Computer running slow - Malwarebytes found many infections

View previous topic View next topic Go down

Computer running slow - Malwarebytes found many infections

Post by Hemi1 on 4th October 2009, 9:50 pm

Just recently ran malwarebytes and it found numerous infections. Would like to find out if there is any lingering malware on my computer.

Note my other post was for my laptop this is regarding my home office PC

Here is the log

Malwarebytes' Anti-Malware 1.41
Database version: 2905
Windows 5.1.2600 Service Pack 3

10/4/2009 11:39:34 AM
mbam-log-2009-10-04 (11-39-34).txt

Scan type: Full Scan (C:\|)
Objects scanned: 272467
Time elapsed: 1 hour(s), 50 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 12
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8b27cc68-110c-46a9-80d3-f3107de6eb98} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8a06a1a7-9e64-4359-8556-b6ea03d69814} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\ExplorerWAS (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\ExplorerWAS (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CAC (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\winantispyware 2007 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Network Monitor (Trojan.Service) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.starsdoor.com (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\NetworkService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tina\Application Data\WinAntiSpyware 2007 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tina\Application Data\WinAntiSpyware 2007\Logs (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tina\Start Menu\Programs\Outerinfo (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINNT\system32\A1 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINNT\system32\f02WtR (Malware.Trace) -> Quarantined and deleted successfully.

Files Infected:
C:\WINNT\system32\MSINET.oca (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tina\Application Data\WinAntiSpyware 2007\Logs\update.log (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tina\Start Menu\Programs\Outerinfo\Terms.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tina\Start Menu\Programs\Outerinfo\Uninstall.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\L\Desktop\Click to Find and Fix Errors.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\WINNT\system32\mlkkj.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINNT\system32\oqtss.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tina\Local Settings\Temp\yazzlesnet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\L\Cookies\MM2048.DAT (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\L\Cookies\MM256.DAT (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINNT\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.

Hemi1
Novice
Novice

Posts Posts : 38
Joined Joined : 2009-10-03
Gender Gender : Male
OS OS : XP Pro
Points Points : 26276
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer running slow - Malwarebytes found many infections

Post by Dr Jay on 5th October 2009, 1:09 am

Hi

Please download ComboFix by sUBs
[You must be registered and logged in to see this link.]

Please save the file to your Desktop, but rename it first:




Important information about ComboFix

Before the download:
  • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  • It is important to rename ComboFix before the download.
  • Please do not rename ComboFix to other names, but only the one indicated.

After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". [You must be registered and logged in to see this link.] if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:
  • Double click on svchost.exe & follow the prompts.
  • It will attempt to install the Recovery Console:




  • When ComboFix finishes, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" in your next reply.


Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Computer running slow - Malwarebytes found many infections

Post by Hemi1 on 5th October 2009, 3:59 pm

I will run Combo Fix tonight when I get home (Pacific Standard Time)
Thank you

Hemi1
Novice
Novice

Posts Posts : 38
Joined Joined : 2009-10-03
Gender Gender : Male
OS OS : XP Pro
Points Points : 26276
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer running slow - Malwarebytes found many infections

Post by Dr Jay on 5th October 2009, 10:56 pm

Ok, post when ready. Smile


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Computer running slow - Malwarebytes found many infections

Post by Hemi1 on 6th October 2009, 1:13 am

ComboFix 09-10-04.01 - L 10/05/2009 17:10.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1024.590 [GMT -7:00]
Running from: c:\documents and settings\L\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
c:\program files\fnts~1
c:\program files\icroso~1.net
c:\program files\ystem3~1
c:\winnt\fgjilm.ini
c:\winnt\gggfgh.ini
c:\winnt\illoqr.ini
c:\winnt\jiikmp.ini
c:\winnt\onprss.ini
c:\winnt\sstvut.ini
c:\winnt\stuvxx.ini
c:\winnt\system32\42KJE738.ocx
c:\winnt\system32\avouorjh.ini
c:\winnt\system32\bdsocrsf.ini
c:\winnt\system32\bnhbhgxm.ini
c:\winnt\system32\Cache
c:\winnt\system32\cdeeg.ini
c:\winnt\system32\cdyvuilb.ini
c:\winnt\system32\ckhbnvnf.ini
c:\winnt\system32\dccdd.ini
c:\winnt\system32\dgiygyjt.ini
c:\winnt\system32\dgjlm.bak2
c:\winnt\system32\dgjlm.ini
c:\winnt\system32\dllnnlcj.ini
c:\winnt\system32\ekmxbfjg.ini
c:\winnt\system32\exsdivkb.ini
c:\winnt\system32\fetsmuui.ini
c:\winnt\system32\gkvflark.ini
c:\winnt\system32\gsrkhphe.ini
c:\winnt\system32\hjjlm.bak2
c:\winnt\system32\hjjlm.ini
c:\winnt\system32\hmbbbtmf.ini
c:\winnt\system32\hovqyset.ini
c:\winnt\system32\hsgdposv.ini
c:\winnt\system32\icxmoxjw.ini
c:\winnt\system32\ihfwgrtp.ini
c:\winnt\system32\inhydctn.ini
c:\winnt\system32\iorfxcyg.ini
c:\winnt\system32\ivqulxds.ini
c:\winnt\system32\jjkmp.ini
c:\winnt\system32\jlkkj.ini
c:\winnt\system32\jmllm.ini
c:\winnt\system32\jpricdov.ini
c:\winnt\system32\kvmlmhln.ini
c:\winnt\system32\kxywmyqm.ini
c:\winnt\system32\lgbtaoaf.ini
c:\winnt\system32\llyhnhyy.ini
c:\winnt\system32\logs
c:\winnt\system32\lpqfcjdo.ini
c:\winnt\system32\lsfhvkvw.ini
c:\winnt\system32\ltbmgjve.ini
c:\winnt\system32\lwvybvuv.ini
c:\winnt\system32\mgxcqnoo.ini
c:\winnt\system32\mlkkj.bak2
c:\winnt\system32\mnnmp.ini
c:\winnt\system32\mxhusoof.ini
c:\winnt\system32\nfxdbdqe.ini
c:\winnt\system32\nmllm.bak2
c:\winnt\system32\nmllm.ini
c:\winnt\system32\ntrciawt.ini
c:\winnt\system32\nwkpvblp.ini
c:\winnt\system32\nwsfgckx.ini
c:\winnt\system32\omjgwavc.ini
c:\winnt\system32\oplnklpr.ini
c:\winnt\system32\oqstv.bak2
c:\winnt\system32\oqstv.ini
c:\winnt\system32\oqstv.ini2
c:\winnt\system32\polwqwuv.ini
c:\winnt\system32\psnjwhfs.ini
c:\winnt\system32\qiqdftra.ini
c:\winnt\system32\qqmijjtd.ini
c:\winnt\system32\qqtss.ini
c:\winnt\system32\qrpfnngs.ini
c:\winnt\system32\qrutv.bak2
c:\winnt\system32\qrutv.ini
c:\winnt\system32\qsjodmts.ini
c:\winnt\system32\rrqss.bak2
c:\winnt\system32\rtstv.ini
c:\winnt\system32\rytsscmo.ini
c:\winnt\system32\scunnbsm.ini
c:\winnt\system32\sjkiteye.ini
c:\winnt\system32\srlopokg.ini
c:\winnt\system32\sxgrltmv.ini
c:\winnt\system32\tbynvijv.ini
c:\winnt\system32\tnimajif.ini
c:\winnt\system32\trcshbcq.ini
c:\winnt\system32\txsslspc.ini
c:\winnt\system32\uayocxww.ini
c:\winnt\system32\usliimuf.ini
c:\winnt\system32\usqyfeik.ini
c:\winnt\system32\uvokpevn.ini
c:\winnt\system32\vcnqcfdk.ini
c:\winnt\system32\wcuchqgq.ini
c:\winnt\system32\wpmicoaw.ini
c:\winnt\system32\wrbisyvb.ini
c:\winnt\system32\wvvwa.bak2
c:\winnt\system32\xmrpcurx.ini
c:\winnt\system32\xvotjhxo.ini
c:\winnt\system32\ybeeg.bak2
c:\winnt\system32\ybeeg.ini
c:\winnt\system32\yllhfjnw.ini
c:\winnt\system32\ynthdssu.ini
c:\winnt\system32\yyaayeho.ini
c:\winnt\uxwwwa.ini
c:\winnt\vwxbbc.ini
c:\winnt\Web\default.htt
c:\winnt\winsock.reg
c:\winnt\winsock2.reg
c:\winnt\yceghk.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_IAS


((((((((((((((((((((((((( Files Created from 2009-09-06 to 2009-10-06 )))))))))))))))))))))))))))))))
.

2009-10-04 19:50 . 2008-12-11 15:38 159600 ----a-w- c:\winnt\system32\drivers\pctgntdi.sys
2009-10-04 19:50 . 2009-08-24 21:05 206256 ----a-w- c:\winnt\system32\drivers\PCTCore.sys
2009-10-04 19:50 . 2009-08-19 18:01 86888 ----a-w- c:\winnt\system32\drivers\PCTAppEvent.sys
2009-10-04 19:49 . 2009-10-04 19:51 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-04 19:49 . 2008-12-10 18:36 64392 ----a-w- c:\winnt\system32\drivers\pctplsg.sys
2009-10-04 19:49 . 2009-10-05 06:38 -------- d-----w- c:\program files\Spyware Doctor
2009-10-04 19:49 . 2009-10-04 19:49 -------- d-----w- c:\documents and settings\L\Application Data\PC Tools
2009-10-04 19:49 . 2009-10-04 19:49 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-10-04 19:48 . 2009-10-06 00:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-04 19:42 . 2009-10-04 19:42 -------- d-----w- c:\documents and settings\L\Local Settings\Application Data\Mozilla
2009-10-04 19:28 . 2009-10-04 19:28 124 ----a-w- c:\documents and settings\L\Local Settings\Application Data\fusioncache.dat
2009-10-04 19:23 . 2009-07-08 20:44 40552 ----a-w- c:\winnt\system32\drivers\mfesmfk.sys
2009-10-04 19:23 . 2009-07-08 20:44 35272 ----a-w- c:\winnt\system32\drivers\mfebopk.sys
2009-10-04 19:23 . 2009-07-08 20:44 79816 ----a-w- c:\winnt\system32\drivers\mfeavfk.sys
2009-10-04 19:23 . 2009-07-16 19:32 120136 ----a-w- c:\winnt\system32\drivers\Mpfp.sys
2009-10-04 19:22 . 2009-10-04 19:23 -------- d-----w- c:\program files\Common Files\McAfee
2009-10-04 19:22 . 2009-10-04 19:22 -------- d-----w- c:\program files\McAfee.com
2009-10-04 19:21 . 2009-10-04 20:16 -------- d-----w- c:\program files\McAfee
2009-10-04 19:17 . 2009-07-08 20:43 34248 ----a-w- c:\winnt\system32\drivers\mferkdk.sys
2009-10-04 18:55 . 2009-10-04 18:55 -------- d-----w- c:\program files\VS Revo Group
2009-10-04 16:54 . 2009-10-04 16:54 -------- d-sh--w- c:\documents and settings\Tina\IETldCache
2009-10-04 16:17 . 2009-10-04 16:17 -------- d-----w- c:\documents and settings\L\Application Data\Malwarebytes
2009-10-04 16:17 . 2009-09-10 21:54 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2009-10-04 16:17 . 2009-10-04 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-04 16:17 . 2009-09-10 21:53 19160 ----a-w- c:\winnt\system32\drivers\mbam.sys
2009-10-04 16:17 . 2009-10-04 18:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-09 09:53 . 2009-06-21 21:44 153088 -c----w- c:\winnt\system32\dllcache\triedit.dll
2009-09-09 03:32 . 2009-09-09 03:31 737280 ----a-w- c:\winnt\iun6002.exe
2009-09-09 03:32 . 2009-09-29 00:59 -------- d-----w- C:\SpeedItup-Checkup
2009-09-08 18:52 . 2009-09-08 18:52 -------- d-----w- c:\winnt\system32\XPSViewer
2009-09-08 18:52 . 2009-09-08 18:52 -------- d-----w- c:\program files\MSBuild
2009-09-08 18:52 . 2009-09-08 18:52 -------- d-----w- c:\program files\Reference Assemblies
2009-09-08 18:51 . 2008-07-06 12:06 89088 -c----w- c:\winnt\system32\dllcache\filterpipelineprintproc.dll
2009-09-08 18:51 . 2008-07-06 12:06 117760 ------w- c:\winnt\system32\prntvpt.dll
2009-09-08 18:51 . 2008-07-06 10:50 597504 -c----w- c:\winnt\system32\dllcache\printfilterpipelinesvc.exe
2009-09-08 18:51 . 2008-07-06 12:06 575488 -c----w- c:\winnt\system32\dllcache\xpsshhdr.dll
2009-09-08 18:51 . 2008-07-06 12:06 575488 ------w- c:\winnt\system32\xpsshhdr.dll
2009-09-08 18:51 . 2008-07-06 12:06 1676288 -c----w- c:\winnt\system32\dllcache\xpssvcs.dll
2009-09-08 18:51 . 2008-07-06 12:06 1676288 ------w- c:\winnt\system32\xpssvcs.dll
2009-09-08 18:51 . 2009-09-08 18:51 -------- d-----w- C:\aacfab24290bb803bbebb2
2009-09-07 21:28 . 2009-09-07 21:28 -------- d-sh--w- c:\documents and settings\L\IECompatCache
2009-09-07 21:28 . 2009-09-07 21:28 -------- d-----w- c:\documents and settings\L\Application Data\Red Kawa
2009-09-07 21:16 . 2009-09-07 21:16 -------- d-----w- c:\program files\AviSynth 2.5
2009-09-07 21:16 . 2009-09-07 21:16 -------- d-----w- c:\program files\Red Kawa
2009-09-07 21:00 . 2009-09-07 21:00 -------- d-----w- c:\program files\DVD Decrypter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-06 00:46 . 2003-02-13 05:44 288 ----a-w- c:\winnt\system32\DVCStateBkp-{00000000-00000000-0000000B-00001102-00000004-10021102}.dat
2009-10-06 00:46 . 2003-02-13 05:44 288 ----a-w- c:\winnt\system32\DVCState-{00000000-00000000-0000000B-00001102-00000004-10021102}.dat
2009-10-05 17:32 . 2003-03-25 03:27 -------- d-----w- c:\program files\Paint Shop Pro 5
2009-10-05 00:16 . 2006-07-13 01:11 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-04 19:16 . 2003-12-21 18:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-04 19:01 . 2007-11-14 02:56 -------- d-----w- c:\documents and settings\L\Application Data\McAfee
2009-09-09 04:39 . 2008-10-25 23:17 -------- d-----w- c:\program files\Speeditup Free
2009-09-09 02:39 . 2003-02-13 05:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-09 02:37 . 2003-02-14 07:02 -------- d-----w- c:\program files\Ahead
2009-09-09 02:36 . 2007-11-01 02:42 -------- d-----w- c:\program files\Verizon
2009-09-08 20:31 . 2004-01-25 18:53 115024 ----a-w- c:\documents and settings\L\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-07 20:49 . 2007-11-03 19:56 -------- d-----w- c:\documents and settings\L\Application Data\Verizon
2009-08-14 13:58 . 2009-10-04 19:50 7396 ----a-w- c:\winnt\system32\drivers\pctcore.cat
2009-08-05 09:01 . 2003-02-25 03:53 204800 ----a-w- c:\winnt\system32\mswebdvd.dll
2009-07-17 19:01 . 2001-08-23 12:00 58880 ----a-w- c:\winnt\system32\atl.dll
2009-07-14 06:43 . 2003-02-21 05:47 286208 ----a-w- c:\winnt\system32\wmpdxm.dll
2009-07-08 20:44 . 2009-07-08 20:44 214024 ----a-w- c:\winnt\system32\drivers\mfehidk.sys
2003-02-13 04:50 . 2003-02-13 04:50 21952 ---ha-w- c:\program files\folder.htt
2001-08-23 12:00 . 2001-08-23 12:00 94784 --sh--w- c:\winnt\twain.dll
2008-04-14 00:12 . 2001-08-23 12:00 50688 --sh--w- c:\winnt\twain_32.dll
2008-04-14 00:11 . 2001-08-23 12:00 1028096 --sha-w- c:\winnt\system32\mfc42.dll
2008-04-14 00:12 . 2001-08-23 12:00 57344 --sh--w- c:\winnt\system32\msvcirt.dll
2008-04-14 00:12 . 2001-08-23 12:00 551936 --sh--w- c:\winnt\system32\oleaut32.dll
2008-04-14 00:12 . 2001-08-23 12:00 84992 --sha-w- c:\winnt\system32\olepro32.dll
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-01-26 16:55 . 2007-01-26 16:55 171448 c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe

2006-07-01 03:25 . 2006-07-01 03:25 282624 c:\program files\QuickTime\bak\qttask.exe

2003-02-13 05:32 . 2000-05-11 09:00 90112 c:\winnt\bak\UpdReg.EXE

2003-02-14 06:28 . 2001-06-12 09:13 200704 c:\winnt\system32\spool\drivers\w32x86\3\bak\hpztsb03.exe
2009-02-20 02:33 . 2001-06-12 09:13 200704 c:\winnt\system32\spool\drivers\w32x86\3\hpztsb03.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-12 39408]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2007-10-27 50528]
"ctfmon.exe"="c:\winnt\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2007-06-06 936960]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 2061816]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"HPDJ Taskbar Utility"="c:\winnt\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-06-12 200704]
"PC-Checkup"="c:\speeditup-checkup\SpeedCheckUp.exe" [2009-09-25 5359104]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-07-23 1181064]
"MsmqIntCert"="mqrt.dll" - c:\winnt\system32\mqrt.dll [2008-04-14 177152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-04 44544]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ lsdelete\0autocheck autochk /k:C *

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=c:\winnt\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
backup=c:\winnt\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=c:\winnt\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ExifLauncher2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk
backup=c:\winnt\pss\ExifLauncher2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Instant Update Reminder.lnk]
backup=c:\winnt\pss\Instant Update Reminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=c:\winnt\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\winnt\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\winnt\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\winnt\pss\WinZip Quick Pick.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD50
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmailScan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Insider
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISMModule4
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchIndexer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6w
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sscRun
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uwas7cw
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAntiSpyware 2007 Free
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsService
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Words
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{4F-F5-59-90-ZN}

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCCClient.exe]
[N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
[N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pop3trap.exe]
[N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"GEARSecurity_BackUp"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"Schedule"=2 (0x2)
"Nla"=3 (0x3)
"Network Monitor"=2 (0x2)
"Netlogon"=3 (0x3)
"napagent"=3 (0x3)
"MSMQ"=2 (0x2)
"MSFTPSVC"=2 (0x2)
"mnmsrvc"=3 (0x3)
"Lavasoft Ad-Aware Service"=2 (0x2)
"KodakCCS"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"ImapiService"=3 (0x3)
"hkmsvc"=3 (0x3)
"helpsvc"=2 (0x2)
"Fax"=2 (0x2)
"bgsvcgen"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINNT\\system32\\mqsvc.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Morpheus\\Morpheus.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1178771139\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\winnt\system32\drivers\Lbd.sys [2/24/2009 9:04 PM 64160]
R0 PCTCore;PCTools KDS;c:\winnt\system32\drivers\PCTCore.sys [10/4/2009 12:50 PM 206256]
R2 IOPort;IOPort;c:\winnt\system32\IOPORT.SYS [2/12/2003 10:09 PM 6144]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/4/2009 12:49 PM 348824]
R3 ctgame;Game Port;c:\winnt\system32\drivers\ctgame.sys [2/12/2003 10:30 PM 10368]
S2 nvTUNEP;nVidia WDM TVTuner;c:\winnt\system32\drivers\NVTUNEP.SYS [2/12/2003 10:19 PM 16032]
S2 nvtvSND;nVidia WDM TVAudio Crossbar;c:\winnt\system32\drivers\NVTVSND.SYS [2/12/2003 10:19 PM 13600]
S3 CA500AI;SPCA500A Still Image Capture, Sunplus Version 1.00;c:\winnt\system32\Drivers\BULKUSB.sys --> c:\winnt\system32\Drivers\BULKUSB.sys [?]
S3 CA500AV;Digital Video Camera(Video);c:\winnt\system32\DRIVERS\CA500AV.SYS --> c:\winnt\system32\DRIVERS\CA500AV.SYS [?]
S3 GearAspiWDM_BackUp;GEARAspiWDM;c:\winnt\system32\drivers\GEARAspiWDM.sys [3/7/2005 12:52 PM 14408]
S4 GEARSecurity_BackUp;GEARSecurity_BackUp;system32\gearsec.exe --> system32\gearsec.exe [?]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 2:34 PM 953168]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\winnt\system32\rundll32.exe" "c:\winnt\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-28 c:\winnt\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 03:04]

2009-10-04 c:\winnt\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-04 04:26]

2009-10-04 c:\winnt\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-04 04:26]

2009-10-05 c:\winnt\Tasks\WGASetup.job
- c:\winnt\system32\KB905474\wgasetup.exe [2009-05-12 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
Trusted Zone: aol.com\free
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: vzTCPConfig - [You must be registered and logged in to see this link.]
DPF: {D5EC5989-671B-476D-AC86-090793776FB1} - [You must be registered and logged in to see this link.]
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\L\Application Data\Mozilla\Firefox\Profiles\u144xrxo.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\Common Files\mpDRM\NPMPDRM.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

BHO-{9BDB86D0-49C0-40FB-B790-95F06D9FB3AA} - (no file)
BHO-{D61F7D1C-E004-4C42-81A6-6DF26A89AA3E} - (no file)
Notify-cipldm - cipldm.dll
SafeBoot-sglfb.sys
SafeBoot-tga.sys
AddRemove-AOLAntivirus - c:\program files\mcafee.com\antivirus\uninst.exe
AddRemove-hp deskjet 940c series - c:\program files\hp deskjet 940c series\hpfiui.exe
AddRemove-{F5223680-993A-11D4-86F6-0001031E5712} - c:\program files\InterVideo\Installer\IVIUninstaller.exe



**************************************************************************

disk not found C:\

please note that you need administrator rights to perform deep scan
scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\mpDRM\LicenseStore*]
@DACL=
"CheckValue"=dword:ba3464ba
"DA39A3EE"="E5E6B4B0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3696)
c:\winnt\system32\WININET.dll
c:\program files\Spyware Doctor\pctgmhk.dll
c:\program files\AOL Deskbar\deskbar.dll
c:\program files\Common Files\AOL\AOL Toolbar\AOLHelper.dll
c:\program files\Windows Media Player\wmpband.dll
c:\winnt\system32\webcheck.dll
c:\winnt\system32\IEFRAME.dll
c:\winnt\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\winnt\system32\PortableDeviceTypes.dll
c:\winnt\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\AOL\acs\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Command Software\dvpapi.exe
c:\winnt\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\program files\AOL 9.1\waol.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\winnt\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\winnt\system32\nvsvc32.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\winnt\system32\tcpsvcs.exe
c:\winnt\system32\snmp.exe
c:\winnt\system32\MsPMSPSv.exe
c:\winnt\system32\wscntfy.exe
c:\program files\AOL 9.1\shellmon.exe
.
**************************************************************************
.
Completion time: 2009-10-06 18:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-06 01:02

Pre-Run: 17,150,021,632 bytes free
Post-Run: 17,283,633,152 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

461 --- E O F --- 2009-10-05 20:21

Hemi1
Novice
Novice

Posts Posts : 38
Joined Joined : 2009-10-03
Gender Gender : Male
OS OS : XP Pro
Points Points : 26276
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer running slow - Malwarebytes found many infections

Post by Dr Jay on 6th October 2009, 5:55 am

Hi

1. I notice that you have these sites aol.com/free, internet, mcafee.com in your Trusted Zone. Internet Explorer's security is based upon a set of zones. Each zone has different security in terms of what scripts and applications can be run from a site that is in that zone. There is a security zone called the Trusted Zone. This zone has the lowest security and allows scripts and applications from sites in this zone to run without your knowledge. It is therefore a popular setting for malware sites to use so that future infections can be easily done on your computer without your knowledge as these sites will be in the Trusted Zone.

I strongly recommend remove all entries from the Trusted Zone as they are unnecessary to be there.

==

2. I see you are running P2P applications: Morpheus and Limewire. I suggest to read the following, and then decide whether you want to keep it or not: [You must be registered and logged in to see this link.]

==

3. I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". I suggest you remove the program now. Navigate to Start --> Control Panel --> Add or Remove Programs and uninstall the following programs if present.

  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
  • Viewpoint Toolbar

Let me know if you decided to uninstall it.

==

4. Please download the newest version of Adobe Acrobat Reader from [You must be registered and logged in to see this link.]

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

5. I have noticed that you have 4 antispyware programs installed on your computer.
These are:
  • 1. Spyware Doctor
  • 2. SpyBot Search & Destroy
  • 3. McAfee
  • 4. Ad-Aware
Warning!
Running more than one resident protection program of the same type (antivirus, firewall or antispyware program) at the same time can result in unwanted conflict.
This can reduce the effectiveness of all your antispyware programs individually.
If you want to keep all your antispyware programs then please make sure they are not in resident mode at the same time.

==

6. Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\winnt\iun6002.exe
    c:\winnt\system32\tscupgrd.exe

    Folder::
    C:\aacfab24290bb803bbebb2
    C:\SpeedItup-Checkup
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Computer running slow - Malwarebytes found many infections

Post by Hemi1 on 7th October 2009, 5:41 am

CFScript into ComboFix log


CFScripComboFix 09-10-06.03 - L 10/06/2009 21:58.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1024.642 [GMT -7:00]
Running from: c:\documents and settings\L\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\L\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\winnt\iun6002.exe"
"c:\winnt\system32\tscupgrd.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\aacfab24290bb803bbebb2
c:\aacfab24290bb803bbebb2\amd64\filterpipelineprintproc.dll
c:\aacfab24290bb803bbebb2\amd64\msxpsdrv.cat
c:\aacfab24290bb803bbebb2\amd64\msxpsdrv.inf
c:\aacfab24290bb803bbebb2\amd64\msxpsinc.gpd
c:\aacfab24290bb803bbebb2\amd64\msxpsinc.ppd
c:\aacfab24290bb803bbebb2\amd64\mxdwdrv.dll
c:\aacfab24290bb803bbebb2\amd64\xpssvcs.dll
c:\aacfab24290bb803bbebb2\i386\filterpipelineprintproc.dll
c:\aacfab24290bb803bbebb2\i386\msxpsdrv.cat
c:\aacfab24290bb803bbebb2\i386\msxpsdrv.inf
c:\aacfab24290bb803bbebb2\i386\msxpsinc.gpd
c:\aacfab24290bb803bbebb2\i386\msxpsinc.ppd
c:\aacfab24290bb803bbebb2\i386\mxdwdrv.dll
c:\aacfab24290bb803bbebb2\i386\xpssvcs.dll
C:\SpeedItup-Checkup
c:\speeditup-checkup\Backup\Backup_(09_08_09)_(20_41_46)[108].reg
c:\speeditup-checkup\Backup\Backup_(09_08_09)_(21_37_28)[2].reg
c:\speeditup-checkup\Backup\Backup_(09_08_09)_(21_47_19)[2].reg
c:\speeditup-checkup\Backup\Backup_(09_20_09)_(07_42_55)[4].reg
c:\speeditup-checkup\Backup\Backup_(09_29_09)_(19_45_29)[4].reg
c:\speeditup-checkup\Backup\Backup_(10_04_09)_(13_40_50)[16].reg
c:\speeditup-checkup\irunin.bmp
c:\speeditup-checkup\irunin.dat
c:\speeditup-checkup\irunin.ini
c:\speeditup-checkup\irunin.lng
c:\speeditup-checkup\JkDefrag.dll
c:\speeditup-checkup\License lgpl.txt
c:\speeditup-checkup\NTAMK.dll
c:\speeditup-checkup\PC-Checkup.log
c:\speeditup-checkup\PC-Checkup.lst
c:\speeditup-checkup\SpeedCheckUp.exe
c:\speeditup-checkup\speeditupcheckup-full.html
c:\winnt\iun6002.exe
c:\winnt\system32\tscupgrd.exe

.
((((((((((((((((((((((((( Files Created from 2009-09-07 to 2009-10-07 )))))))))))))))))))))))))))))))
.

2009-10-06 01:35 . 2009-10-06 01:35 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-10-06 00:01 . 2009-10-06 01:02 -------- d-----w- C:\Combo-Fix
2009-10-04 19:50 . 2008-12-11 15:38 159600 ----a-w- c:\winnt\system32\drivers\pctgntdi.sys
2009-10-04 19:50 . 2009-08-24 21:05 206256 ----a-w- c:\winnt\system32\drivers\PCTCore.sys
2009-10-04 19:50 . 2009-08-19 18:01 86888 ----a-w- c:\winnt\system32\drivers\PCTAppEvent.sys
2009-10-04 19:49 . 2009-10-04 19:51 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-04 19:49 . 2008-12-10 18:36 64392 ----a-w- c:\winnt\system32\drivers\pctplsg.sys
2009-10-04 19:49 . 2009-10-06 15:55 -------- d-----w- c:\program files\Spyware Doctor
2009-10-04 19:49 . 2009-10-04 19:49 -------- d-----w- c:\documents and settings\L\Application Data\PC Tools
2009-10-04 19:49 . 2009-10-04 19:49 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-10-04 19:48 . 2009-10-07 04:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-04 19:42 . 2009-10-04 19:42 -------- d-----w- c:\documents and settings\L\Local Settings\Application Data\Mozilla
2009-10-04 19:28 . 2009-10-04 19:28 124 ----a-w- c:\documents and settings\L\Local Settings\Application Data\fusioncache.dat
2009-10-04 19:23 . 2009-07-08 20:44 40552 ----a-w- c:\winnt\system32\drivers\mfesmfk.sys
2009-10-04 19:23 . 2009-07-08 20:44 35272 ----a-w- c:\winnt\system32\drivers\mfebopk.sys
2009-10-04 19:23 . 2009-07-08 20:44 79816 ----a-w- c:\winnt\system32\drivers\mfeavfk.sys
2009-10-04 19:23 . 2009-07-16 19:32 120136 ----a-w- c:\winnt\system32\drivers\Mpfp.sys
2009-10-04 19:22 . 2009-10-04 19:23 -------- d-----w- c:\program files\Common Files\McAfee
2009-10-04 19:22 . 2009-10-04 19:22 -------- d-----w- c:\program files\McAfee.com
2009-10-04 19:21 . 2009-10-04 20:16 -------- d-----w- c:\program files\McAfee
2009-10-04 19:17 . 2009-07-08 20:43 34248 ----a-w- c:\winnt\system32\drivers\mferkdk.sys
2009-10-04 18:55 . 2009-10-04 18:55 -------- d-----w- c:\program files\VS Revo Group
2009-10-04 16:54 . 2009-10-04 16:54 -------- d-sh--w- c:\documents and settings\Tina\IETldCache
2009-10-04 16:17 . 2009-10-04 16:17 -------- d-----w- c:\documents and settings\L\Application Data\Malwarebytes
2009-10-04 16:17 . 2009-09-10 21:54 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2009-10-04 16:17 . 2009-10-04 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-04 16:17 . 2009-09-10 21:53 19160 ----a-w- c:\winnt\system32\drivers\mbam.sys
2009-10-04 16:17 . 2009-10-04 18:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-09 09:53 . 2009-06-21 21:44 153088 -c----w- c:\winnt\system32\dllcache\triedit.dll
2009-09-08 18:52 . 2009-09-08 18:52 -------- d-----w- c:\winnt\system32\XPSViewer
2009-09-08 18:52 . 2009-09-08 18:52 -------- d-----w- c:\program files\MSBuild
2009-09-08 18:52 . 2009-09-08 18:52 -------- d-----w- c:\program files\Reference Assemblies
2009-09-08 18:51 . 2008-07-06 12:06 89088 -c----w- c:\winnt\system32\dllcache\filterpipelineprintproc.dll
2009-09-08 18:51 . 2008-07-06 12:06 117760 ------w- c:\winnt\system32\prntvpt.dll
2009-09-08 18:51 . 2008-07-06 10:50 597504 -c----w- c:\winnt\system32\dllcache\printfilterpipelinesvc.exe
2009-09-08 18:51 . 2008-07-06 12:06 575488 -c----w- c:\winnt\system32\dllcache\xpsshhdr.dll
2009-09-08 18:51 . 2008-07-06 12:06 575488 ------w- c:\winnt\system32\xpsshhdr.dll
2009-09-08 18:51 . 2008-07-06 12:06 1676288 -c----w- c:\winnt\system32\dllcache\xpssvcs.dll
2009-09-08 18:51 . 2008-07-06 12:06 1676288 ------w- c:\winnt\system32\xpssvcs.dll
2009-09-07 21:28 . 2009-09-07 21:28 -------- d-sh--w- c:\documents and settings\L\IECompatCache
2009-09-07 21:28 . 2009-09-07 21:28 -------- d-----w- c:\documents and settings\L\Application Data\Red Kawa
2009-09-07 21:16 . 2009-09-07 21:16 -------- d-----w- c:\program files\AviSynth 2.5
2009-09-07 21:16 . 2009-09-07 21:16 -------- d-----w- c:\program files\Red Kawa
2009-09-07 21:00 . 2009-09-07 21:00 -------- d-----w- c:\program files\DVD Decrypter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-07 04:26 . 2003-12-06 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-10-07 04:19 . 2004-01-25 18:53 114640 ----a-w- c:\documents and settings\L\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-07 04:17 . 2003-02-13 05:44 288 ----a-w- c:\winnt\system32\DVCStateBkp-{00000000-00000000-0000000B-00001102-00000004-10021102}.dat
2009-10-07 04:17 . 2003-02-13 05:44 288 ----a-w- c:\winnt\system32\DVCState-{00000000-00000000-0000000B-00001102-00000004-10021102}.dat
2009-10-07 04:01 . 2003-02-14 07:02 -------- d-----w- c:\program files\Ahead
2009-10-07 03:49 . 2003-04-20 01:18 -------- d-----w- c:\program files\Java
2009-10-07 03:11 . 2003-02-13 05:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-07 02:32 . 2003-05-31 01:57 -------- d-----w- c:\program files\321Studios
2009-10-07 02:07 . 2003-02-13 05:33 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-07 00:52 . 2003-12-21 18:28 -------- d-----w- c:\program files\Lavasoft
2009-10-07 00:52 . 2008-10-22 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-07 00:49 . 2003-02-13 05:59 -------- d-----w- c:\program files\Viewpoint
2009-10-05 17:32 . 2003-03-25 03:27 -------- d-----w- c:\program files\Paint Shop Pro 5
2009-10-05 00:16 . 2006-07-13 01:11 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-04 19:16 . 2003-12-21 18:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-09 04:39 . 2008-10-25 23:17 -------- d-----w- c:\program files\Speeditup Free
2009-09-09 02:36 . 2007-11-01 02:42 -------- d-----w- c:\program files\Verizon
2009-09-07 20:49 . 2007-11-03 19:56 -------- d-----w- c:\documents and settings\L\Application Data\Verizon
2009-08-14 13:58 . 2009-10-04 19:50 7396 ----a-w- c:\winnt\system32\drivers\pctcore.cat
2009-08-05 09:01 . 2003-02-25 03:53 204800 ----a-w- c:\winnt\system32\mswebdvd.dll
2009-07-17 19:01 . 2001-08-23 12:00 58880 ----a-w- c:\winnt\system32\atl.dll
2009-07-14 06:43 . 2003-02-21 05:47 286208 ----a-w- c:\winnt\system32\wmpdxm.dll
2003-02-13 04:50 . 2003-02-13 04:50 21952 ---ha-w- c:\program files\folder.htt
2001-08-23 12:00 . 2001-08-23 12:00 94784 --sh--w- c:\winnt\twain.dll
2008-04-14 00:12 . 2001-08-23 12:00 50688 --sh--w- c:\winnt\twain_32.dll
2008-04-14 00:11 . 2001-08-23 12:00 1028096 --sha-w- c:\winnt\system32\mfc42.dll
2008-04-14 00:12 . 2001-08-23 12:00 57344 --sh--w- c:\winnt\system32\msvcirt.dll
2008-04-14 00:12 . 2001-08-23 12:00 84992 --sha-w- c:\winnt\system32\olepro32.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-07 04:19 . 2009-10-07 04:19 16384 c:\winnt\Temp\Perflib_Perfdata_864.dat
+ 2003-02-14 07:48 . 2008-04-14 00:11 57344 c:\winnt\system32\dllcache\msadrh15.dll
+ 2003-02-14 07:48 . 2008-04-14 00:11 57344 c:\winnt\system32\dllcache\msador15.dll
+ 2003-02-14 07:48 . 2008-04-13 17:26 24576 c:\winnt\system32\dllcache\msader15.dll
+ 2003-07-29 02:02 . 2009-10-07 00:58 98304 c:\winnt\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2003-07-29 02:02 . 2009-10-05 23:37 98304 c:\winnt\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2003-02-14 07:55 . 2009-10-07 00:58 32768 c:\winnt\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2003-02-14 07:55 . 2009-10-05 23:37 32768 c:\winnt\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2003-02-14 07:55 . 2009-10-05 23:37 32768 c:\winnt\system32\config\systemprofile\Cookies\index.dat
+ 2009-10-06 04:15 . 2009-10-07 00:58 32768 c:\winnt\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-16 16:25 . 2009-10-07 04:21 242757 c:\winnt\system32\inetsrv\MetaBase.bin
+ 2003-02-12 20:40 . 2009-10-07 04:18 364120 c:\winnt\system32\FNTCACHE.DAT
+ 2003-02-14 07:48 . 2008-04-14 00:11 536576 c:\winnt\system32\dllcache\msado15.dll
+ 2009-02-09 11:08 . 2009-02-09 11:08 1847552 c:\winnt\$hf_mig$\KB958690\SP3QFE\win32k.sys
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-01-26 16:55 . 2007-01-26 16:55 171448 c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe

2006-07-01 03:25 . 2006-07-01 03:25 282624 c:\program files\QuickTime\bak\qttask.exe

2003-02-13 05:32 . 2000-05-11 09:00 90112 c:\winnt\bak\UpdReg.EXE

2003-02-14 06:28 . 2001-06-12 09:13 200704 c:\winnt\system32\spool\drivers\w32x86\3\bak\hpztsb03.exe
2009-02-20 02:33 . 2001-06-12 09:13 200704 c:\winnt\system32\spool\drivers\w32x86\3\hpztsb03.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-12 39408]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2007-10-27 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2007-06-06 936960]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 2061816]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"HPDJ Taskbar Utility"="c:\winnt\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-06-12 200704]
"PC-Checkup"="c:\speeditup-checkup\SpeedCheckUp.exe" [N/A]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-07-23 1181064]
"MsmqIntCert"="mqrt.dll" - c:\winnt\system32\mqrt.dll [2008-04-14 177152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\winnt\system32\tscupgrd.exe" [N/A]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C *

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=c:\winnt\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
backup=c:\winnt\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=c:\winnt\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ExifLauncher2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk
backup=c:\winnt\pss\ExifLauncher2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Instant Update Reminder.lnk]
backup=c:\winnt\pss\Instant Update Reminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=c:\winnt\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\winnt\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\winnt\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\winnt\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"GEARSecurity_BackUp"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"Schedule"=2 (0x2)
"Nla"=3 (0x3)
"Network Monitor"=2 (0x2)
"Netlogon"=3 (0x3)
"napagent"=3 (0x3)
"MSMQ"=2 (0x2)
"MSFTPSVC"=2 (0x2)
"mnmsrvc"=3 (0x3)
"Lavasoft Ad-Aware Service"=2 (0x2)
"KodakCCS"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"ImapiService"=3 (0x3)
"hkmsvc"=3 (0x3)
"helpsvc"=2 (0x2)
"Fax"=2 (0x2)
"bgsvcgen"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINNT\\system32\\mqsvc.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Morpheus\\Morpheus.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1178771139\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 PCTCore;PCTools KDS;c:\winnt\system32\drivers\PCTCore.sys [10/4/2009 12:50 PM 206256]
R2 IOPort;IOPort;c:\winnt\system32\IOPORT.SYS [2/12/2003 10:09 PM 6144]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/4/2009 12:49 PM 348824]
R3 ctgame;Game Port;c:\winnt\system32\drivers\ctgame.sys [2/12/2003 10:30 PM 10368]
S0 Lbd;Lbd;c:\winnt\system32\DRIVERS\Lbd.sys --> c:\winnt\system32\DRIVERS\Lbd.sys [?]
S2 nvTUNEP;nVidia WDM TVTuner;c:\winnt\system32\drivers\NVTUNEP.SYS [2/12/2003 10:19 PM 16032]
S2 nvtvSND;nVidia WDM TVAudio Crossbar;c:\winnt\system32\drivers\NVTVSND.SYS [2/12/2003 10:19 PM 13600]
S3 CA500AI;SPCA500A Still Image Capture, Sunplus Version 1.00;c:\winnt\system32\Drivers\BULKUSB.sys --> c:\winnt\system32\Drivers\BULKUSB.sys [?]
S3 CA500AV;Digital Video Camera(Video);c:\winnt\system32\DRIVERS\CA500AV.SYS --> c:\winnt\system32\DRIVERS\CA500AV.SYS [?]
S3 GearAspiWDM_BackUp;GEARAspiWDM;c:\winnt\system32\drivers\GEARAspiWDM.sys [3/7/2005 12:52 PM 14408]
S4 GEARSecurity_BackUp;GEARSecurity_BackUp;system32\gearsec.exe --> system32\gearsec.exe [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\winnt\system32\rundll32.exe" "c:\winnt\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-04 c:\winnt\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-04 04:26]

2009-10-04 c:\winnt\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-04 04:26]

2009-10-05 c:\winnt\Tasks\WGASetup.job
- c:\winnt\system32\KB905474\wgasetup.exe [2009-05-12 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: vzTCPConfig - [You must be registered and logged in to see this link.]
DPF: {D5EC5989-671B-476D-AC86-090793776FB1} - [You must be registered and logged in to see this link.]
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\L\Application Data\Mozilla\Firefox\Profiles\u144xrxo.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\Common Files\mpDRM\NPMPDRM.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Speeditup-Checkup - c:\winnt\iun6002.exe



**************************************************************************

disk not found C:\

please note that you need administrator rights to perform deep scan
scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\mpDRM\LicenseStore*]
@DACL=
"CheckValue"=dword:ba3464ba
"DA39A3EE"="E5E6B4B0"
.
Completion time: 2009-10-07 22:27
ComboFix-quarantined-files.txt 2009-10-07 05:27
ComboFix2.txt 2009-10-06 01:02

Pre-Run: 19,385,655,296 bytes free
Post-Run: 19,322,568,704 bytes free

315 --- E O F --- 2009-10-05 20:21

Hemi1
Novice
Novice

Posts Posts : 38
Joined Joined : 2009-10-03
Gender Gender : Male
OS OS : XP Pro
Points Points : 26276
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer running slow - Malwarebytes found many infections

Post by Dr Jay on 7th October 2009, 8:06 am

Hi

Please download [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Right-click on SpiderKill.zip and click Extract All. Follow the prompts and read carefully, to save it to your Desktop.
  • Double-click on the SpiderKill folder, and then double-click on SpiderKill.bat and follow all the prompts in the program.
  • Within a minute, it will save its log titled SpiderKill.txt. Please post that in your next reply. You may have to use two or three posts to be able to fit the information in.


==

Please open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

==

Please post the SpiderKill and Malwarebytes logs in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Computer running slow - Malwarebytes found many infections

Post by Hemi1 on 7th October 2009, 12:43 pm

SpiderKill by DragonMaster Jay ( Oct 2009 )


Microsoft Windows XP [Version 5.1.2600]

********************Drivers list********************




***********************Hidden Drivers********************


*********************Processes*******************


PROCESS PID PRIO PATH
smss.exe 432 Normal C:\WINNT\System32\smss.exe
csrss.exe 480 Normal C:\WINNT\system32\csrss.exe
winlogon.exe 504 High C:\WINNT\system32\winlogon.exe
services.exe 548 Normal C:\WINNT\system32\services.exe
lsass.exe 560 Normal C:\WINNT\system32\lsass.exe
svchost.exe 720 Normal C:\WINNT\system32\svchost.exe
svchost.exe 776 Normal C:\WINNT\system32\svchost.exe
svchost.exe 816 Normal C:\WINNT\System32\svchost.exe
svchost.exe 876 Normal C:\WINNT\System32\svchost.exe
svchost.exe 968 Normal C:\WINNT\system32\svchost.exe
Explorer.EXE 1172 Normal C:\WINNT\Explorer.EXE
spoolsv.exe 1228 Normal C:\WINNT\system32\spoolsv.exe
McciTrayApp.exe 1440 Normal C:\Program Files\Verizon\McciTrayApp.exe
VerizonServicepoint.exe 1456 Normal C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
hpztsb03.exe 1472 Normal C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb03.exe
mcagent.exe 1544 Normal C:\Program Files\McAfee.com\Agent\mcagent.exe
pctsTray.exe 1580 Normal C:\Program Files\Spyware Doctor\pctsTray.exe
GoogleToolbarNotifier.exe 1592 Normal C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
waol.exe 1692 Idle C:\Program Files\AOL 9.1\waol.exe
svchost.exe 1812 Normal C:\WINNT\System32\svchost.exe
AOLAcsd.exe 1844 Normal C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
aoltsmon.exe 1856 Normal C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
dvpapi.exe 1884 Normal C:\Program Files\Common Files\Command Software\dvpapi.exe
inetinfo.exe 1932 Normal C:\WINNT\System32\inetsrv\inetinfo.exe
mcmscsvc.exe 1976 Normal C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
aoltpspd.exe 2008 Normal C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
mcnasvc.exe 200 Normal c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
mcproxy.exe 360 Normal c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
mcshield.exe 400 High C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
MPFSrv.exe 696 Normal C:\Program Files\McAfee\MPF\MPFSrv.exe
nvsvc32.exe 1152 Normal C:\WINNT\System32\nvsvc32.exe
pctsAuxs.exe 992 Normal C:\Program Files\Spyware Doctor\pctsAuxs.exe
pctsSvc.exe 1364 Normal C:\Program Files\Spyware Doctor\pctsSvc.exe
tcpsvcs.exe 1968 Normal C:\WINNT\System32\tcpsvcs.exe
snmp.exe 2060 Normal C:\WINNT\System32\snmp.exe
svchost.exe 2076 Normal C:\WINNT\System32\svchost.exe
MsPMSPSv.exe 2172 Normal C:\WINNT\System32\MsPMSPSv.exe
wmiprvse.exe 2884 Normal C:\WINNT\system32\wbem\wmiprvse.exe
alg.exe 3448 Normal C:\WINNT\System32\alg.exe
wscntfy.exe 3568 Normal C:\WINNT\system32\wscntfy.exe
svchost.exe 4064 Normal C:\WINNT\System32\svchost.exe
shellmon.exe 3356 Normal C:\Program Files\AOL 9.1\shellmon.exe
ctfmon.exe 3372 Normal C:\WINNT\system32\ctfmon.exe
aolsoftware.exe 1920 Normal C:\Program Files\Common Files\AOL\1178771139\ee\aolsoftware.exe
firefox.exe 1820 Normal C:\Program Files\Mozilla Firefox\firefox.exe
winzip32.exe 3096 Normal C:\PROGRA~1\WINZIP\winzip32.exe
cmd.exe 2320 Normal C:\WINNT\system32\cmd.exe
processes.exe 2332 Normal C:\unzipped\SpiderKill\SpiderKill\processes.exe


Module information for 'Explorer.EXE'(1172)
MODULE BASE SIZE PATH
Explorer.EXE 1000000 1044480 C:\WINNT\Explorer.EXE 6.00.2900.5512 (xpsp.080413-2105) Windows Explorer
ntdll.dll 7c900000 729088 C:\WINNT\system32\ntdll.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) NT Layer DLL
kernel32.dll 7c800000 1007616 C:\WINNT\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINNT\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 598016 C:\WINNT\system32\RPCRT4.dll 5.1.2600.5795 (xpsp_sp3_gdr.090415-1241) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINNT\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
BROWSEUI.dll 75f80000 1036288 C:\WINNT\system32\BROWSEUI.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
GDI32.dll 77f10000 299008 C:\WINNT\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
USER32.dll 7e410000 593920 C:\WINNT\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
msvcrt.dll 77c10000 360448 C:\WINNT\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
ole32.dll 774e0000 1298432 C:\WINNT\system32\ole32.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft OLE for Windows
SHLWAPI.dll 77f60000 483328 C:\WINNT\system32\SHLWAPI.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Light-weight Utility Library
OLEAUT32.dll 77120000 569344 C:\WINNT\system32\OLEAUT32.dll 5.1.2600.5512 5.1.2600.5512
SHDOCVW.dll 7e290000 1511424 C:\WINNT\system32\SHDOCVW.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Doc Object and Control Library
CRYPT32.dll 77a80000 610304 C:\WINNT\system32\CRYPT32.dll 5.131.2600.5512 (xpsp.080413-2113) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINNT\system32\MSASN1.dll 5.1.2600.5512 (xpsp.080413-0852) ASN.1 Runtime APIs
CRYPTUI.dll 754d0000 524288 C:\WINNT\system32\CRYPTUI.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust UI Provider
NETAPI32.dll 5b860000 348160 C:\WINNT\system32\NETAPI32.dll 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312) Net Win32 API DLL
VERSION.dll 77c00000 32768 C:\WINNT\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
WININET.dll 3d930000 942080 C:\WINNT\system32\WININET.dll 8.00.6001.18806 (longhorn_ie8_gdr.090701-1700) Internet Extensions for Win32
Normaliz.dll 400000 36864 C:\WINNT\system32\Normaliz.dll 6.0.5441.0 (winmain(wmbla).060628-1735) Unicode Normalization DLL
urlmon.dll 78130000 1253376 C:\WINNT\system32\urlmon.dll 8.00.6001.18806 (longhorn_ie8_gdr.090701-1700) OLE32 Extensions for Win32
iertutil.dll 3dfd0000 1998848 C:\WINNT\system32\iertutil.dll 8.00.6001.18806 (longhorn_ie8_gdr.090701-1700) Run time utility for Internet Explorer
WINTRUST.dll 76c30000 188416 C:\WINNT\system32\WINTRUST.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 163840 C:\WINNT\system32\IMAGEHLP.dll 5.1.2600.5512 (xpsp.080413-2105) Windows NT Image Helper
WLDAP32.dll 76f60000 180224 C:\WINNT\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
SHELL32.dll 7c9c0000 8482816 C:\WINNT\system32\SHELL32.dll 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319) Windows Shell Common Dll
UxTheme.dll 5ad70000 229376 C:\WINNT\system32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
ShimEng.dll 5cb70000 155648 C:\WINNT\system32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINNT\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
WINMM.dll 76b40000 184320 C:\WINNT\system32\WINMM.dll 5.1.2600.5512 (xpsp.080413-0845) MCI API DLL
MSACM32.dll 77be0000 86016 C:\WINNT\system32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
USERENV.dll 769c0000 737280 C:\WINNT\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
IMM32.DLL 76390000 118784 C:\WINNT\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
comctl32.dll 773d0000 1060864 C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 6.0 (xpsp.080413-2105) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINNT\system32\comctl32.dll 5.82 (xpsp.080413-2105) Common Controls Library
msctfime.ime 755c0000 188416 C:\WINNT\system32\msctfime.ime 5.1.2600.5512 (xpsp.080413-2105) Microsoft Text Frame Work Service IME
appHelp.dll 77b40000 139264 C:\WINNT\system32\appHelp.dll 5.1.2600.5512 (xpsp.080413-2105) Application Compatibility Client Library
CLBCATQ.DLL 76fd0000 520192 C:\WINNT\system32\CLBCATQ.DLL 2001.12.4414.700 2001.12.4414.700
COMRes.dll 77050000 806912 C:\WINNT\system32\COMRes.dll 2001.12.4414.700 2001.12.4414.700
cscui.dll 77a20000 344064 C:\WINNT\System32\cscui.dll 5.1.2600.5512 (xpsp.080413-2105) Client Side Caching UI
CSCDLL.dll 76600000 118784 C:\WINNT\System32\CSCDLL.dll 5.1.2600.5512 (xpsp.080413-2111) Offline Network Agent
xpsp2res.dll 1100000 2904064 C:\WINNT\system32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
actxprxy.dll 71d40000 110592 C:\WINNT\system32\actxprxy.dll 6.00.2900.5512 (xpsp.080413-2113) ActiveX Interface Marshaling Library
deskbar.dll 10000000 393216 C:\Program Files\AOL Deskbar\deskbar.dll 1, 1, 0, 2 AOL Deskbar
OLEACC.dll 74c80000 180224 C:\WINNT\system32\OLEACC.dll 4.2.5406.0 (xpclient.010817-1148) Active Accessibility Core Component
MSVCP60.dll 76080000 413696 C:\WINNT\system32\MSVCP60.dll 6.02.3104.0 Microsoft (R) C++ Runtime Library
msxml3.dll 74980000 1130496 C:\WINNT\system32\msxml3.dll 8.100.1048.0 MSXML 3.0 SP10
AOLHelper.dll 1e10000 110592 C:\Program Files\Common Files\AOL\AOL Toolbar\AOLHelper.dll 1, 0, 0, 5 AOLHelper Module
wmpband.dll 13420000 106496 C:\Program Files\Windows Media Player\wmpband.dll 11.0.5721.5145 (WMP_11.061018-2006) Windows Media Player Deskband
MPR.dll 71b20000 73728 C:\WINNT\system32\MPR.dll 5.1.2600.5512 (xpsp.080413-0852) Multiple Provider Router DLL
LINKINFO.dll 76980000 32768 C:\WINNT\system32\LINKINFO.dll 5.1.2600.5512 (xpsp.080413-2105) Windows Volume Tracking
ntshrui.dll 76990000 151552 C:\WINNT\system32\ntshrui.dll 5.1.2600.5512 (xpsp.080413-2105) Shell extensions for sharing
ATL.DLL 76b20000 69632 C:\WINNT\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
ieframe.dll 3e1c0000 11083776 C:\WINNT\system32\ieframe.dll 8.00.6001.18812 (longhorn_ie8_gdr.090717-2100) Internet Explorer
WINSTA.dll 76360000 65536 C:\WINNT\system32\WINSTA.dll 5.1.2600.5512 (xpsp.080413-2111) Winstation Library
stobject.dll 76280000 135168 C:\WINNT\system32\stobject.dll 5.1.2600.5512 (xpsp.080413-2105) Systray shell service object
BatMeter.dll 74af0000 40960 C:\WINNT\system32\BatMeter.dll 6.00.2900.5512 (xpsp.080413-2105) Battery Meter Helper DLL
POWRPROF.dll 74ad0000 32768 C:\WINNT\system32\POWRPROF.dll 6.00.2900.5512 (xpsp.080413-2105) Power Profile Helper DLL
SETUPAPI.dll 77920000 995328 C:\WINNT\system32\SETUPAPI.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Setup API
WTSAPI32.dll 76f50000 32768 C:\WINNT\system32\WTSAPI32.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Terminal Server SDK APIs
webcheck.dll 20d0000 249856 C:\WINNT\system32\webcheck.dll 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) Web Site Monitor
MLANG.dll 75cf0000 593920 C:\WINNT\system32\MLANG.dll 6.00.2900.5512 (xpsp.080413-2105) Multi Language Support DLL
msi.dll 7d1e0000 2867200 C:\WINNT\system32\msi.dll 3.1.4001.5512 Windows Installer
WPDShServiceObj.dll 164a0000 143360 C:\WINNT\system32\WPDShServiceObj.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device Shell Service Object
WINHTTP.dll 4d4f0000 364544 C:\WINNT\system32\WINHTTP.dll 5.1.2600.5727 (xpsp_sp3_gdr.081215-1359) Windows HTTP Services
NETSHELL.dll 76400000 1724416 C:\WINNT\system32\NETSHELL.dll 5.1.2600.5512 (xpsp.080413-0852) Network Connections Shell
credui.dll 76c00000 188416 C:\WINNT\system32\credui.dll 5.1.2600.5512 (xpsp.080413-2113) Credential Manager User Interface
dot3api.dll 478c0000 40960 C:\WINNT\system32\dot3api.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 Autoconfiguration API
rtutils.dll 76e80000 57344 C:\WINNT\system32\rtutils.dll 5.1.2600.5512 (xpsp.080413-0852) Routing Utilities
dot3dlg.dll 736d0000 24576 C:\WINNT\system32\dot3dlg.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 UI Helper
OneX.DLL 5dca0000 163840 C:\WINNT\system32\OneX.DLL 5.1.2600.5512 (xpsp.080413-0852) IEEE 802.1X supplicant library
eappcfg.dll 745b0000 139264 C:\WINNT\system32\eappcfg.dll 5.1.2600.5512 (xpsp.080413-0852) Eap Peer Config
eappprxy.dll 5dcd0000 57344 C:\WINNT\system32\eappprxy.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft EAPHost Peer Client DLL
iphlpapi.dll 76d60000 102400 C:\WINNT\system32\iphlpapi.dll 5.1.2600.5512 (xpsp.080413-0852) IP Helper API
WS2_32.dll 71ab0000 94208 C:\WINNT\system32\WS2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINNT\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
aolshcpy.dll 2910000 81920 C:\Program Files\Common Files\aolshare\aolshcpy.dll 1, 0, 0, 1 AOL Folder Protection
mydocs.dll 72410000 106496 C:\WINNT\System32\mydocs.dll 6.00.2900.5512 (xpsp.080413-2105) My Documents Folder UI
PortableDeviceTypes.dll 109c0000 180224 C:\WINNT\system32\PortableDeviceTypes.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device (Parameter) Types Component
PortableDeviceApi.dll 10930000 299008 C:\WINNT\system32\PortableDeviceApi.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device API Components
smum32.dll 636e0000 167936 C:\Program Files\Spyware Doctor\smum32.dll 6.1.0.2
drprov.dll 75f60000 28672 C:\WINNT\System32\drprov.dll 5.1.2600.5512 (xpsp.080413-2111) Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 57344 C:\WINNT\System32\ntlanman.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft® Lan Manager
NETUI0.dll 71cd0000 94208 C:\WINNT\System32\NETUI0.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - GUI Classes
NETUI1.dll 71c90000 262144 C:\WINNT\System32\NETUI1.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 28672 C:\WINNT\System32\NETRAP.dll 5.1.2600.5512 (xpsp.080413-2113) Net Remote Admin Protocol DLL
SAMLIB.dll 71bf0000 77824 C:\WINNT\System32\SAMLIB.dll 5.1.2600.5512 (xpsp.080413-2113) SAM Library DLL
davclnt.dll 75f70000 40960 C:\WINNT\System32\davclnt.dll 5.1.2600.5512 (xpsp.080413-2111) Web DAV Client DLL
klg.dat 5a000000 126976 C:\Program Files\Spyware Doctor\klg.dat 6.1.0.1 Spyware Doctor Component
pctgmhk.dll 1e80000 176128 C:\Program Files\Spyware Doctor\pctgmhk.dll 6.1.0.9
wdmaud.drv 72d20000 36864 C:\WINNT\system32\wdmaud.drv 5.1.2600.5512 (xpsp.080413-2108) WDM Audio driver mapper
msacm32.drv 72d10000 32768 C:\WINNT\system32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
midimap.dll 77bd0000 28672 C:\WINNT\system32\midimap.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft MIDI Mapper
fxsst.dll 68df0000 577536 C:\WINNT\system32\fxsst.dll 5.2.2600.5512 (xpsp.080413-0852) Fax Service
WINSPOOL.DRV 73000000 155648 C:\WINNT\system32\WINSPOOL.DRV 5.1.2600.5512 (xpsp.080413-0852) Windows Spooler Driver
FXSAPI.dll 5a980000 466944 C:\WINNT\system32\FXSAPI.dll 5.2.2600.5512 (xpsp.080413-0852) Microsoft Fax API Support DLL
NTMARTA.DLL 77690000 135168 C:\WINNT\system32\NTMARTA.DLL 5.1.2600.5512 (xpsp.080413-2113) Windows NT MARTA provider
MSCTF.dll 74720000 311296 C:\WINNT\system32\MSCTF.dll 5.1.2600.5512 (xpsp.080413-2105) MSCTF Server DLL
rsaenh.dll 68000000 221184 C:\WINNT\system32\rsaenh.dll 5.1.2600.5507 (xpsp.080318-1711) Microsoft Enhanced Cryptographic Provider
WZSHLSTB.DLL 16200000 24576 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL 4.1 (32-bit) WinZip Shell Extension DLL
browselc.dll 71600000 73728 C:\WINNT\system32\browselc.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
scriptsn.dll 14490000 77824 C:\Program Files\McAfee\VirusScan\scriptsn.dll VSCORE.14.0.0.433.x86 VSCore Script Scanner
JScript.dll 3d7a0000 737280 C:\WINNT\system32\JScript.dll 5.8.6001.22886 Microsoft (R) JScript
VBScript.dll 40b0000 434176 C:\WINNT\system32\VBScript.dll 5.8.6001.18702 Microsoft (R) VBScript
MSISIP.DLL 605f0000 28672 C:\WINNT\system32\MSISIP.DLL 3.1.4001.5512 MSI Signature SIP Provider
wshext.dll 7dfa0000 90112 C:\WINNT\System32\wshext.dll 5.7.0.18066 Microsoft (R) Shell Extension for Windows Script Host



******************************************
EOF

Malwarebytes' Anti-Malware 1.41
Database version: 2917
Windows 5.1.2600 Service Pack 3

10/7/2009 5:39:16 AM
mbam-log-2009-10-07 (05-39-16).txt

Scan type: Quick Scan
Objects scanned: 117585
Time elapsed: 8 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hemi1
Novice
Novice

Posts Posts : 38
Joined Joined : 2009-10-03
Gender Gender : Male
OS OS : XP Pro
Points Points : 26276
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer running slow - Malwarebytes found many infections

Post by Dr Jay on 7th October 2009, 9:35 pm

Hi

Please run the [You must be registered and logged in to see this link.]

Note: This Scanner is for Internet Explorer Only!

  • Follow the Instruction [You must be registered and logged in to see this link.] for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Computer running slow - Malwarebytes found many infections

Post by Hemi1 on 8th October 2009, 4:00 am

Scanning Report 07 October 2009 18:38:38 - 20:31:48 Computer name: MONSTER Scanning type: Full scan Target: C:\ + system + rootkits ------------------------------------------------------------------------ Result: 79 malware found Trojan.Vundo.DVS (virus) * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP995\A0340539.ini Action: quarantined Trojan.Packed.47025 (virus) * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1052\A0343709.exe Action: quarantined Trojan:INI/Vundo.gen!F (virus) * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342223.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342224.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342225.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342221.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342226.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342231.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342233.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342227.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342234.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342236.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342238.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342239.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342240.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342241.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342242.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342243.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342246.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342247.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342248.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342249.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342250.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342252.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342251.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342256.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342258.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342261.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342262.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342264.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342263.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342265.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342267.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342268.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342270.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342271.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342273.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342274.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342276.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342277.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342279.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342278.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342283.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342281.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342285.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342287.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342288.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342286.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342289.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342290.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342294.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342295.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342293.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342296.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342297.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342298.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342300.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342301.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342303.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342302.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342305.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342307.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342312.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342309.ini Action: quarantined * C:\System Volume Information\_restore{AB82AA98-B9CB-4D64-9582-8C8841C20E64}\RP1004\A0342308.ini Action: quarantined Trojan.script.22375 (virus) * C:\Program Files\Outlook Express\profsybyxu.html Action: quarantined Gen:Trojan.Heur.ku8@I1@QVahb (virus) * C:\Program Files\ASUS\AsusUpdate\BS_DEF.DLL Action: quarantined DeepScan:Generic.Malware.SFN!.8E6A178B (virus) * C:\Documents and Settings\L\My Documents\klitekpp210e.exe Action: quarantined TrackingCookie.Adinterax (Tracking cookie) * Action: quarantined TrackingCookie.2o7 (Tracking cookie) * Action: deleted TrackingCookie.Advertising (Tracking cookie) * Action: deleted TrackingCookie.Atdmt (Tracking cookie) * Action: deleted TrackingCookie.Doubleclick (Tracking cookie) * Action: deleted TrackingCookie.Revsci (Tracking cookie) * Action: deleted TrackingCookie.Adbrite (Tracking cookie) * Action: deleted TrackingCookie.Webtrends (Tracking cookie) * Action: deleted TrackingCookie.Mediaplex (Tracking cookie) * Action: deleted TrackingCookie.Atwola (Tracking cookie) * Action: deleted TrackingCookie.Yieldmanager (Tracking cookie) * Action: deleted ------------------------------------------------------------------------ Statistics Scanned: * Files: 60486 * Not scanned: 307 Result: * Viruses: 68 * Spyware: 11 * Suspicious items: 0 * Riskware: 0 Actions: * Disinfected: 0 * Renamed: 0 * Deleted: 10 * Quarantined: 69 * Failed: 0 Boot Sectors: * Scanned: 3 * Infected: 0 * Suspicious items: 0 * Disinfected: 0 Files not scanned: * Cannot open file (click here for more info <#errorinfo>) C:\HIBERFIL.SYS * Cannot open file (click here for more info <#errorinfo>) C:\PAGEFILE.SYS * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.c03 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.c04 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.c05 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.c06 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.c07 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.c08 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.c09 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.c10 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.c11 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.cvd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i01 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i02 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i03 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i04 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i05 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i06 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i07 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i08 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i09 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i10 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i11 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i12 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i13 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i14 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i15 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i16 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i17 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i18 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i19 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i20 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i21 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i22 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i23 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i24 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i25 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i26 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i27 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i28 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i29 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i30 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i31 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i32 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i33 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i34 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i35 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i36 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i37 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i38 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i39 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i40 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i41 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i42 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i43 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i44 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i45 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i46 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i47 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i48 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i49 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i50 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i51 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i52 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i53 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i54 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i55 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i56 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i57 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i58 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i59 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i60 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i61 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i62 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i63 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i64 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i65 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i66 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i67 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i68 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i69 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i70 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i71 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i72 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i73 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i74 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i75 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i76 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i77 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i78 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i79 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i80 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i81 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i82 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i83 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i84 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i85 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i86 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i87 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i88 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i89 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i90 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i91 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i92 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i93 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i94 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i95 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i96 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i97 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i98 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.i99 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\emalware.ivd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\epoc.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.cvd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i01 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i02 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i03 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i04 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i05 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i06 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i07 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i08 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i09 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i10 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i11 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i12 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i13 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i14 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i15 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i16 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i17 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i18 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i19 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i20 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i21 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i22 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i23 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i24 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i25 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i26 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i27 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i28 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i29 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i30 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i31 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i32 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i33 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i34 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i35 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i36 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i37 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i38 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i39 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i40 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i41 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i42 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i43 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i44 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i45 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i46 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i47 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i48 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.i49 * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\e_spyw.ivd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\FS@aqua.ini * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\gvmscripts.cvd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\gzip.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\ha.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\hlp.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\hpe.cvd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\hqx.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\html.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\imp.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\inno.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\instyler.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\iso.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\java.cvd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\java.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\jpeg.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\lha.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\lnk.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\mbox.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\mbx.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\mdx.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\mdx_97.cvd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\mdx_97.ivd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\mdx_w95.cvd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\mdx_x95.cvd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\mdx_xf.cvd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\mime.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\mobmalware.cvd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\mobmalware.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\mso.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\na.cvd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\nelf.cvd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\nelf.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\nsis.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\objd.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\orice.rvd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\pdf.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\proc.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\pst.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\rar.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\regarch.cvd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\regarch.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\regscan.cvd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\regscan.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\rpm.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\rtf.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\rup.cvd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\rup.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\sdx.cvd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\sdx.ivd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\sdx.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\sfx.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\swf.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\tar.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\td0.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\thebat.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\tnef.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\uif.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\unpack.cvd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\unpack.ivd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\unpack.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\update.txt * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\uudecode.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\ve.cvd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\ve.ivd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\ve.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\vedata.cvd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\viza.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\wise.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\xar.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\xcookies.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\xishield.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\xlmrd.cvd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\xlmrd.ivd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\z.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\zip.xmd * Cannot open a file in archive C:\WINNT\Temp\fsaua.tmp\retail.sp.f-secure.com_80_392194087_infopak.zip\zoo.xmd * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071101030229.zip\0 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071101030229.zip\1 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071101030229.zip\2 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071101030229.zip\3 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071101030229.zip\4 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071101030229.zip\5 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071101030229.zip\6 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071101030229.zip\7 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071101030229.zip\8 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071101030229.zip\9 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071101030229.zip\10 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071101030229.zip\11 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071101030229.zip\12 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071101030229.zip\13 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\0 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\1 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\2 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\3 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\4 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\5 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\6 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\7 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\8 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\9 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\10 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\11 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\12 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\13 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\14 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\15 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\16 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\17 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\18 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\19 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\20 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\21 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\22 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\23 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\24 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\25 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\26 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\27 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\28 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\29 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\30 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\31 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\32 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\33 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\34 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\35 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\36 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\37 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\38 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\39 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\40 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\41 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\42 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\43 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\44 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\45 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\46 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\47 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\48 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\49 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\50 is encrypted * File C:\Program Files\Common Files\PestPatrol\Quarantine\20071116014818.zip\51 is encrypted * File C:\Documents and Settings\L\My Documents\winzip81.exe\SETUP.WZ\WINZIP32.EX_ is encrypted ------------------------------------------------------------------------ Options Definitions version: * Viruses: 2009-10-08_01 * Spyware: 2009-10-08_01 Scanning Engines: * F-Secure Aquarius: 11.00.00, 2009-10-07 * F-Secure Hydra: 4.00.9271, 2009-10-08 * F-Secure Gemini: 3.00.09, 2009-05-11 * F-Secure BlackLight: 2.04.1099, 0-00-00 Scanning options: * Scan defined files: ANI ASP AX BAT BIN BOO CHM CMD COM CPL DLL DOC DOT DRV EML EXE HLP HTA HTM HTML HTT INF INI JOB JS JSE LNK LSP MDB MHT MPP MPT MSG OCX PDF PHP PIF POT PPT RTF SCR SHS SWF SYS TD0 VBE VBS VXD WBK WMA WMV WMF WSC WSF WSH WRI XLS XLT XML ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX * Scan inside archives Actions: * Viruses: Ask after scan * Spyware: Ask after scan * Show suspicious items after a full scan ------------------------------------------------------------------------ Error information "Cannot open file" error occurred: The "Cannot open file" error message means that the scanner was unable to open a file and that this file was not scanned. You can normally ignore this error message as there are many reasons for this message that do not imply a security threat, including: * The file was a system file. System files are protected by the operation system by design. You can ignore this message in this case. * You do not have permission to read the file. To scan the file, log in with a user account with sufficient permissions (for example the computer's administrator account) and rescan. * The file was in use by an application when the scan was performed. To scan this file, close all applications and rescan. ------------------------------------------------------------------------ Copyright © 1998-2009 Product support | Send virus sample to F-Secure F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

Hemi1
Novice
Novice

Posts Posts : 38
Joined Joined : 2009-10-03
Gender Gender : Male
OS OS : XP Pro
Points Points : 26276
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer running slow - Malwarebytes found many infections

Post by Dr Jay on 8th October 2009, 4:29 am

Hi

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE

You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done


==

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Computer running slow - Malwarebytes found many infections

Post by Hemi1 on 8th October 2009, 6:06 am

Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:

F-Secure Internet Security 2010
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:

AOL Spyware Protection
Spyware Doctor 6.1
Anti-Spyware
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent

F-Secure Anti-Virus fsgk32st.exe
F-Secure Anti-Virus FSGK32.EXE
F-Secure Anti-Virus fssm32.exe
F-Secure Anti-Virus fsav32.exe
``````````````````````````````
DNS Vulnerability Check:

[color]nslookup.exe missing![/color]
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Hemi1
Novice
Novice

Posts Posts : 38
Joined Joined : 2009-10-03
Gender Gender : Male
OS OS : XP Pro
Points Points : 26276
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer running slow - Malwarebytes found many infections

Post by Dr Jay on 9th October 2009, 1:46 am

Hi

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

  • [You must be registered and logged in to see this link.]
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found [You must be registered and logged in to see this link.].
  • [You must be registered and logged in to see this link.].
    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).


NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
[You must be registered and logged in to see this link.]

Securing your computer

  • [You must be registered and logged in to see this link.] - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • [You must be registered and logged in to see this link.] replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:


Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Computer running slow - Malwarebytes found many infections

Post by Hemi1 on 10th October 2009, 5:47 pm

system config startups - is there anything I can uncheck safely to make startup faster. Thanks for all your help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:27 AM, on 10/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb03.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\AOL 9.1\waol.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\F-Secure\Common\FSHDLL32.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
C:\WINNT\System32\alg.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINNT\System32\wbem\wmiapsrv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINNT\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://netscape.aol.com/"); (C:\Documents and Settings\L\Application Data\Mozilla\Profiles\default\h08kjew7.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\L\Application Data\Mozilla\Profiles\default\h08kjew7.slt\prefs.js)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\F-Secure\NRS\iescript\baselitmus.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - (no file)
O3 - Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\F-Secure\NRS\iescript\baselitmus.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: vzTCPConfig - [You must be registered and logged in to see this link.]
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - [You must be registered and logged in to see this link.]
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - [You must be registered and logged in to see this link.]
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - [You must be registered and logged in to see this link.]
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - [You must be registered and logged in to see this link.]
O16 - DPF: {D5EC5989-671B-476D-AC86-090793776FB1} (AuctionBlast Templates) - [You must be registered and logged in to see this link.]
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - [You must be registered and logged in to see this link.]
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O24 - Desktop Component 0: (no name) - [You must be registered and logged in to see this link.]

--
End of file - 10430 bytes

Hemi1
Novice
Novice

Posts Posts : 38
Joined Joined : 2009-10-03
Gender Gender : Male
OS OS : XP Pro
Points Points : 26276
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer running slow - Malwarebytes found many infections

Post by Dr Jay on 10th October 2009, 8:03 pm

Hi

Actually, using MSCONFIG to edit startup is not a good idea, and should be well avoided. Only because MSCONFIG is used for troubleshooting drivers and services when Windows fails to start or has a critical error.

Startup can be edited via HijackThis, as long as you follow this:

Please re-open HijackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

Now close all windows other than HijackThis, then click Fix Checked. Close HijackThis.

Please reboot your computer and test out the Startup.

Keep in mind, some programs may place those entries back in to Startup, this is normal. Much faster? Are you satisfied with the results?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Computer running slow - Malwarebytes found many infections

Post by Hemi1 on 11th October 2009, 3:45 am

Yes, Thank you - I believe all issues are now resolved
Thank you again

Hemi1
Novice
Novice

Posts Posts : 38
Joined Joined : 2009-10-03
Gender Gender : Male
OS OS : XP Pro
Points Points : 26276
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer running slow - Malwarebytes found many infections

Post by Dr Jay on 11th October 2009, 8:45 am

You are welcome.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum