1346\WINDOWS\system32\TDSSktkl.dll.vir [BKDR_TDSS.AG]
C:\Qoobox\Quarantine\C\My Backup -- 27-10-08 1346\WINDOWS\system32\TDSSlajf.dll.vir [BKDR_TDSS.AH]
C:\Qoobox\Quarantine\C\My Backup -- 27-10-08 1346\WINDOWS\system32\TDSSoxut.dll.vir [TROJ_DLOADER.AWX]
C:\Qoobox\Quarantine\C\My Backup -- 27-10-08 1346\WINDOWS\system32\TDSSurrb.dll.vir [BKDR_TDSS.AI]
C:\Qoobox\Quarantine\C\My Backup -- 27-10-08 1346\WINDOWS\Temp\TDSS81e3.tmp.vir [BKDR_TDSS.X]
C:\Qoobox\Quarantine\C\My Backup -- 27-10-08 1346\WINDOWS\Temp\TDSSac6d.tmp.vir [BKDR_TDSS.AG]
190952 files have been read.
190952 files have been checked.
190860 files have been scanned.
347919 files have been scanned. (including files in archived)
10 files containing viruses.
Found 10 viruses totally.
Maybe 0 viruses totally.
Stop At: 12/17/2008 11:50:39 1 hour 32 minutes 11 seconds (5531.17 seconds) has elapsed.(28.966 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2008-12-17, 11:50:39, Files Clean:
Copyright (c) 1990 - 2006 Trend Micro Inc.
Report Date : 12/17/2008 10:18:27
VSAPI Engine Version : 8.910-1002
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 715 (347537/347537 Patterns) (2008/12/16) (571500)

Command Line: C:\Documents and Settings\Owner\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /HOSPITAL=.\BACKUP /LR C:\*.* /P=C:\Documents and Settings\Owner\Desktop\Sysclean\lpt$vpn.715

190952 files have been read.
190952 files have been checked.
190860 files have been scanned.
347919 files have been scanned. (including files in archived)
10 files containing viruses.
Found 10 viruses totally.
Maybe 0 viruses totally.
Stop At: 12/17/2008 11:50:39 1 hour 32 minutes 11 seconds (5531.17 seconds) has elapsed.(28.966 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2008-12-17, 11:50:39, Clean Fail:
Copyright (c) 1990 - 2006 Trend Micro Inc.
Report Date : 12/17/2008 10:18:27
VSAPI Engine Version : 8.910-1002
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 715 (347537/347537 Patterns) (2008/12/16) (571500)

Command Line: C:\Documents and Settings\Owner\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /HOSPITAL=.\BACKUP /LR C:\*.* /P=C:\Documents and Settings\Owner\Desktop\Sysclean\lpt$vpn.715

190952 files have been read.
190952 files have been checked.
190860 files have been scanned.
347919 files have been scanned. (including files in archived)
10 files containing viruses.
Found 10 viruses totally.
Maybe 0 viruses totally.
Stop At: 12/17/2008 11:50:39 1 hour 32 minutes 11 seconds (5531.17 seconds) has elapsed.(28.966 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2008-12-17, 11:50:39, Running scanner "C:\Documents and Settings\Owner\Desktop\Sysclean\VSCANTM.BIN"...
2008-12-17, 11:54:53, Scanner "C:\Documents and Settings\Owner\Desktop\Sysclean\VSCANTM.BIN" has finished running.
2008-12-17, 11:54:53, VSCANTM Log:

2008-12-17, 11:54:53, Files Detected:
Copyright (c) 1990 - 2006 Trend Micro Inc.
Report Date : 12/17/2008 11:50:42
VSAPI Engine Version : 8.910-1002
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 715 (347537/347537 Patterns) (2008/12/16) (571500)

Command Line: C:\Documents and Settings\Owner\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /HOSPITAL=.\BACKUP /LR D:\*.* /P=C:\Documents and Settings\Owner\Desktop\Sysclean\lpt$vpn.715

4386 files have been read.
4386 files have been checked.
4386 files have been scanned.
15460 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 12/17/2008 11:54:53 4 minutes 9 seconds (249.03 seconds) has elapsed.(56.779 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2008-12-17, 11:54:53, Files Clean:
Copyright (c) 1990 - 2006 Trend Micro Inc.
Report Date : 12/17/2008 11:50:42
VSAPI Engine Version : 8.910-1002
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 715 (347537/347537 Patterns) (2008/12/16) (571500)

Command Line: C:\Documents and Settings\Owner\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /HOSPITAL=.\BACKUP /LR D:\*.* /P=C:\Documents and Settings\Owner\Desktop\Sysclean\lpt$vpn.715

4386 files have been read.
4386 files have been checked.
4386 files have been scanned.
15460 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 12/17/2008 11:54:53 4 minutes 9 seconds (249.03 seconds) has elapsed.(56.779 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2008-12-17, 11:54:53, Clean Fail:
Copyright (c) 1990 - 2006 Trend Micro Inc.
Report Date : 12/17/2008 11:50:42
VSAPI Engine Version : 8.910-1002
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 715 (347537/347537 Patterns) (2008/12/16) (571500)

Command Line: C:\Documents and Settings\Owner\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /HOSPITAL=.\BACKUP /LR D:\*.* /P=C:\Documents and Settings\Owner\Desktop\Sysclean\lpt$vpn.715

4386 files have been read.
4386 files have been checked.
4386 files have been scanned.
15460 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 12/17/2008 11:54:53 4 minutes 9 seconds (249.03 seconds) has elapsed.(56.779 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*


2)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:24 PM, on 12/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gatewaybiz.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [TSC] "C:\Documents and Settings\Owner\Desktop\Sysclean\TSC_Temp\tsc.exe" /HD
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {664088B0-6AF3-4514-AF9D-A0DC3A3DF24A} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols3beta/fscax.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 5973 bytes
Negash
Active Member
 
Posts: 9
Joined: November 16th, 2008, 4:32 pm

Re: Computer is slow and some infections

Unread postby Rodav » December 19th, 2008, 10:41 am

I'm not sure why Kaspersky didn't work as it should have for you, I wouldn't worry too much about it. Your Backup folder is just where your computer stores backup files it automatically saves, it might be useful if you deleted a file that you might need. If you never use it you can empty it out and it should save you some space.


Step 1:
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u

You can also delete Sysclean and any logs we produced.



Your logs are now clean. :D :D
If you still feel you are having any issues please let me know now, otherwise read through and the following:


Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you need to be registered to post as unfortunately we were hit with too many spam posting to allow guest posting to continue just find your country room and register your complaint.

Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented
  • Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
    Go here to check for & install updates to Microsoft applications
    Note: The update process uses activex, so you will need to use internet explorer for it, and allow the activex control that it wants to install
  • Keep your non-Microsoft applications updated as well
    Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month
  • Make Internet Explorer more secure
    Click Start > Run
    Type Inetcpl.cpl & click OK
    Click on the Security tab
    Click Reset all zones to default level
    Make sure the Internet Zone is selected & Click Custom level
    In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • Install a Hosts File
    I recommend MVPS Hosts File
    Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
    On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
    • Click Start > Run
    • Type services.msc & click OK
    • In the list, find the service called DNS Client & double click on it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click OK & then close the Services window
    For a more detailed explanation of the HOSTS file, click here
  • Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program. If you want to help the developer of the program and get more information about what the programs that you see in Winpatrol please check out Winpatrol Plus. It does not need a new download.
  • The last and most important thing I can tell you is UPDATE, UPDATE, UPDATE.
    If you don't update your security programs (Antivirus, Antispyware, even Windows) then you are at risk.
    Malware changes on a day to day basis. You should update every week at the very least.

Miekiemoes an expert in malware removal has a fantastic article on how to prevent Malware for further tips, it's well worth a read. http://users.telenet.be/bluepatchy/miek ... ntion.html

Please reply to this topic one more time so I know you have read through it or with any questions you may have.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1481
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Computer is slow and some infections

Unread postby NonSuch » December 21st, 2008, 5:12 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 267 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware