Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Very Sluggish Computer [RESOLVED]


  • This topic is locked This topic is locked

#16
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Lets do this instead..

Please download Dr.Web CureIt to the Desktop:
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, please do a re-scan.. This time, choose Complete Scan
  • Click the green arrow button at the right, and the scan will start.
  • After the scan finished, click Select all
  • Click on Cure and choose Move incurable
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your Desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.


Please include a fresh DSS log in your next reply..
  • 0

Advertisements


#17
jim10011

jim10011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, June 10, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, June 09, 2008 19:26:50
Records in database: 844518
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 62648
Threat name: 4
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 02:13:25


File name / Threat name / Threats count
C:\RECYCLER\S-1-5-21-2680163275-1745558724-2074030094-1015\Dc30\Norton Antivirus\Quarantine\16780757 Infected: not-a-virus:AdWare.Win32.VirtualBouncer.g 1
C:\RECYCLER\S-1-5-21-2680163275-1745558724-2074030094-1015\Dc30\Norton Antivirus\Quarantine\4BAB0D79 Infected: not-a-virus:AdWare.Win32.VirtualBouncer.d 1
C:\RECYCLER\S-1-5-21-2680163275-1745558724-2074030094-1015\Dc30\Norton Antivirus\Quarantine\5C406557 Infected: Trojan-Downloader.Win32.Agent.ab 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP907\A0084090.exe Infected: not-a-virus:AdWare.Win32.180Solutions 2

The selected area was scanned.


Deckard's System Scanner v20071014.68
Run by Chad on 2008-06-10 16:07:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 254 MiB (512 MiB recommended).


-- HijackThis (run as Chad.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:08:02 PM, on 6/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Chad\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Chad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo....g/mail?.intl=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = google:1254
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min /nosplash
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 6369 bytes

-- Files created between 2008-05-10 and 2008-06-10 -----------------------------

2008-06-10 12:09:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-06-10 12:09:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-06-10 12:09:35 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-10 12:09:35 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-10 12:09:35 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-10 12:09:35 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-10 12:09:35 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-10 12:09:35 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-10 12:09:35 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-06-10 12:09:35 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-10 12:09:35 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-06-10 12:09:35 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-10 12:09:35 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-06-10 12:09:35 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-10 12:09:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-06-10 12:09:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-06-10 12:09:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-06-10 12:09:35 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-10 12:09:34 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-10 11:48:13 0 d-------- C:\Documents and Settings\Chad\DoctorWeb
2008-06-08 19:45:17 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-06-08 19:44:33 0 d-------- C:\Program Files\Microsoft.NET
2008-06-04 16:13:07 0 d-------- C:\Program Files\Trend Micro
2008-06-03 20:53:05 0 d-------- C:\Program Files\Panda Security
2008-06-03 18:27:51 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-03 18:27:49 0 d-------- C:\Documents and Settings\Chad\Application Data\SUPERAntiSpyware.com
2008-06-03 18:19:54 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-03 18:01:40 0 d-------- C:\Documents and Settings\Chad\Application Data\Malwarebytes
2008-06-03 18:01:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-03 18:01:27 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-03 18:00:57 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-03 17:58:26 0 d-------- C:\WINDOWS\pss
2008-06-03 17:52:46 50688 --a------ C:\Program Files\ATF_Cleaner.exe <Not Verified; Atribune.org; ATF Cleaner>
2008-06-02 16:59:06 0 d-------- C:\Documents and Settings\Lynn\.housecall6.6
2008-06-02 16:49:07 0 d-------- C:\Documents and Settings\Lynn\Application Data\Adobe
2008-05-30 19:55:24 0 d-------- C:\Documents and Settings\Walter\Application Data\Adobe
2008-05-30 19:52:43 0 d-------- C:\Documents and Settings\Walter\.housecall6.6
2008-05-30 19:17:29 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-30 19:11:55 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-30 19:11:54 0 d-------- C:\WINDOWS\system32\LogFiles
2008-05-30 18:19:08 0 d-------- C:\Documents and Settings\Lynn\Application Data\Musicmatch
2008-05-30 15:27:51 0 d-------- C:\Documents and Settings\Chad\Application Data\Grisoft
2008-05-29 21:05:45 0 d-------- C:\Program Files\SpywareGuard
2008-05-29 20:56:55 0 d-------- C:\Documents and Settings\Lynn\Application Data\Macromedia
2008-05-29 18:26:48 0 d-------- C:\Documents and Settings\Walter\Application Data\WinPatrol
2008-05-29 18:26:22 0 d-------- C:\Program Files\BillP Studios
2008-05-28 22:38:29 0 d-------- C:\Documents and Settings\Walter\Application Data\Macromedia
2008-05-28 22:26:42 0 d-------- C:\WINDOWS\Prefetch
2008-05-28 22:02:06 0 d-------- C:\WINDOWS\system32\scripting
2008-05-28 22:02:01 0 d-------- C:\WINDOWS\l2schemas
2008-05-28 22:01:58 0 d-------- C:\WINDOWS\system32\en
2008-05-28 20:09:22 0 d-------- C:\Documents and Settings\Walter\Application Data\MSN6
2008-05-28 20:09:22 0 d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-05-28 19:17:13 0 d---s---- C:\Documents and Settings\Walter\UserData
2008-05-28 17:47:11 0 d-------- C:\Documents and Settings\Walter\Application Data\Google
2008-05-27 19:15:50 0 dr-h----- C:\MSOCache
2008-05-27 18:00:19 0 d-------- C:\Program Files\hp deskjet 930c series
2008-05-27 17:55:10 53248 --a------ C:\WINDOWS\system32\hpfinsta.exe <Not Verified; Hewlett-Packard Co.; HP DeskJet>
2008-05-27 17:55:03 274432 -----n--- C:\WINDOWS\system32\hpfinst.dll <Not Verified; Hewlett-Packard Co.; HP DeskJet>
2008-05-27 15:20:39 0 d-------- C:\Documents and Settings\Chad\Application Data\Google
2008-05-26 20:23:19 2490912 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-26 20:18:42 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-05-26 20:18:30 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-26 20:17:12 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-05-26 20:16:10 0 d-------- C:\WINDOWS\Internet Logs
2008-05-26 20:01:29 0 d-------- C:\Documents and Settings\Lynn\Application Data\Google
2008-05-26 20:01:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-05-26 20:00:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-26 20:00:52 0 d-------- C:\Program Files\Google
2008-05-24 09:18:33 0 d-------- C:\Documents and Settings\Lynn\Application Data\Corel
2008-05-24 06:12:21 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-24 05:04:58 0 d-------- C:\Documents and Settings\Walter\Application Data\Malwarebytes
2008-05-24 02:24:09 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-24 02:22:54 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-05-24 02:09:07 0 d-------- C:\Program Files\Avira
2008-05-24 02:09:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-24 01:44:40 0 d-------- C:\Documents and Settings\Lynn\Application Data\Grisoft
2008-05-24 01:26:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-24 01:09:23 0 d-------- C:\Documents and Settings\Walter\Application Data\Grisoft
2008-05-24 01:08:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-23 23:31:44 0 d-------- C:\Documents and Settings\Lynn\Application Data\GTek
2008-05-23 23:30:33 0 d--h----- C:\Documents and Settings\Lynn\Local Settings
2008-05-23 23:30:33 0 dr------- C:\Documents and Settings\Lynn\Favorites
2008-05-23 23:30:33 0 d-------- C:\Documents and Settings\Lynn\Desktop
2008-05-23 23:30:33 0 d--hs---- C:\Documents and Settings\Lynn\Cookies
2008-05-23 23:30:33 0 dr-h----- C:\Documents and Settings\Lynn\Application Data
2008-05-23 23:30:33 0 d-------- C:\Documents and Settings\Lynn\Application Data\Sun
2008-05-23 23:30:33 0 d-------- C:\Documents and Settings\Lynn\Application Data\Sonic
2008-05-23 23:30:33 0 d-------- C:\Documents and Settings\Lynn\Application Data\Real
2008-05-23 23:30:33 0 d---s---- C:\Documents and Settings\Lynn\Application Data\Microsoft
2008-05-23 23:30:33 0 d-------- C:\Documents and Settings\Lynn\Application Data\Jasc Software Inc
2008-05-23 23:30:33 0 d-------- C:\Documents and Settings\Lynn\Application Data\Identities
2008-05-23 23:30:32 0 d--h----- C:\Documents and Settings\Lynn\Templates
2008-05-23 23:30:32 0 dr------- C:\Documents and Settings\Lynn\Start Menu
2008-05-23 23:30:32 0 dr-h----- C:\Documents and Settings\Lynn\SendTo
2008-05-23 23:30:32 0 dr-h----- C:\Documents and Settings\Lynn\Recent
2008-05-23 23:30:32 0 d--h----- C:\Documents and Settings\Lynn\PrintHood
2008-05-23 23:30:32 4194304 --ah----- C:\Documents and Settings\Lynn\NTUSER.DAT
2008-05-23 23:30:32 0 d--h----- C:\Documents and Settings\Lynn\NetHood
2008-05-23 23:30:32 0 dr------- C:\Documents and Settings\Lynn\My Documents
2008-05-23 23:28:06 0 d-------- C:\Documents and Settings\Walter\Application Data\GTek
2008-05-23 23:26:29 0 dr-h----- C:\Documents and Settings\Walter\SendTo
2008-05-23 23:26:29 0 dr-h----- C:\Documents and Settings\Walter\Recent
2008-05-23 23:26:29 0 d--h----- C:\Documents and Settings\Walter\PrintHood
2008-05-23 23:26:29 0 d--h----- C:\Documents and Settings\Walter\NetHood
2008-05-23 23:26:29 0 dr------- C:\Documents and Settings\Walter\My Documents
2008-05-23 23:26:29 0 d--h----- C:\Documents and Settings\Walter\Local Settings
2008-05-23 23:26:29 0 dr------- C:\Documents and Settings\Walter\Favorites
2008-05-23 23:26:29 0 d-------- C:\Documents and Settings\Walter\Desktop
2008-05-23 23:26:29 0 d--hs---- C:\Documents and Settings\Walter\Cookies
2008-05-23 23:26:29 0 dr-h----- C:\Documents and Settings\Walter\Application Data
2008-05-23 23:26:29 0 d-------- C:\Documents and Settings\Walter\Application Data\Sun
2008-05-23 23:26:29 0 d-------- C:\Documents and Settings\Walter\Application Data\Sonic
2008-05-23 23:26:29 0 d-------- C:\Documents and Settings\Walter\Application Data\Real
2008-05-23 23:26:29 0 d---s---- C:\Documents and Settings\Walter\Application Data\Microsoft
2008-05-23 23:26:29 0 d-------- C:\Documents and Settings\Walter\Application Data\Jasc Software Inc
2008-05-23 23:26:29 0 d-------- C:\Documents and Settings\Walter\Application Data\Identities
2008-05-23 23:26:28 0 d--h----- C:\Documents and Settings\Walter\Templates
2008-05-23 23:26:28 0 dr------- C:\Documents and Settings\Walter\Start Menu
2008-05-23 23:26:28 4718592 --ah----- C:\Documents and Settings\Walter\NTUSER.DAT
2008-05-23 19:51:20 0 d-------- C:\Documents and Settings\Chad\Application Data\CyberLink


-- Find3M Report ---------------------------------------------------------------

2008-06-08 19:45:10 0 d-------- C:\Program Files\Common Files
2008-06-04 15:41:09 10348 --a------ C:\Program Files\2008 BASEBALL SCHEDULE.xlsx
2008-06-02 15:35:48 0 d-------- C:\Documents and Settings\Chad\Application Data\Adobe
2008-05-30 20:00:16 0 d-------- C:\Program Files\Java
2008-05-30 18:19:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-28 22:03:40 0 d-------- C:\Program Files\Messenger
2008-05-28 22:01:56 0 d-------- C:\Program Files\Movie Maker
2008-05-28 21:53:57 0 d-------- C:\Program Files\Windows NT
2008-05-24 09:08:13 0 d-------- C:\Program Files\Gold Miner
2008-05-23 19:00:59 0 d-------- C:\Program Files\Hewlett-Packard
2008-05-23 09:55:47 0 d-------- C:\Program Files\AdsGone
2008-05-23 09:52:57 0 d-------- C:\Program Files\Cartoon Network


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/12/2008 11:06 AM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [04/02/2008 10:07 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04/13/2008 08:12 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 12:43 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM]

C:\Documents and Settings\Chad\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 11:00:00 AM]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 8:05:35 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 11:00:00 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-06-10 16:11:56 ------------



do you want the dr.web.csv file? how do i send it?
  • 0

#18
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, thanks for your reply.. Actually your logs look clean to my eyes.. I believe your computer problem is not related with Malware..

Please have a read on Miekiemoes article: Help! My computer is slow!




Now for some cleanup..
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.



NEXT


Please Install/Update Sun Java

Updating Java:
  • Go to Start --> Control Panel --> Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
  • It should have next icon next to it: Posted Image
  • Select it and click Remove. This will uninstall the previous (outdated) version of Java.
  • Then Download and install the newest version from here: Java Runtime Environment (JRE) 6 Update 6



NEXT


Let's clean your Restore Points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous Restore Points which are likely to be infected)
To create a new Restore Point.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK. This will flush your old System Restore.
  • Then please UNCHECK the Turn off System Restore.
  • Click again on Apply, and then click OK. This will create a new Restore Point
System Restore will now be active again

If you are using Windows Vista, please go HERE for tutorial on how to use, disable and enable System Restore



NEXT


I noticed that you already have:

1. Avira Antivir as your antivirus
2. MalwareBytes' Anti-Malware and SUPERAntiSpyware as your antispyware
3. ZoneAlarm as your firewall..



Lastly, to keep your operating system up to date please visit the link below monthly

To learn more about how to protect yourself while on the internet read this excellent article by Tony Klein: So how did I get infected in the first place?


And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)



Have a safe and happy computing day!


Regards
fenzodahl512
  • 0

#19
jim10011

jim10011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
I appreciate your help but I've done everything you've said and the computer runs just as slow and laboring as when I started. Is there a way I can get another opinion on this site? I was wondering if an administrator might have some ideas, or at the least review what I have done thus far, and tell me if I should throw away this computer.
  • 0

#20
jim10011

jim10011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
I can't do anything with system restore, it says disabled by group policy.
  • 0

#21
jim10011

jim10011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
:)

Edited by jim10011, 12 June 2008 - 12:00 PM.

  • 0

#22
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello jim... Thanks for the feedback.. Firstly, please have a read on below article..

Help! My computer is slow!


Ok.. from my own personal experiences.. Slow computer can be caused by..

1. Virus/Malware (which is not present in your latest log)

2. Overheating (normally caused by dust, thermalpaste degradation, etc).. The best place to ask is at Hardware, Components and Peripherals forum..

3. Fragmented files.. You need to do a disk defragmentation.. Mentioned in above article

4. Bad cluster.. You need to do a checkdisk/scandisk..

5. Low memory.. I recommend you to get at least 512mb of RAM (the more the better)

6. Too many programs run at Start-up.. The best place to ask is at Windows XP™, 2000, 2003, NT forum..


Hopes that help..

Regards
fenzodahl512
  • 0

#23
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts

I can't do anything with system restore, it says disabled by group policy.



Please go to Start >> Run >> copy/paste below command >> press Enter

REG export "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore" C:\lai.txt


Please find the content of C:\lai.txt and post it here..

Edited by fenzodahl512, 12 June 2008 - 12:09 PM.

  • 0

#24
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP