Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

PC running extremely slow 2

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

PC running extremely slow 2

Unread postby ikanew » November 3rd, 2007, 6:26 pm

Hi Mayi,

I've included two logs from the other computers on my network. Could you please look at them? I'll feel better knowing they are not infected. I'm still surprised that all the scans I ran did not detect this trojan on my friend's machine. Thanks.

I am splitting this topic into three parts.
This topic is about Computer #1 and Mayi will help you here with regards to that computer.
Elrond


Computer#1

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:37:29 PM, on 11/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Palm\Hotsync.exe
C:\Documents and Settings\kan\Start Menu\Programs\Startup\ShoveIt.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Radio365Agent] C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Startup: ShoveIt.exe
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Reboot.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/oneclickfix/tgctlsr.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ ... 4104382163
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 8011144703
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8011051309
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4056/ ... oupons.cab
O16 - DPF: {BA11E984-66D3-11D3-9196-006008105FA5} (SDClientHelper Class) - https://timecard.intellimark-it.com/sol ... tTools.cab
O20 - AppInit_DLLs: c:\PROGRA~1\Sophos\SOPHOS~1\detoured.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe

--
End of file - 6257 bytes
--------------------------------------------------------------------------------
This log has been copied to PC running extremely slow 3 http://www.malwareremoval.com/forum/viewtopic.php?p=233528 where Mayi will help you.
Elrond


Computer #2

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:51:45 PM, on 11/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\QuickTime\qttask.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\AIM6\aim6.exe
E:\Program Files\Sophos\AutoUpdate\ALMon.exe
E:\Program Files\AIM6\aolsoftware.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
e:\Program Files\Sophos\AutoUpdate\ALsvc.exe
E:\Program Files\Viewpoint\Common\ViewpointService.exe
E:\WINDOWS\System32\MsPMSPSv.exe
E:\WINDOWS\TEMP\sophos_autoupdate1.dir\alupdate.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
E:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - E:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - E:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "E:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: AutoUpdate Monitor.lnk = E:\Program Files\Sophos\AutoUpdate\ALMon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - e:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm409YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu ... 0.0.15.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/TrueInstall.exe
O20 - AppInit_DLLs: e:\PROGRA~1\Sophos\SOPHOS~1\detoured.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - E:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - E:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - E:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - e:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - E:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://scorpius-farscape.tv/master/icons/cupof.jpg

--
End of file - 5686 bytes
ikanew
Active Member
 
Posts: 6
Joined: October 22nd, 2007, 12:52 pm
Advertisement
Register to Remove

Unread postby Elrond » November 5th, 2007, 1:52 am

You will find computer #2 here: http://www.malwareremoval.com/forum/viewtopic.php?p=233528 It will be under my name as there is no way to do it any other way.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Unread postby ndmmxiaomayi » November 5th, 2007, 6:24 am

Hi ikanew. :)

Step 1

Please open HijackThis. Select Do a system scan only.

Put a check (tick) next to this line:

O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4056/ ... oupons.cab

Click Fix checked. Don't close HijackThis yet.

  1. Click on the Config... button at the bottom right hand corner.
  2. At the top, click on the Misc Tools button.
  3. Look under System tools.
  4. Click on the Open Uninstall Manager... button.
  5. Click on the Save list... button.
  6. It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  7. Notepad will open. Please post this log in your next reply.

Step 2

Please go to Virus Total or Jotti and upload C:\Documents and Settings\All Users\Start Menu\Programs\Startup\reboot.exe for scanning.

For Virus Total

  1. Please copy and paste C:\Documents and Settings\All Users\Start Menu\Programs\Startup\reboot.exe in the text box next to the Browse button.
  2. Click on Send File.

For Jotti

  1. Please copy and paste C:\Documents and Settings\All Users\Start Menu\Programs\Startup\reboot.exe in the text box next to the Browse button.
  2. Click on Submit.

In your next reply, please post:

  1. The Uninstall list
  2. Virus Total or Jotti's scan results
  3. A new HijackThis log
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby ndmmxiaomayi » November 11th, 2007, 5:06 am

Hi ikanew.

I'm bumping up this log. Are you confused over the splitting of logs?
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: PC running extremely slow 2

Unread postby ikanew » November 11th, 2007, 9:35 pm

Hi Mayi,

No, I wasn't confused by the split logs it just that I wasn't able to get back to you as quickly as I wanted-sorry. Congratulatons on your graduation, it must have taken alot of hard work. Thanks for your help!

Here are the logs you requested.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:12:38 PM, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nexus Radio\Nexus Radio.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Palm\Hotsync.exe
C:\Documents and Settings\kan\Start Menu\Programs\Startup\ShoveIt.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Live365\Radio365\Radio365_Dlg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Nexus Radio] C:\Program Files\Nexus Radio\Nexus Radio.exe -0
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Radio365Agent] C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Startup: ShoveIt.exe
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Reboot.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/oneclickfix/tgctlsr.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ ... 4104382163
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 8011144703
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8011051309
O20 - AppInit_DLLs: c:\PROGRA~1\Sophos\SOPHOS~1\detoured.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe

--
End of file - 6001 bytes



Antivirus Version LastUpdate Result

AhnLab-V3 2007.11.10.0 2007.11.09 -
AntiVir 7.6.0.34 2007.11.09 -
Authentium 4.93.8 2007.11.10 -
Avast 4.7.1074.0 2007.11.11 -
AVG 7.5.0.503 2007.11.11 Adware Generic.BWG
BitDefender 7.2 2007.11.11 Trojan.Exitwin.N
CAT-QuickHeal 9.00 2007.11.10 -
ClamAV 0.91.2 2007.11.11 -
DrWeb 4.44.0.09170 2007.11.11 Trojan.Reboter
eSafe 7.0.15.0 2007.11.08 -
eTrust-Vet 31.2.5284 2007.11.09 -
Ewido 4.0 2007.11.11
FileAdvisor 1 2007.11.11 -
Fortinet 3.11.0.0 2007.10.19 HackerTool/Reboot
F-Prot 4.4.2.54 2007.11.10 -
F-Secure 6.70.13030.0 2007.11.11 -
Ikarus T3.1.1.12 2007.11.11 TR.Reboter.A
Kaspersky 7.0.0.125 2007.11.11 -
McAfee 5160 2007.11.09 potentially unwanted program Reboot-AA
Microsoft 1.3007 2007.11.11 -
NOD32v2 2652 2007.11.11
Norman 5.80.02 2007.11.09
Panda 9.0.0.4 2007.11.11 Application/Reboot.A
Prevx1 V2 2007.11.11
Rising 20.17.62.00 2007.11.11 -
Sophos 4.23.0 2007.11.11
Sunbelt 2.2.907.0 2007.11.09 Trojan.Reboter
Symantec 10 2007.11.11 -
TheHacker 6.2.9.123 2007.11.10 Adware/Reboot.aa
VBA32 3.12.2.4 2007.11.11 TR.Reboter.A
VirusBuster 4.3.26:9 2007.11.11 -
Webwasher-Gateway 6.0.1 2007.11.11 Riskware.Tool.Reboter.A

Additional information
File size: 311296 bytes
MD5: 3d3a6b997d35ace2f7d778c4c27eb61c
SHA1: c07fc20b864d6aaf85df2a9e4ec9d797d3cddc88



Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0.1 Professional
Adobe Acrobat and Reader 6.0.3 Update
Adobe Acrobat and Reader 6.0.6 Update
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player ActiveX
AvantGo Client
Color LaserJet 2600n
Comcast Assisted Support Controls
Easy CD & DVD Creator 6
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB926239)
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP Scanjet 4370
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
IOGEAR Bluetooth Software
J2SE Runtime Environment 5.0 Update 6
Mavis Beacon Teaches Typing 15
Microsoft .NET Framework 1.1
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (1.0.7)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
Nexus Radio
Nokia Connectivity Cable Driver
Nokia PC Connectivity Solution
Nokia PC Suite
Palm
PE Builder 3.1.10a
Quicken 2002 Deluxe
QuickTime
Radio365 1.2
RealPlayer
Rhapsody
Rhapsody Player Engine
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
ShellCrypt
Shred 2 (PC Magazine)
SiS Audio Driver
Sophos Anti-Virus
Sophos AutoUpdate
Ulead Photo Express 2.0 SE
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
What's Running 2.2
Windows Driver Package - Nokia Modem (04/06/2006 6.8.0.17)
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
ikanew
Active Member
 
Posts: 6
Joined: October 22nd, 2007, 12:52 pm

Re: PC running extremely slow 2

Unread postby ndmmxiaomayi » November 12th, 2007, 8:21 pm

Hi ikanew. :)

Congratulatons on your graduation


Thank you. :)

Further research into this reboot.exe file shows that it's used to help users to reboot a computer after a period of time. Do you use this to reboot your computer?

Here's some details: http://www.liutilities.com/products/win ... ry/reboot/
____________________

Step 1

  1. Please download AVG Anti-Spyware and save it to your desktop.
  2. Double click on avgas-setup-7.5.0.50.exe to install AVG Anti-Spyware. Install it in the default location.
  3. Once installed, start AVG Anti-Spyware by going to Start > All Programs > AVG Anti-Spyware 7.5 > AVG Anti-Spyware.
  4. In the main screen, you should see Your Computer's Security.
    • Next to Resident Shield, click on Change state. It should now be Inactive.
    • Next to Automatic Updates, click on Change state. It should now be Inactive.
    • Next to Last Update, click on Update now. If your firewall prompts you, tell your firewall to allow it. Should you be unable to update it, download the updates from here. Save it to your desktop. Double click to run the installation and the updates will be installed. Make sure AVG Anti-Spyware is closed during the installation.
    • Right-click the AVG Anti-Spyware icon near the clock and uncheck (untick) Start with Windows. Confirm by clicking Yes.
  5. Now click on the Scanner button at the top.
  6. Select the Settings tab.
  7. Under How to act?, click on Recommended actions and select Quarantine.
  8. Under How to scan?, check (tick) all the boxes.
  9. Under Possibly unwanted software:, check (tick) all the boxes.
  10. Under Reports:, uncheck (untick) the Only if threats were found box and select Do not automatically generate report.
  11. Under What to scan?, select Scan every file.
Do not run a scan yet. You will run a scan later.

Step 2

Please download ATF Cleaner by Atribune.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All. Uncheck (untick) the Cookies box.
  • Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All. Uncheck (untick) Firefox cookies box.
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All. Uncheck (untick) Opera cookies box.
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Step 3

Please print out or save this set of instructions as you will not have internet access during the fix.

Reboot into Safe Mode by following the instructions below:

  • When you see BIOS screen, start pressing F8.
  • A boot menu will appear shortly.
  • Using the up down arrows, select Safe Mode and press the Enter key.
  • Windows will now load.
  • Log in to your usual account.

Step 4

  1. Start AVG Anti-Spyware by going to Start > All Programs > AVG Anti-Spyware 7.5 > AVG Anti-Spyware.
  2. Click on the Scanner button at the top.
  3. Select the Scan tab.
  4. Click on Complete System Scan to start the scan.
  5. When the scan has finished, follow the instructions below.
    IMPORTANT: Don't click on the Save Scan Report button before you did hit the Apply all Actions button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)

      Please refer to the image below for the settings of AVG Antispyware.

      http://img509.imageshack.us/img509/4851/scanavgjk2.jpg
  6. When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  7. Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Restart your computer in Normal Mode.

In your next reply, please post:

  1. AVG Antispyware scan report
  2. A new HijackThis log
  3. If you used the reboot.exe file to reboot your computer
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: PC running extremely slow 2

Unread postby ikanew » November 13th, 2007, 10:56 pm

Hi Mayi,

I do not use reboot.exe to reboot my PC.
Here are the requested logs. Thanks.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:41:14 PM 11/13/2007

+ Scan result:



C:\Documents and Settings\aln\Application Data\Starware -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\BrowserSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\BrowserSearch\BrowserSearch.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\ErrorSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\Games -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\Games\GamesOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\Games\GamesOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\Layouts -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\Layouts\PreferencesLayout.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\Layouts\PreferencesLayout.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\Layouts\ToolbarLayout.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\Layouts\ToolbarLayout.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\Manager -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\Manager\ManagerOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\Manager\ManagerOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\Movies -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\Movies\MoviesOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\Movies\MoviesOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\PopupBlocker -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\Reference -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\Reference\ReferenceOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\Reference\ReferenceOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\RelatedSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\Screensavers -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\ScreensaversMarketingSitePager -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\Screensavers\ScreensaversOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\Screensavers\ScreensaversOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\SearchAssistPlus -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\SearchMatch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\SearchMatch\SearchMatchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\Toolbar -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\ToolbarLogo -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\ToolbarSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\Toolbar\TBProductsOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\TravelSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\TravelSearch\TravelSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\aln\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
D:\Program Files\WinAIO\W-aio\Windows XP Update Validation Bypass\twkwgat.zip/twk-winupdatepatch.rar/twk-winupdatepatch.exe -> Hijacker.Barben : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.346:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.68:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.69:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.70:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.71:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.88:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.275:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.276:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.273:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.45:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.369:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.370:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.371:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.132:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.133:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.134:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.135:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.136:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.137:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.138:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.139:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.140:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.51:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.52:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.53:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.54:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.62:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.84:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.36:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.38:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.213:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.298:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.375:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.373:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.374:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.146:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.147:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.148:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.149:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.150:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.151:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.152:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.155:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.156:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.211:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.377:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.378:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.71:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.72:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.78:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.13:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.37:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.237:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.241:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.116:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.117:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.118:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.119:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.120:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.46:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.47:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.48:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.212:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.216:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.341:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.49:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.50:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.51:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.66:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.72:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.73:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.74:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.85:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.86:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.376:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.115:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.79:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.197:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.202:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.68:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.89:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.90:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.91:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.92:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.93:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.94:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.95:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.96:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.97:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.166:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.167:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.110:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.111:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.112:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.113:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.114:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.21:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.22:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.23:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.24:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.25:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.26:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.27:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.28:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.29:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.30:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.31:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.32:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.33:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.332:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.125:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.126:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.127:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.226:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.198:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.199:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.101:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.102:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.103:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.104:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.105:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.106:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.107:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.254:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.255:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.256:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.257:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.258:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.259:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.260:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.261:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.262:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.263:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.264:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.265:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.266:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.38:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.39:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.40:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.41:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.42:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.43:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.98:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.122:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.141:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.142:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.143:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.144:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.145:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.85:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.86:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.87:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.88:C:\Documents and Settings\aln\Application Data\Mozilla\Firefox\Profiles\ufno8qsb.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.227:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.228:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.229:C:\Documents and Settings\kan\Application Data\Mozilla\Firefox\Profiles\cokzcmmb.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:48:03 PM, on 11/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Nexus Radio\Nexus Radio.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
D:\Program Files\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\pctspk.exe
D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Palm\Hotsync.exe
C:\Documents and Settings\kan\Start Menu\Programs\Startup\ShoveIt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TEMP\sophos_autoupdate1.dir\alupdate.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Nexus Radio] C:\Program Files\Nexus Radio\Nexus Radio.exe -0
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Radio365Agent] C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Startup: ShoveIt.exe
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Reboot.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/oneclickfix/tgctlsr.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ ... 4104382163
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 8011144703
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8011051309
O20 - AppInit_DLLs: c:\PROGRA~1\Sophos\SOPHOS~1\detoured.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 6114 bytes
ikanew
Active Member
 
Posts: 6
Joined: October 22nd, 2007, 12:52 pm

Re: PC running extremely slow 2

Unread postby ndmmxiaomayi » November 14th, 2007, 9:47 am

Hi ikanew,

  1. Please download this tool from Microsoft.
  2. Double click on MGADiag.exe to run it.
  3. Click Continue.
  4. The program will run. It takes a while to finish the diagnosis, please be patient.
  5. Once done, click on Copy.
  6. Open Notepad and paste the contents in. Save this file and post it in your next reply.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: PC running extremely slow 2

Unread postby ikanew » November 15th, 2007, 9:06 pm

Hi Mayi,

Next log:

Diagnostic Report (1.7.0066.0):
-----------------------------------------
WGA Data-->
Validation Status: Blocked VLK
Validation Code: 3
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****-RQGB3-6XFJR-2P2BB
Windows Product Key Hash: o2dIQoYiHUdWj5uQeKdqjLuK9Zk=
Windows Product ID: 55274-646-2049607-23734
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.2.0.pro
CSVLK Server: N/A
CSVLK PID: N/A
ID: {748D8F8B-F01B-4075-9AC5-1EA459CBCAA8}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.7.36.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-171-1
Resolution Status: N/A

Notifications Data-->
Cached Result: N/A
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: FCEE394C-2989-80070002_025D1FF3-171-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{748D8F8B-F01B-4075-9AC5-1EA459CBCAA8}</UGUID><Version>1.7.0066.0</Version><OS>5.1.2600.2.00010100.2.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-2P2BB</PKey><PID>55274-646-2049607-23734</PID><PIDType>1</PIDType><SID>S-1-5-21-1229272821-1202660629-1957994488</SID><SYSTEM><Manufacturer>ECS </Manufacturer><Model>K7S5A </Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc. </Manufacturer><Version>07.00T </Version><SMBIOSVersion major="2" minor="3"/><Date>20010402000000.000000+000</Date></BIOS><HWID>6A9A3C6F0184A069</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><BRT/></MachineData> <Software><Office><Result>100</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>EF8B623FF00D00</Val><Hash>dCT9yNNWlP5NhPcR53w+26/8fOA=</Hash><Pid>73931-640-3490255-57580</Pid><PidType>14</PidType></Product></Products></Office></Software></GenuineResults>
ikanew
Active Member
 
Posts: 6
Joined: October 22nd, 2007, 12:52 pm

Re: PC running extremely slow 2

Unread postby ndmmxiaomayi » November 16th, 2007, 3:04 am

Hi ikanew,

According to the MGA report, your copy of Windows is not legitimate.

As with the forum policy, you will need to get a legitimate copy of Windows before we can continue.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: PC running extremely slow 2

Unread postby 'KotaGuy » December 14th, 2007, 9:54 am

This topic is now closed due to inactivity. If you wish it to be reopened, please send an email to 'admin at malwareremoval.com' with a link to your thread.

If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 293 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware