Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My PC is running is very slowly


  • This topic is locked This topic is locked

#1
chard_me

chard_me

    New Member

  • Member
  • Pip
  • 7 posts
hello guys!

my pc has been running very slowly. i have been experiencing this for some months already. i am just an average computer user so i am not that much knowledgeable on what virus or errors or anything like that may have caused this. but i suspect something is wrong with my computer. please help me.

below are the logs generated from hijackthis and OTL.

thanks in advance.

chard

=======================================

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:51:21 PM, on 5/9/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_22\bin\ssv.dll
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_22\bin\npjpi150_22.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_22\bin\npjpi150_22.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

--
End of file - 4540 bytes


========================================

OTL logfile created on: 5/9/2011 11:08:53 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 261.00 Mb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.30 Gb Total Space | 26.34 Gb Free Space | 70.61% Space Free | Partition Type: NTFS

Computer Name: FREELANC-9EE48E | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/09 22:58:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/09 22:58:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010/08/24 00:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/05/09 22:19:51 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F7E40349-65C8-4E78-8F04-72E09FA43074}\MpKsl015f4781.sys -- (MpKsl015f4781)
DRV - [2010/01/29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2008/04/14 02:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/04/01 13:33:32 | 000,163,712 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2004/08/04 06:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/17 22:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ph.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 C9 BC 38 44 ED CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/01 20:13:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/19 00:42:59 | 000,000,000 | ---D | M]

[2011/03/13 16:41:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/05/09 21:19:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0l1wiybw.default\extensions
[2011/03/14 21:47:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0l1wiybw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/07 23:47:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/07 23:47:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0L1WIYBW.DEFAULT\EXTENSIONS\[email protected]
[2011/05/01 20:13:36 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/03/20 00:21:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2001/08/24 01:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_22\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_22\bin\NPJPI150_22.dll (Sun Microsystems, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_22)
O16 - DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/13 15:23:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{27115df4-4d44-11e0-8ed9-00a0b00c1be6}\Shell - "" = AutoRun
O33 - MountPoints2\{27115df4-4d44-11e0-8ed9-00a0b00c1be6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{27115df4-4d44-11e0-8ed9-00a0b00c1be6}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{27115dfe-4d44-11e0-8ed9-00a0b00c1be6}\Shell - "" = AutoRun
O33 - MountPoints2\{27115dfe-4d44-11e0-8ed9-00a0b00c1be6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{27115dfe-4d44-11e0-8ed9-00a0b00c1be6}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/09 22:58:15 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/05/09 22:18:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/05/07 23:46:09 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/05/07 23:46:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/07 23:45:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sun
[2011/05/03 11:28:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\backups
[2011/05/03 11:24:07 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
[2011/04/30 10:10:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2011/04/29 18:36:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Talkback
[2011/04/29 18:34:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Thunderbird
[2011/04/29 18:34:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird
[2011/04/27 06:03:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cheat Engine 5.6.1
[2011/04/27 06:03:14 | 000,679,936 | ---- | C] (Generated by JEDI) -- C:\WINDOWS\System32\D3DX81ab.dll
[2011/04/27 06:02:44 | 000,000,000 | ---D | C] -- C:\Program Files\Cheat Engine
[2011/04/16 00:25:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/04/16 00:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2011/04/16 00:22:30 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2011/04/16 00:07:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
[2011/04/16 00:06:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Revo Uninstaller
[1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/09 22:58:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/05/09 22:24:48 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/09 22:24:23 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2011/05/09 22:19:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/09 19:19:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/07 02:54:11 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/05/06 09:55:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/03 11:24:38 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
[2011/04/25 23:24:51 | 000,035,197 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Spongebobchr2.jpg
[2011/04/20 11:12:12 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1547161642-436374069-1060284298-500.job
[2011/04/20 11:12:12 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1547161642-436374069-1060284298-500.job
[2011/04/16 00:25:27 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/04/16 00:06:53 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Revo Uninstaller.lnk
[2011/04/15 10:03:14 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/15 09:44:57 | 000,430,176 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/15 09:44:57 | 000,066,246 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/27 06:03:15 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2011/04/25 23:25:07 | 000,035,197 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Spongebobchr2.jpg
[2011/04/16 00:26:29 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1547161642-436374069-1060284298-500.job
[2011/04/16 00:26:29 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1547161642-436374069-1060284298-500.job
[2011/04/16 00:25:27 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/03/20 00:46:20 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/18 13:43:41 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/13 23:09:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/03/13 23:07:07 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/13 16:29:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/13 15:26:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/03/13 15:25:11 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2011/03/13 15:24:08 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallThunderbird.exe
[2011/03/13 15:24:03 | 000,005,217 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2011/03/13 15:19:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/12/01 21:26:21 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/11/26 17:13:40 | 000,417,792 | ---- | C] () -- C:\WINDOWS\System32\Notepad2.EXE
[2005/11/26 06:43:08 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\VCdControlTool.exe
[2005/11/22 21:33:56 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\modifyPE.exe
[2005/11/22 15:49:22 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll
[2005/11/22 15:49:18 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\cabarc.exe
[2005/10/23 08:18:24 | 000,517,120 | ---- | C] () -- C:\WINDOWS\System32\CDImageGUI.exe
[2005/10/23 08:07:22 | 000,211,456 | ---- | C] () -- C:\WINDOWS\System32\UPXShell.exe
[2005/10/20 14:07:02 | 000,345,600 | ---- | C] () -- C:\WINDOWS\System32\SAFEXP.EXE
[2005/10/20 13:29:24 | 000,335,360 | ---- | C] () -- C:\WINDOWS\System32\RESHACK.EXE
[2004/08/04 09:37:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 22:50:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/24 01:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/24 01:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/24 01:00:00 | 000,478,133 | ---- | C] () -- C:\WINDOWS\System32\Power Defragmenter GUI.exe
[2001/08/24 01:00:00 | 000,430,176 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/24 01:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/24 01:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/24 01:00:00 | 000,120,947 | ---- | C] () -- C:\WINDOWS\System32\FlushCode.exe
[2001/08/24 01:00:00 | 000,066,246 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/24 01:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll
[2001/08/24 01:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/24 01:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/24 01:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2011/03/16 20:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Foxit Software
[2011/04/29 18:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird
[2011/04/23 23:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2011/03/18 08:47:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/05/09 22:24:48 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/05/09 22:24:23 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job

========== Purity Check ==========



< End of report >


========================================
  • 0

Advertisements


#2
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hello chard_me and welcome to G2G. :)

I need to see a fresh log, please run another OTL scan and post the new report for my review, thanks.
  • 0

#3
chard_me

chard_me

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
hi sempai,

below is the new OTL log. by the way, i also posted in another forum (maddoktor2) and did some scans using some software as instructed in their preliminary instructions there. so maybe you can see some here. but they have not yet responded so i guess i just have to follow you here from now on.


####################################################################

OTL logfile created on: 5/16/2011 12:38:14 AM - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 391.00 Mb Available Physical Memory | 76.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.30 Gb Total Space | 26.00 Gb Free Space | 69.72% Space Free | Partition Type: NTFS

Computer Name: FREELANC-9EE48E | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/13 21:30:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/13 21:30:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010/08/24 00:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/05/15 21:43:51 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C563A670-7B94-4B9E-8C75-E75B6ADF76FE}\MpKsl01732e36.sys -- (MpKsl01732e36)
DRV - [2011/05/15 18:10:39 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C563A670-7B94-4B9E-8C75-E75B6ADF76FE}\MpKsld6d1c62f.sys -- (MpKsld6d1c62f)
DRV - [2010/01/29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2008/04/14 02:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/04/01 13:33:32 | 000,163,712 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2004/08/04 06:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/17 22:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ph.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 C9 BC 38 44 ED CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/01 20:13:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/19 00:42:59 | 000,000,000 | ---D | M]

[2011/03/13 16:41:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/05/13 23:58:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0l1wiybw.default\extensions
[2011/03/14 21:47:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0l1wiybw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/07 23:47:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/07 23:47:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0L1WIYBW.DEFAULT\EXTENSIONS\[email protected]
[2011/05/01 20:13:36 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/03/20 00:21:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2001/08/24 01:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_22\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_22\bin\NPJPI150_22.dll (Sun Microsystems, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_22)
O16 - DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/13 15:23:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{27115df4-4d44-11e0-8ed9-00a0b00c1be6}\Shell - "" = AutoRun
O33 - MountPoints2\{27115df4-4d44-11e0-8ed9-00a0b00c1be6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{27115df4-4d44-11e0-8ed9-00a0b00c1be6}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{27115dfe-4d44-11e0-8ed9-00a0b00c1be6}\Shell - "" = AutoRun
O33 - MountPoints2\{27115dfe-4d44-11e0-8ed9-00a0b00c1be6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{27115dfe-4d44-11e0-8ed9-00a0b00c1be6}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/15 20:37:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/05/13 21:37:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/05/13 21:29:39 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/05/13 20:42:32 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2011/05/07 23:46:09 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/05/07 23:46:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/07 23:45:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sun
[2011/05/03 11:28:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\backups
[2011/05/03 11:24:07 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
[2011/04/30 10:10:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2011/04/29 18:36:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Talkback
[2011/04/29 18:34:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Thunderbird
[2011/04/29 18:34:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird
[2011/04/27 06:03:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cheat Engine 5.6.1
[2011/04/27 06:03:14 | 000,679,936 | ---- | C] (Generated by JEDI) -- C:\WINDOWS\System32\D3DX81ab.dll
[2011/04/27 06:02:44 | 000,000,000 | ---D | C] -- C:\Program Files\Cheat Engine
[1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/16 00:32:04 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-436374069-1060284298-500UA.job
[2011/05/15 22:27:32 | 000,070,386 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\mw.jpg
[2011/05/15 21:48:43 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/15 21:43:24 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1547161642-436374069-1060284298-500.job
[2011/05/15 21:43:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/15 20:36:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/14 09:32:05 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-436374069-1060284298-500Core.job
[2011/05/13 21:42:31 | 000,000,550 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\fixme.bat
[2011/05/13 21:30:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/05/13 21:29:24 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rkill.exe
[2011/05/13 21:28:27 | 000,000,321 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\fixme.zip
[2011/05/13 21:23:28 | 000,502,095 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\unhide.exe
[2011/05/13 20:43:41 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2011/05/13 20:42:55 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2011/05/10 10:44:51 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\hrome.lnk
[2011/05/10 10:44:51 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/10 08:30:19 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1547161642-436374069-1060284298-500.job
[2011/05/07 02:54:11 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/05/06 09:55:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/03 11:24:38 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
[2011/04/25 23:24:51 | 000,035,197 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Spongebobchr2.jpg
[1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/15 22:27:32 | 000,070,386 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\mw.jpg
[2011/05/13 21:42:31 | 000,000,550 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\fixme.bat
[2011/05/13 21:28:51 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rkill.exe
[2011/05/13 21:28:25 | 000,000,321 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\fixme.zip
[2011/05/13 21:23:20 | 000,502,095 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\unhide.exe
[2011/05/13 20:43:20 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2011/04/27 06:03:15 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2011/04/25 23:25:07 | 000,035,197 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Spongebobchr2.jpg
[2011/03/20 00:46:20 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/18 13:43:41 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/13 23:09:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/03/13 23:07:07 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/13 16:29:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/13 15:26:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/03/13 15:25:11 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2011/03/13 15:24:08 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallThunderbird.exe
[2011/03/13 15:24:03 | 000,005,217 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2011/03/13 15:19:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/12/01 21:26:21 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/11/26 17:13:40 | 000,417,792 | ---- | C] () -- C:\WINDOWS\System32\Notepad2.EXE
[2005/11/26 06:43:08 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\VCdControlTool.exe
[2005/11/22 21:33:56 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\modifyPE.exe
[2005/11/22 15:49:22 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll
[2005/11/22 15:49:18 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\cabarc.exe
[2005/10/23 08:18:24 | 000,517,120 | ---- | C] () -- C:\WINDOWS\System32\CDImageGUI.exe
[2005/10/23 08:07:22 | 000,211,456 | ---- | C] () -- C:\WINDOWS\System32\UPXShell.exe
[2005/10/20 14:07:02 | 000,345,600 | ---- | C] () -- C:\WINDOWS\System32\SAFEXP.EXE
[2005/10/20 13:29:24 | 000,335,360 | ---- | C] () -- C:\WINDOWS\System32\RESHACK.EXE
[2004/08/04 09:37:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 22:50:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/24 01:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/24 01:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/24 01:00:00 | 000,478,133 | ---- | C] () -- C:\WINDOWS\System32\Power Defragmenter GUI.exe
[2001/08/24 01:00:00 | 000,430,176 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/24 01:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/24 01:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/24 01:00:00 | 000,120,947 | ---- | C] () -- C:\WINDOWS\System32\FlushCode.exe
[2001/08/24 01:00:00 | 000,066,246 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/24 01:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll
[2001/08/24 01:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/24 01:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/24 01:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2011/03/16 20:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Foxit Software
[2011/04/29 18:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird
[2011/04/23 23:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2011/03/18 08:47:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/05/15 21:48:43 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >


############################################################


thanks in advance pre. :)
  • 0

#4
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hello chard_me,

Please do not follow two instructions at the same time because it may cause more harm than good.

Anyway, nothing is wrong with your log. Do you experience any other symptoms aside from the computer being slow?

Run this scan please to be sure that there's no malware, then we can do some basic maintenance to improve PC performance.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

  • 0

#5
chard_me

chard_me

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
hi,

below is the scan results from eset. the symptoms i experience is that my pc boots longer than usual, it takes a long time to open documents or files. when opening a browser, it also takes some time before the browser goes up and there is this unresponsive script warning that often shows up, especially when i am logged in to facebook.



############################################


C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000397 a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\My Documents\richard\ultraiso\setup.exe NSIS/TrojanDownloader.FakeAlert.DK.Gen trojan deleted - quarantined
C:\Documents and Settings\Administrator\My Documents\richard\VIRUS DELETION TOOLS\Flash Disinfector\Flash_Disinfector.zip probably a variant of Win32/Agent.BWFKHA trojan deleted - quarantined


###########################################
  • 0

#6
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Posted Image


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

  • Leave your computer alone while ComboFix is running.
  • ComboFix will restart your computer if malware is found; allow it to do so.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Please do not mouseclick combofix's window while its running because it may call it to stall.
  • ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


  • 0

#7
chard_me

chard_me

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
hi sempai,

i followed your instruction in running the combofix. downloaded it, it ran by itself, allowed the installation of ms windows recovery console, etc. and it restarted the computer. however, no log/report was produced after the computer has restarted. i looked in all the folders in C: but i can't see any combofix report. :)

where is it usually found after a combofix scan?

thanks

chard_me
  • 0

#8
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Kabayan,

Did you click yes to continue scanning for malware? Did it completed the stages until the message "Generating log"?

Did it give you any error? The log is located in C:\ComboFix.txt.
  • 0

#9
chard_me

chard_me

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
kabayan,

the first time i ran combofix, there was no log. it just ran then restarted my pc without showing up any report. so i just did a rescan and here's the report.

##########################################################

ComboFix 11-05-16.03 - Administrator 05/17/2011 21:02:17.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.273 [GMT 8:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-17 to 2011-05-17 )))))))))))))))))))))))))))))))
.
.
2011-05-17 12:38 . 2011-05-17 12:38 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BDC7EC40-51DE-4854-9A07-79768E1DDA7F}\MpKsl1ebd391b.sys
2011-05-17 01:43 . 2011-05-17 01:43 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BDC7EC40-51DE-4854-9A07-79768E1DDA7F}\MpKslf87e3c17.sys
2011-05-17 01:42 . 2011-04-11 07:04 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BDC7EC40-51DE-4854-9A07-79768E1DDA7F}\mpengine.dll
2011-05-16 15:33 . 2011-05-16 15:33 -------- d-----w- c:\program files\ESET
2011-05-07 15:47 . 2009-10-08 19:00 49265 ----a-w- c:\windows\system32\jpicpl32.cpl
2011-05-07 15:46 . 2011-05-07 15:47 -------- d-----w- c:\program files\Java
2011-05-07 15:46 . 2011-05-07 15:46 -------- d-----w- c:\program files\Common Files\Java
2011-05-07 15:45 . 2011-05-07 15:45 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sun
2011-05-03 03:28 . 2011-05-03 03:29 -------- d-----w- c:\documents and settings\Administrator\backups
2011-04-30 02:10 . 2011-04-30 02:10 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2011-04-29 10:36 . 2011-04-29 10:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Talkback
2011-04-29 10:34 . 2011-04-29 10:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Thunderbird
2011-04-29 10:34 . 2011-04-29 10:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Thunderbird
2011-04-26 22:03 . 2009-11-03 06:07 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2011-04-26 22:03 . 2009-11-03 06:07 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2011-04-26 22:02 . 2011-05-09 16:46 -------- d-----w- c:\program files\Cheat Engine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-15 16:22 . 2003-02-21 01:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-04-15 16:22 . 2003-03-18 19:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-04-11 07:04 . 2011-03-20 08:33 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-19 16:21 . 2011-03-19 16:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-13 07:25 . 2011-03-13 07:25 107132 ----a-w- c:\windows\UninstallFirefox.exe
2011-03-13 07:24 . 2011-03-13 07:24 107132 ----a-w- c:\windows\UninstallThunderbird.exe
2011-03-07 05:33 . 2011-03-13 07:20 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2005-10-12 17:14 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2005-11-08 23:13 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2005-10-12 17:14 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2004-08-04 01:26 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 23:06 . 2004-08-04 01:26 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 11:41 . 2004-08-03 23:29 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2005-10-14 17:17 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2005-10-13 21:36 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2011-03-13 09:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-05-01 12:13 . 2011-03-24 14:05 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"nlhr"="c:\windows\System32\AdvPack.Dll" [2009-03-07 128512]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 03:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-04-15 16:22 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R1 MpKsl1ebd391b;MpKsl1ebd391b;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BDC7EC40-51DE-4854-9A07-79768E1DDA7F}\MpKsl1ebd391b.sys [5/17/2011 8:38 PM 28752]
R1 MpKslf87e3c17;MpKslf87e3c17;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BDC7EC40-51DE-4854-9A07-79768E1DDA7F}\MpKslf87e3c17.sys [5/17/2011 9:43 AM 28752]
S1 MpKsl1d5629d7;MpKsl1d5629d7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C38D4364-BD50-415E-9758-5BA6E6A3F837}\MpKsl1d5629d7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C38D4364-BD50-415E-9758-5BA6E6A3F837}\MpKsl1d5629d7.sys [?]
S1 MpKsl26dfd64f;MpKsl26dfd64f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5D6935D8-31A7-463E-9D3F-BD5064D7B262}\MpKsl26dfd64f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5D6935D8-31A7-463E-9D3F-BD5064D7B262}\MpKsl26dfd64f.sys [?]
S1 MpKsl2b1d5d64;MpKsl2b1d5d64;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4F286CFB-5F46-401D-B943-D3788721999A}\MpKsl2b1d5d64.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4F286CFB-5F46-401D-B943-D3788721999A}\MpKsl2b1d5d64.sys [?]
S1 MpKsl51c1af3b;MpKsl51c1af3b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9DF6A36F-4136-48A9-90EC-DCDAF5DBF304}\MpKsl51c1af3b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9DF6A36F-4136-48A9-90EC-DCDAF5DBF304}\MpKsl51c1af3b.sys [?]
S1 MpKsl66bc4942;MpKsl66bc4942;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F57D5FFD-1B76-4BA0-8F6F-117AEC08503D}\MpKsl66bc4942.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F57D5FFD-1B76-4BA0-8F6F-117AEC08503D}\MpKsl66bc4942.sys [?]
S1 MpKsl6c37d727;MpKsl6c37d727;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F57D5FFD-1B76-4BA0-8F6F-117AEC08503D}\MpKsl6c37d727.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F57D5FFD-1B76-4BA0-8F6F-117AEC08503D}\MpKsl6c37d727.sys [?]
S1 MpKsl9454eba3;MpKsl9454eba3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BE28EB78-9C60-4538-BA10-60B5075AECC3}\MpKsl9454eba3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BE28EB78-9C60-4538-BA10-60B5075AECC3}\MpKsl9454eba3.sys [?]
S1 MpKsl9a243571;MpKsl9a243571;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9DF6A36F-4136-48A9-90EC-DCDAF5DBF304}\MpKsl9a243571.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9DF6A36F-4136-48A9-90EC-DCDAF5DBF304}\MpKsl9a243571.sys [?]
S1 MpKsla3fb83f4;MpKsla3fb83f4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8E087856-06B3-4ED0-83A2-1399648F9900}\MpKsla3fb83f4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8E087856-06B3-4ED0-83A2-1399648F9900}\MpKsla3fb83f4.sys [?]
S1 MpKslaf10a119;MpKslaf10a119;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3AEE3441-13A4-4358-BDCC-92F5B3D66FBB}\MpKslaf10a119.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3AEE3441-13A4-4358-BDCC-92F5B3D66FBB}\MpKslaf10a119.sys [?]
S1 MpKslb901e693;MpKslb901e693;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5D6935D8-31A7-463E-9D3F-BD5064D7B262}\MpKslb901e693.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5D6935D8-31A7-463E-9D3F-BD5064D7B262}\MpKslb901e693.sys [?]
S1 MpKsld895b8b4;MpKsld895b8b4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1FD739A8-F576-49B8-9DF1-F485D97498DD}\MpKsld895b8b4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1FD739A8-F576-49B8-9DF1-F485D97498DD}\MpKsld895b8b4.sys [?]
S1 MpKslfb02e609;MpKslfb02e609;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7FC2CA1-B298-4121-81DA-476ADD50EA6F}\MpKslfb02e609.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7FC2CA1-B298-4121-81DA-476ADD50EA6F}\MpKslfb02e609.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL1EBD391B
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-436374069-1060284298-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-16 10:21]
.
2011-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-436374069-1060284298-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-16 10:21]
.
2011-05-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 04:26]
.
2011-05-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1547161642-436374069-1060284298-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 02:47]
.
2011-05-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1547161642-436374069-1060284298-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 02:47]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0l1wiybw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
inifile=c:\windows\system32\NOTEPAD2.EXE %1
txtfile=c:\windows\system32\NOTEPAD2.EXE %1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-17 21:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1547161642-436374069-1060284298-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a7,2b,3c,c9,b6,8f,a1,43,93,0d,45,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a7,2b,3c,c9,b6,8f,a1,43,93,0d,45,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1608)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-05-17 21:12:57
ComboFix-quarantined-files.txt 2011-05-17 13:12
.
Pre-Run: 27,631,329,280 bytes free
Post-Run: 27,591,507,968 bytes free
.
- - End Of File - - 6B68E7F41BCEB367C440E9782FC35221


##########################################################
  • 0

#10
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
How's the computer? Still slow?


Please try the following:

1. Please check volume for errors.
  • To check the volume for errors:
  • Click start and then My Computer.
  • Right click the drive C and select Properties.
  • Under Tools tab press Check Now...
  • Put a check mark in both items and press start.
  • If you get a message click Yes to schedule the disk check and click OK and then restart your computer to start the disk check. Please be patient and let the system run. In some cases it might take a couple of hours and you don't have to sit there the whole time.


2. Please go to this link -> http://www.bleepingc...tutorial55.html and follow the steps to perform a Disk Defragmentation.
  • 0

#11
chard_me

chard_me

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
sir,

i have just finished checking volume for errors and disk defragmentation. so far so good. my computer's performance improved slightly. i will observe it for a while. now, what should i do next and how can i remove the tools that i used previously like fixme, combofix, rkill, TFC, OTL, etc.?

thanks pare!

chard_me

Edited by chard_me, 17 May 2011 - 10:17 AM.

  • 0

#12
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Sorry about the delay.

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
  • Download the latest version of Java Runtime Environment (JRE) Version 6.
  • Look for "JDK 6 Update 25 (JDK or JRE).
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".

    • Select "Windows x86 Offline" and click on jre-6u25-windows-i586.exe
  • Save it to your desktop
  • Close any programs you may have running - especially your web browser.
  • Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).
  • Reboot your computer once all Java components are removed.
  • Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.


=================================

Uninstall:

1. ComboFix

  • Click Start > Run > copy/paste the following bolded text into the Run box and click OK:

    ComboFix /Uninstall


2. ESET online scanner
  • Go to Control Panel > Add Remove Programs > locate and remove ESET Online Scanner.



Clean-up with OTL:
  • Run OTL
  • Click on the CleanUp! button.


If you use other tools and they are still present after the OTL clean up... you can simply delete them except for those tools that was installed (you need to uninstall them).


=====================================


Take the time to read below to secure your machine and take the necessary steps to keep it Clean :)

How to prevent malware

How to increase PC speed


Practice Safe Internet
One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:

  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article: Foistware, And how to avoid it.
    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.
  • Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
  • Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.


  • 0

#13
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP