Computer running slow...Virus??

View previous topic View next topic Go down

Computer running slow...Virus??

Post by khunt104 on Tue Oct 06, 2009 1:01 am

Here is my hijack this log....My computer is running very slow and will not let me update windows, Iinstalled defender pro 15-in-1 and it said it quarintined viruses but then computer ran slower so I did uninstall...
Bring it on Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:41 PM, on 10/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\CRMTCZML\winlogon[2].scr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Shared\lib.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: &Search - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - [You must be registered and logged in to see this link.]
O18 - Filter hijack: text/html - {5c651d4a-6b6d-43fd-9481-c528b29a2b7a} - C:\WINDOWS\mark_32.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 8601 bytes

khunt104
Novice
Novice

Posts Posts : 17
Joined Joined : 2009-10-03
OS OS : xp
Points Points : 26223
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer running slow...Virus??

Post by Dr Jay on Tue Oct 06, 2009 1:10 am

Hi

Please download ComboFix by sUBs
[You must be registered and logged in to see this link.]

Please save the file to your Desktop, but rename it first:




Important information about ComboFix

Before the download:
  • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  • It is important to rename ComboFix before the download.
  • Please do not rename ComboFix to other names, but only the one indicated.

After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". [You must be registered and logged in to see this link.] if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:
  • Double click on svchost.exe & follow the prompts.
  • It will attempt to install the Recovery Console:




  • When ComboFix finishes, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" in your next reply.


Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302069
# Likes # Likes : 10

View user profile

Back to top Go down

combofix run

Post by khunt104 on Tue Oct 06, 2009 3:56 am

omboFix 09-10-04.01 - HP_Owner 10/05/2009 23:11.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.120 [GMT -4:00]
Running from: c:\documents and settings\HP_Owner\My Documents\a1b1.exe
AV: Defender Pro Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Defender Pro Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Images
c:\program files\Shared\liB.dll
c:\program files\Shared\lib.sig
c:\recycler\S-1-5-21-1118810936-3274451702-361226342-1009
c:\recycler\S-1-5-21-1118810936-3274451702-361226342-1010
c:\recycler\S-1-5-21-174598023-1781523310-747850246-1009
c:\recycler\S-1-5-21-2510329695-4239570978-2796396274-1009
c:\recycler\S-1-5-21-3367955759-3375054194-2023163917-1009
c:\recycler\S-1-5-21-963268765-2789682180-2543080936-1003
c:\windows\accesss.exe
c:\windows\astctl32.ocx
c:\windows\avpcc.dll
c:\windows\bchmkn.exe
c:\windows\casinoc.exe
c:\windows\clrssn.exe
c:\windows\cpan.dll
c:\windows\cru629.dat
c:\windows\ctfmon32.exe
c:\windows\ctrlpan.dll
c:\windows\dcmpex.ini
c:\windows\default.htm
c:\windows\directx32.exe
c:\windows\dnsrelay.dll
c:\windows\ecurit~1
c:\windows\editpad.exe
c:\windows\explore.exe
c:\windows\explorer32.exe
c:\windows\funniest.exe
c:\windows\funny.exe
c:\windows\gfmnaaa.dll
c:\windows\helpcvs.exe
c:\windows\iedll.exe
c:\windows\inetinf.exe
c:\windows\Installer\1055a22.msp
c:\windows\Installer\1250fc.msi
c:\windows\Installer\12639ed2.msp
c:\windows\Installer\160a3a7f.msi
c:\windows\Installer\19c589de.msi
c:\windows\Installer\1b00d9f.msi
c:\windows\Installer\1f7cd.msi
c:\windows\Installer\20427dd8.msp
c:\windows\Installer\2396fa3.msp
c:\windows\Installer\2396fb7.msp
c:\windows\Installer\24188abd.msp
c:\windows\Installer\24188ad0.msp
c:\windows\Installer\24188ae3.msp
c:\windows\Installer\24188af6.msp
c:\windows\Installer\24188b0a.msp
c:\windows\Installer\24188b1d.msp
c:\windows\Installer\24188b48.msp
c:\windows\Installer\24188b49.msp
c:\windows\Installer\24188b5d.msp
c:\windows\Installer\24188b70.msp
c:\windows\Installer\24188b83.msp
c:\windows\Installer\24188b96.msp
c:\windows\Installer\24bb6.msi
c:\windows\Installer\286d7c15.msp
c:\windows\Installer\286d7c28.msp
c:\windows\Installer\286d7c3b.msp
c:\windows\Installer\286d7c42.msi
c:\windows\Installer\286d7c54.msp
c:\windows\Installer\286d7c67.msp
c:\windows\Installer\2fe91ec.msi
c:\windows\Installer\2fe91f4.msi
c:\windows\Installer\30df4f.msi
c:\windows\Installer\30df55.msi
c:\windows\Installer\30df5b.msi
c:\windows\Installer\34fd66ec.msp
c:\windows\Installer\35756b4.msi
c:\windows\Installer\37fbd.msp
c:\windows\Installer\37fd1.msp
c:\windows\Installer\3fc99.msi
c:\windows\Installer\3fc9f.msi
c:\windows\Installer\5157a2f.msp
c:\windows\Installer\523372b.msi
c:\windows\Installer\5a04435.msi
c:\windows\Installer\640ad.msi
c:\windows\Installer\822a4.msi
c:\windows\Installer\8d8aa5.msp
c:\windows\Installer\8e03b91.msp
c:\windows\Installer\9e7aac6.msi
c:\windows\Installer\a176300.msi
c:\windows\Installer\a195485.msi
c:\windows\Installer\a5355b5.msi
c:\windows\Installer\a53b9cf.msi
c:\windows\Installer\a53b9f9.msi
c:\windows\Installer\a53b9ff.msi
c:\windows\Installer\a53ba10.msi
c:\windows\Installer\a53ba1a.msi
c:\windows\Installer\a53ba3f.msi
c:\windows\Installer\a53bb41.msi
c:\windows\Installer\a53bb52.msi
c:\windows\Installer\a53bb5c.msi
c:\windows\Installer\a53bb9f.msi
c:\windows\Installer\a53bc0a.msi
c:\windows\Installer\a53bc20.msi
c:\windows\Installer\a53bc37.msi
c:\windows\Installer\a53bc3f.msi
c:\windows\Installer\a53bc45.msi
c:\windows\Installer\a53bc4b.msi
c:\windows\Installer\a6616f4.msi
c:\windows\Installer\a66172d.msi
c:\windows\Installer\a661c56.msi
c:\windows\Installer\a661c6d.msi
c:\windows\Installer\a661cb9.msi
c:\windows\Installer\a661cc3.msi
c:\windows\Installer\a661cc9.msi
c:\windows\Installer\a661cd8.msi
c:\windows\Installer\a661cf6.msi
c:\windows\Installer\a661cff.msi
c:\windows\Installer\a661d08.msi
c:\windows\Installer\a661d10.msi
c:\windows\Installer\a661e08.msi
c:\windows\Installer\a7d6af9.msi
c:\windows\Installer\a7d6aff.msi
c:\windows\Installer\a7d6b05.msi
c:\windows\Installer\a7d6b16.msi
c:\windows\Installer\a7d6b20.msi
c:\windows\Installer\a7d6b42.msi
c:\windows\Installer\a7d6c16.msi
c:\windows\Installer\a7d6c27.msi
c:\windows\Installer\a7d6c31.msi
c:\windows\Installer\a7d6c71.msi
c:\windows\Installer\a7d6cc5.msi
c:\windows\Installer\a7d6cdb.msi
c:\windows\Installer\a7d6ce8.msi
c:\windows\Installer\a7d6cf3.msi
c:\windows\Installer\a7d6cf9.msi
c:\windows\Installer\a7d6cff.msi
c:\windows\Installer\a9a6b31.msi
c:\windows\Installer\a9a6b69.msi
c:\windows\Installer\a9a6eb5.msi
c:\windows\Installer\a9a6ec5.msi
c:\windows\Installer\a9a6f10.msi
c:\windows\Installer\a9a6f1a.msi
c:\windows\Installer\a9a6f20.msi
c:\windows\Installer\a9a6f2e.msi
c:\windows\Installer\a9a6f44.msi
c:\windows\Installer\a9a6f4b.msi
c:\windows\Installer\a9a6f52.msi
c:\windows\Installer\a9a6f58.msi
c:\windows\Installer\a9a7050.msi
c:\windows\Installer\ad6c7.msp
c:\windows\Installer\e51ed92.msi
c:\windows\Installer\f7a21ad.msi
c:\windows\Installer\f7a21ae.msp
c:\windows\Installer\f7a21af.msp
c:\windows\Installer\f7a21b0.msp
c:\windows\Installer\f7a21b1.msp
c:\windows\Installer\f7a21b2.msp
c:\windows\Installer\f7a21b3.msp
c:\windows\Installer\f7a21b4.msp
c:\windows\Installer\f7a21b5.msp
c:\windows\Installer\f7a21b6.msp
c:\windows\internet.exe
c:\windows\loader.exe
c:\windows\mainms.vpi
c:\windows\mark_32.dll
c:\windows\megavid.cdt
c:\windows\msconfd.dll
c:\windows\msspi.dll
c:\windows\mssys.exe
c:\windows\msupdate.exe
c:\windows\mswsc10.dll
c:\windows\mswsc20.dll
c:\windows\mtwirl32.dll
c:\windows\muotr.so
c:\windows\nciyn.dll
c:\windows\notepad32.exe
c:\windows\quicken.exe
c:\windows\rundll32.vbe
c:\windows\searchword.dll
c:\windows\svchost32.exe
c:\windows\svcinit.exe
c:\windows\systeem.exe
c:\windows\system32\logs
c:\windows\system32\ps2.bat
c:\windows\systemcritical.exe
c:\windows\time.exe
c:\windows\users32.exe
c:\windows\waol.exe
c:\windows\win32e.exe
c:\windows\win64.exe
c:\windows\winajbm.dll
c:\windows\window.exe
c:\windows\wpd99.drv
c:\windows\x.exe
c:\windows\xplugin.dll
c:\windows\xxxvideo.hta
c:\windows\y.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-09-06 to 2009-10-06 )))))))))))))))))))))))))))))))
.

2009-10-05 22:51 . 2009-10-05 22:51 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\BitDefender
2009-10-05 21:56 . 2009-10-05 21:56 81984 ----a-w- c:\windows\system32\bdod.bin
2009-10-05 16:30 . 2009-10-05 16:30 -------- d-----w- C:\92b8d7da8ac3017544136e
2009-10-05 16:29 . 2009-10-05 17:00 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-10-05 16:29 . 2009-10-05 16:29 -------- d-----w- c:\windows\system32\LogFiles
2009-10-04 05:58 . 2009-10-04 05:58 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-30 22:08 . 2009-10-05 22:31 -------- d-----w- c:\program files\BitDefender
2009-09-30 21:57 . 2009-10-05 22:31 -------- d-----w- c:\program files\Common Files\BitDefender
2009-09-30 00:52 . 2009-09-30 22:15 471328 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-30 00:52 . 2009-09-30 22:15 30752 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-09-30 00:39 . 2009-09-30 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-09-30 00:38 . 2009-09-30 00:38 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Downloaded Installations
2009-09-08 23:46 . 2009-09-08 23:46 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-08 23:43 . 2009-09-08 23:43 -------- d-----w- c:\program files\Crawler
2009-09-08 20:45 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-08 00:14 . 2009-10-06 03:22 -------- d-----w- c:\program files\Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-05 23:10 . 2007-06-30 01:13 -------- d-----w- c:\program files\CA
2009-10-05 23:09 . 2008-06-29 23:01 -------- d-----w- c:\program files\Spyware Terminator
2009-10-05 23:04 . 2009-06-11 23:06 -------- d-----w- c:\program files\Oberon Media
2009-10-05 00:58 . 2005-01-12 00:11 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-05 00:44 . 2009-08-12 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-04 15:09 . 2008-06-29 23:01 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Spyware Terminator
2009-10-04 15:08 . 2008-06-29 23:05 -------- d-----w- c:\program files\WinClamAVShield
2009-10-04 05:38 . 2009-08-12 17:10 -------- d-----w- c:\program files\NOS
2009-10-04 03:13 . 2004-08-12 02:36 -------- d-----w- c:\program files\Java
2009-10-04 02:55 . 2009-07-01 14:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-30 22:15 . 2009-09-30 00:52 3908 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-09-30 22:15 . 2009-09-30 00:52 7388 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-30 12:09 . 2004-08-12 04:27 -------- d-----w- c:\program files\Easy Internet signup
2009-09-11 00:16 . 2008-02-16 00:00 -------- d-----w- c:\program files\Lx_cats
2009-09-08 23:45 . 2008-06-30 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-08-24 02:47 . 2009-08-24 02:47 -------- d-----w- c:\program files\Microsoft
2009-08-23 17:16 . 2009-08-23 17:15 -------- d-----w- c:\program files\CCleaner
2009-08-18 20:14 . 2007-10-31 03:12 45432 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-16 15:22 . 2004-08-12 04:04 -------- d-----w- c:\program files\Common Files\L&H
2009-08-16 15:19 . 2004-08-12 03:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-16 15:19 . 2004-08-12 04:25 -------- d---a-w- c:\program files\PC-Doctor for Windows
2009-08-16 15:16 . 2009-07-07 00:25 -------- d-----w- c:\program files\Windows Live
2009-08-07 20:40 . 2007-07-05 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2009-08-06 23:24 . 2004-09-20 02:21 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2004-09-20 02:21 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2007-07-31 02:19 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2004-09-20 02:21 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2004-09-20 02:21 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-09-20 03:11 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2004-09-20 02:21 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2009-07-07 19:44 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23 . 2009-07-07 19:44 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2004-09-20 02:21 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-09-20 02:19 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-28 20:33 . 2009-08-23 17:17 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-17 19:01 . 2004-09-20 03:11 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 16:21 . 2004-09-20 02:21 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2007-05-17 00:52 . 2007-05-17 00:52 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-08 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-08 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-08-12 180269]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-04-22 286720]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"USRpdA"="c:\windows\SYSTEM32\USRmlnkA.exe" [2004-08-04 77891]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-08-12 98304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-04 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2004-8-12 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\WINDOWS\\system32\\lxdccoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcwbgw.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdctime.exe"=

R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [9/19/2004 10:19 PM 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
IE: &Search - [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - [You must be registered and logged in to see this link.]
DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} - [You must be registered and logged in to see this link.]
.
.
------- File Associations -------
.
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
AddRemove-HijackThis - c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\R5Y4X8BL\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-10-05 23:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4196632007-4185411347-1678400071-1009\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2009-10-06 23:36
ComboFix-quarantined-files.txt 2009-10-06 03:36

Pre-Run: 15,016,697,856 bytes free
Post-Run: 15,126,355,968 bytes free

352 --- E O F --- 2009-10-05 22:41

khunt104
Novice
Novice

Posts Posts : 17
Joined Joined : 2009-10-03
OS OS : xp
Points Points : 26223
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer running slow...Virus??

Post by Dr Jay on Tue Oct 06, 2009 6:30 am

Hi

I notice that you are using more than one antivirus program.
  • BitDefender
  • Avira Antivir
  • WinClamAV
  • CA

This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through.
It is important that only ONE antivirus program is running realtime protection.
I strongly suggest you either (1) uninstall all but one antivirus program through Control Panel->Add or remove Programs,
OR (2) keep the programs, but leave all but one of them disabled most of the time.
You can still use them for scanning your computer.

==

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

==

Please download [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Right-click on SpiderKill.zip and click Extract All. Follow the prompts and read carefully, to save it to your Desktop.
  • Double-click on the SpiderKill folder, and then double-click on SpiderKill.bat and follow all the prompts in the program.
  • Within a minute, it will save its log titled SpiderKill.txt. Please post that in your next reply. You may have to use two or three posts to be able to fit the information in.


==

Please include the SpiderKill and Malwarebytes logs in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302069
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Computer running slow...Virus??

Post by khunt104 on Tue Oct 06, 2009 5:18 pm

Went to control panel to uninstall antivirus they are not there.......This is why I did not realize I had 4 antivirus software

khunt104
Novice
Novice

Posts Posts : 17
Joined Joined : 2009-10-03
OS OS : xp
Points Points : 26223
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer running slow...Virus??

Post by khunt104 on Tue Oct 06, 2009 7:32 pm

Malwarebytes' Anti-Malware 1.41
Database version: 2916
Windows 5.1.2600 Service Pack 3

10/6/2009 3:32:00 PM
mbam-log-2009-10-06 (15-32-00).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 206287
Time elapsed: 1 hour(s), 38 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 19
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 61

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\cru629.dat.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP468\A0174621.sys (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP417\A0151899.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP417\A0151917.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP417\A0151888.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP417\A0151889.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP417\A0151890.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP417\A0151891.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP417\A0151892.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP417\A0151893.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP417\A0151896.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP417\A0151897.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP417\A0151898.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP417\A0151900.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP417\A0151901.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP417\A0151902.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP417\A0151903.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP417\A0151905.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP417\A0151906.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP417\A0151908.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP417\A0151912.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP417\A0151913.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP417\A0151914.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP417\A0151915.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP417\A0151918.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP417\A0151919.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP417\A0151929.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP417\A0151932.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP417\A0151933.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP421\A0154157.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP421\A0154158.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP421\A0154214.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP421\A0154232.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP421\A0154159.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP421\A0154187.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP421\A0154188.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP421\A0154194.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP421\A0154195.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP421\A0154197.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP421\A0154202.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP421\A0154203.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP421\A0154204.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP421\A0154205.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP421\A0154206.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP421\A0154207.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP421\A0154209.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP421\A0154210.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP421\A0154211.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP421\A0154212.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP421\A0154213.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP421\A0154215.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP421\A0154216.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP421\A0154217.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP421\A0154228.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP421\A0154229.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP421\A0154230.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP421\A0154231.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP423\A0154472.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\tsxcjqxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.

khunt104
Novice
Novice

Posts Posts : 17
Joined Joined : 2009-10-03
OS OS : xp
Points Points : 26223
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer running slow...Virus??

Post by khunt104 on Tue Oct 06, 2009 7:40 pm

spiderKill by DragonMaster Jay ( Oct 2009 )


Microsoft Windows XP [Version 5.1.2600]

********************Drivers list********************


Volume in drive C is HP_PAVILION
Volume Serial Number is 28FB-76ED

Directory of C:\Windows\System32\Drivers

10/06/2009 01:16 PM .
10/06/2009 01:16 PM ..
04/13/2008 02:36 PM 187,776 acpi.sys
08/04/2004 08:00 AM 11,648 acpiec.sys
04/13/2008 08:11 PM 4,255 adv01nt5.dll
04/13/2008 08:11 PM 3,967 adv02nt5.dll
04/13/2008 08:11 PM 3,615 adv05nt5.dll
04/13/2008 08:11 PM 3,647 adv07nt5.dll
04/13/2008 08:11 PM 3,135 adv08nt5.dll
04/13/2008 08:11 PM 3,711 adv09nt5.dll
04/13/2008 08:11 PM 3,775 adv11nt5.dll
04/13/2008 12:39 PM 142,592 aec.sys
08/14/2008 06:04 AM 138,496 afd.sys
04/13/2008 02:36 PM 42,368 agp440.sys
04/13/2008 02:36 PM 44,928 agpcpq.sys
08/01/2003 10:37 PM 1,040 alcxinit.dat
12/12/2003 09:54 AM 391,424 ALCXSENS.SYS
10/01/2004 10:24 AM 2,279,424 ALCXWDM.SYS
04/13/2008 02:36 PM 42,752 alim1541.sys
04/13/2008 02:36 PM 43,008 amdagp.sys
04/13/2008 02:31 PM 37,376 amdk6.sys
04/13/2008 02:31 PM 37,760 amdk7.sys
04/13/2008 02:51 PM 60,800 arp1394.sys
04/13/2008 02:57 PM 14,336 asyncmac.sys
04/13/2008 02:40 PM 96,512 atapi.sys
08/03/2004 10:29 PM 56,623 ati1btxx.sys
08/03/2004 10:29 PM 11,615 ati1mdxx.sys
08/03/2004 10:29 PM 12,047 ati1pdxx.sys
08/03/2004 10:29 PM 30,671 ati1raxx.sys
08/03/2004 10:29 PM 63,663 ati1rvxx.sys
08/03/2004 10:29 PM 26,367 ati1snxx.sys
08/03/2004 10:29 PM 21,343 ati1ttxx.sys
08/03/2004 10:29 PM 36,463 ati1tuxx.sys
08/03/2004 10:29 PM 29,455 ati1xbxx.sys
08/03/2004 10:29 PM 34,735 ati1xsxx.sys
08/03/2004 10:29 PM 327,040 ati2mtaa.sys
08/03/2004 10:29 PM 701,440 ati2mtag.sys
08/03/2004 10:29 PM 57,856 atinbtxx.sys
08/03/2004 10:29 PM 13,824 atinmdxx.sys
08/03/2004 10:29 PM 14,336 atinpdxx.sys
08/03/2004 10:29 PM 52,224 atinraxx.sys
08/03/2004 10:29 PM 104,960 atinrvxx.sys
08/03/2004 10:29 PM 28,672 atinsnxx.sys
08/03/2004 10:29 PM 13,824 atinttxx.sys
08/03/2004 10:29 PM 73,216 atintuxx.sys
08/03/2004 10:29 PM 31,744 atinxbxx.sys
08/03/2004 10:29 PM 63,488 atinxsxx.sys
07/17/2004 11:36 AM 64,352 ativmc20.cod
04/13/2008 02:51 PM 59,904 atmarpc.sys
08/04/2004 08:00 AM 31,360 atmepvc.sys
04/13/2008 02:51 PM 55,808 atmlane.sys
08/04/2004 08:00 AM 352,256 atmuni.sys
04/13/2008 08:11 PM 21,183 atv01nt5.dll
04/13/2008 08:11 PM 11,359 atv02nt5.dll
04/13/2008 08:11 PM 25,471 atv04nt5.dll
04/13/2008 08:11 PM 14,143 atv06nt5.dll
04/13/2008 08:11 PM 17,279 atv10nt5.dll
08/17/2001 04:59 PM 3,072 audstub.sys
07/28/2009 04:33 PM 55,656 avgntflt.sys
08/04/2004 08:00 AM 4,224 beep.sys
04/13/2008 02:53 PM 71,552 bridge.sys
04/13/2008 02:46 PM 17,024 bthenum.sys
04/13/2008 02:46 PM 37,888 bthmodem.sys
04/13/2008 02:51 PM 101,120 bthpan.sys
06/13/2008 07:05 AM 272,128 bthport.sys
04/13/2008 02:46 PM 36,480 bthprint.sys
04/13/2008 02:46 PM 18,944 bthusb.sys
08/04/2004 08:00 AM 13,952 cbidf2k.sys
08/04/2004 03:00 PM 18,688 cdaudio.sys
04/13/2008 03:14 PM 63,744 cdfs.sys
08/19/2005 03:00 AM 2,432 cdr4_xp.sys
08/19/2005 03:00 AM 2,560 cdralw2k.sys
04/13/2008 02:40 PM 62,976 cdrom.sys
04/13/2008 08:11 PM 15,423 ch7xxnt5.dll
08/04/2004 03:00 PM 262,528 cinemst2.sys
04/13/2008 03:16 PM 49,536 classpnp.sys
08/04/2004 03:00 PM 11,776 cpqdap01.sys
04/13/2008 02:31 PM 36,736 crusoe.sys
07/17/2004 10:55 PM 129,045 cxthsfs2.cty
08/11/2004 02:01 PM disdn
04/13/2008 02:40 PM 36,352 disk.sys
04/13/2008 02:40 PM 14,208 diskdump.sys
04/13/2008 02:44 PM 799,744 dmboot.sys
04/13/2008 02:44 PM 153,344 dmio.sys
08/04/2004 08:00 AM 5,888 dmload.sys
04/13/2008 02:45 PM 52,864 dmusic.sys
04/13/2008 02:45 PM 60,160 drmk.sys
04/13/2008 02:45 PM 2,944 drmkaud.sys
08/04/2004 08:00 AM 10,496 dxapi.sys
04/13/2008 02:38 PM 71,168 dxg.sys
08/04/2004 08:00 AM 3,328 dxgthk.sys
10/05/2009 02:59 PM etc
04/13/2008 03:14 PM 143,744 fastfat.sys
04/13/2008 02:40 PM 27,392 fdc.sys
04/13/2008 02:33 PM 44,544 fips.sys
04/13/2008 02:40 PM 20,480 flpydisk.sys
04/13/2008 02:32 PM 129,792 fltmgr.sys
08/04/2004 03:00 PM 12,160 fsvga.sys
08/04/2004 08:00 AM 7,936 fs_rec.sys
08/04/2004 08:00 AM 125,056 ftdisk.sys
04/13/2008 02:36 PM 46,464 gagp30kx.sys
04/06/2004 03:42 AM 13,872 GEARAspiWDM.sys
08/04/2004 08:00 AM 3,440,660 gm.dls
08/04/2004 08:00 AM 646 gmreadme.txt
04/13/2008 12:36 PM 144,384 hdaudbus.sys
03/18/2004 02:10 AM 113,664 Hdaudio.sys
04/13/2008 02:46 PM 25,600 hidbth.sys
04/13/2008 02:45 PM 36,864 hidclass.sys
04/13/2008 02:45 PM 19,200 hidir.sys
04/13/2008 02:45 PM 24,960 hidparse.sys
08/03/2004 10:41 PM 220,032 hsfbs2s2.sys
08/03/2004 10:41 PM 685,056 hsfcxts2.sys
08/03/2004 10:41 PM 1,041,536 hsfdpsp2.sys
04/13/2008 02:53 PM 264,832 http.sys
04/13/2008 03:18 PM 52,480 i8042prt.sys
08/20/2004 04:26 PM 737,874 ialmnt5.sys
04/13/2008 02:40 PM 42,112 imapi.sys
04/13/2008 02:40 PM 5,504 intelide.sys
04/13/2008 02:31 PM 36,352 intelppm.sys
04/13/2008 02:53 PM 36,608 ip6fw.sys
08/04/2004 08:00 AM 32,896 ipfltdrv.sys
04/13/2008 02:57 PM 20,864 ipinip.sys
04/13/2008 02:57 PM 152,832 ipnat.sys
04/13/2008 03:19 PM 75,264 ipsec.sys
04/13/2008 02:54 PM 11,264 irenum.sys
04/13/2008 02:36 PM 37,248 isapnp.sys
04/13/2008 02:39 PM 24,576 kbdclass.sys
04/13/2008 02:45 PM 172,416 kmixer.sys
04/13/2008 03:16 PM 141,056 ks.sys
06/24/2009 07:18 AM 92,928 ksecdd.sys
09/10/2009 02:53 PM 19,160 mbam.sys
09/10/2009 02:54 PM 38,224 mbamswissarmy.sys
08/04/2004 08:00 AM 7,680 mcd.sys
08/03/2004 10:41 PM 11,868 mdmxsdk.sys
04/13/2008 02:36 PM 63,744 mf.sys
08/04/2004 08:00 AM 4,224 mnmdd.sys
04/13/2008 03:00 PM 30,080 modem.sys
04/13/2008 02:39 PM 23,040 mouclass.sys
04/13/2008 02:39 PM 42,368 mountmgr.sys
04/13/2008 02:32 PM 180,608 mrxdav.sys
10/24/2008 07:21 AM 455,296 mrxsmb.sys
04/13/2008 02:32 PM 19,072 msfs.sys
04/13/2008 02:56 PM 35,072 msgpc.sys
04/13/2008 02:39 PM 7,552 mskssrv.sys
04/13/2008 02:39 PM 5,376 mspclock.sys
04/13/2008 02:39 PM 4,992 mspqm.sys
04/13/2008 02:36 PM 15,488 mssmbios.sys
08/03/2004 10:41 PM 126,686 mtlmnt5.sys
08/03/2004 10:41 PM 1,309,184 mtlstrm.sys
08/03/2004 10:29 PM 452,736 mtxparhm.sys
04/13/2008 03:17 PM 105,344 mup.sys
04/13/2008 02:43 PM 12,672 mutohpen.sys
04/13/2008 03:20 PM 182,656 ndis.sys
04/13/2008 02:57 PM 10,112 ndistapi.sys
04/13/2008 02:55 PM 14,592 ndisuio.sys
04/13/2008 03:20 PM 91,520 ndiswan.sys
04/13/2008 02:57 PM 40,576 ndproxy.sys
04/13/2008 02:56 PM 34,688 netbios.sys
04/13/2008 03:21 PM 162,816 netbt.sys
07/17/2004 11:35 AM 67,866 netwlan5.img
04/13/2008 02:51 PM 61,824 nic1394.sys
08/04/2004 03:00 PM 12,032 nikedrv.sys
04/13/2008 02:53 PM 40,320 nmnt.sys
04/13/2008 02:32 PM 30,848 npfs.sys
04/13/2008 03:15 PM 574,976 ntfs.sys
08/03/2004 10:41 PM 180,360 ntmtlfax.sys
08/04/2004 08:00 AM 2,944 null.sys
08/03/2004 10:29 PM 1,897,408 nv4_mini.sys
08/04/2004 08:00 AM 12,416 nwlnkflt.sys
08/04/2004 08:00 AM 32,512 nwlnkfwd.sys
04/13/2008 02:56 PM 88,320 nwlnkipx.sys
08/04/2004 08:00 AM 63,232 nwlnknb.sys
08/04/2004 08:00 AM 55,936 nwlnkspx.sys
08/04/2004 08:00 AM 3,456 oprghdlr.sys
04/13/2008 02:31 PM 42,752 p3.sys
04/13/2008 02:40 PM 80,128 parport.sys
04/13/2008 02:40 PM 19,712 partmgr.sys
08/04/2004 08:00 AM 6,784 parvdm.sys
04/13/2008 02:36 PM 68,224 pci.sys
08/04/2004 08:00 AM 3,328 pciide.sys
04/13/2008 02:40 PM 24,960 pciidex.sys
04/13/2008 02:36 PM 120,192 pcmcia.sys
04/13/2008 03:19 PM 146,048 portcls.sys
04/13/2008 02:31 PM 35,840 processr.sys
06/04/2001 05:00 PM 14,112 PS2.sys
04/13/2008 02:56 PM 69,120 psched.sys
08/04/2004 08:00 AM 17,792 ptilink.sys
08/19/2005 03:00 AM 46,080 pxhelp20.sys
10/04/2002 08:04 PM 46,976 R8139n51.sys
08/04/2004 08:00 AM 8,832 rasacd.sys
04/13/2008 03:19 PM 51,328 rasl2tp.sys
04/13/2008 02:57 PM 41,472 raspppoe.sys
04/13/2008 03:19 PM 48,384 raspptp.sys
08/04/2004 08:00 AM 16,512 raspti.sys
08/04/2004 08:00 AM 34,432 rawwan.sys
04/13/2008 03:28 PM 175,744 rdbss.sys
08/04/2004 08:00 AM 4,224 rdpcdd.sys
04/13/2008 02:32 PM 196,224 rdpdr.sys
04/13/2008 08:13 PM 139,656 rdpwd.sys
08/03/2004 10:41 PM 13,776 recagent.sys
04/13/2008 02:40 PM 57,600 redbook.sys
04/13/2008 02:46 PM 59,136 rfcomm.sys
08/04/2004 03:00 PM 12,032 rio8drv.sys
08/04/2004 03:00 PM 12,032 riodrv.sys
05/08/2008 10:02 AM 203,136 rmcast.sys
04/13/2008 02:56 PM 30,592 rndismp.sys
04/13/2008 02:56 PM 30,592 rndismpx.sys
08/04/2004 08:00 AM 5,888 rootmdm.sys
08/04/2004 01:31 AM 20,992 RTL8139.sys
08/03/2004 10:29 PM 166,912 s3gnbm.sys
04/13/2008 02:40 PM 96,384 scsiport.sys
04/13/2008 02:36 PM 79,232 sdbus.sys
11/13/2007 06:25 AM 20,480 secdrv.sys
04/13/2008 02:40 PM 15,744 serenum.sys
04/13/2008 03:15 PM 64,512 serial.sys
04/13/2008 02:40 PM 11,904 sffdisk.sys
04/13/2008 02:40 PM 10,240 sffp_mmc.sys
04/13/2008 02:40 PM 11,008 sffp_sd.sys
04/13/2008 02:40 PM 11,392 sfloppy.sys
04/13/2008 08:12 PM 3,901 siint5.dll
04/13/2008 02:36 PM 40,960 sisagp.sys
08/03/2004 10:41 PM 129,535 slnt7554.sys
08/03/2004 10:41 PM 404,990 slntamr.sys
08/03/2004 10:41 PM 95,424 slnthal.sys
08/03/2004 10:41 PM 13,240 slwdmsup.sys
04/13/2008 02:36 PM 5,888 smbali.sys
08/04/2004 08:00 AM 14,592 smclib.sys
04/13/2008 02:46 PM 25,344 sonydcam.sys
04/13/2008 02:45 PM 6,272 splitter.sys
06/30/2008 04:47 AM 141,312 sp_rsdrv2.sys
04/13/2008 02:36 PM 73,472 sr.sys
12/11/2008 06:57 AM 333,952 srv.sys
04/13/2008 02:45 PM 49,408 stream.sys
04/13/2008 02:39 PM 4,352 swenum.sys
04/13/2008 02:45 PM 56,576 swmidi.sys
04/13/2008 03:15 PM 60,800 sysaudio.sys
04/13/2008 02:40 PM 14,976 tape.sys
06/20/2008 07:51 AM 361,600 tcpip.sys
06/20/2008 07:08 AM 225,856 tcpip6.sys
04/13/2008 03:00 PM 19,072 tdi.sys
04/13/2008 08:13 PM 12,040 tdpipe.sys
04/13/2008 08:13 PM 21,896 tdtcp.sys
04/13/2008 08:13 PM 40,840 termdd.sys
08/04/2004 03:00 PM 51,712 tosdvd.sys
08/04/2004 03:00 PM 21,376 tsbvcap.sys
04/13/2008 02:56 PM 12,288 tunmp.sys
04/13/2008 02:36 PM 44,672 uagp35.sys
04/13/2008 02:32 PM 66,048 udfs.sys
10/05/2009 01:00 PM UMDF
04/13/2008 02:39 PM 384,768 update.sys
04/13/2008 02:56 PM 12,800 usb8023.sys
04/13/2008 02:56 PM 12,800 usb8023x.sys
04/13/2008 02:45 PM 25,600 usbcamd.sys
04/13/2008 02:45 PM 25,728 usbcamd2.sys
08/04/2004 08:00 AM 4,736 usbd.sys
04/13/2008 02:45 PM 30,208 usbehci.sys
04/13/2008 02:45 PM 59,520 usbhub.sys
04/13/2008 02:45 PM 15,872 usbintel.sys
04/13/2008 02:45 PM 143,872 usbport.sys
04/13/2008 02:47 PM 25,856 usbprint.sys
04/13/2008 02:45 PM 15,104 usbscan.sys
04/13/2008 02:45 PM 26,368 usbstor.sys
04/13/2008 02:45 PM 20,608 usbuhci.sys
04/13/2008 02:46 PM 121,984 usbvideo.sys
08/17/2001 04:28 PM 224,802 USR1807A.sys
08/17/2001 04:28 PM 7,556 USRoslbA.sys
08/17/2001 04:28 PM 113,762 USRpdA.sys
04/13/2008 08:12 PM 11,325 vchnt5.dll
08/04/2004 03:00 PM 58,112 vdmindvd.sys
04/13/2008 02:44 PM 20,992 vga.sys
04/13/2008 02:36 PM 42,240 viaagp.sys
07/02/2003 02:42 PM 27,904 VIAAGP1.SYS
04/13/2008 02:40 PM 5,376 viaide.sys
04/13/2008 02:44 PM 81,664 videoprt.sys
04/13/2008 02:41 PM 52,352 volsnap.sys
05/06/2004 12:28 AM 142,976 vtmini.sys
04/13/2008 02:43 PM 14,208 wacompen.sys
08/03/2004 10:29 PM 11,807 wadv07nt.sys
08/03/2004 10:29 PM 11,295 wadv08nt.sys
08/03/2004 10:29 PM 11,871 wadv09nt.sys
08/03/2004 10:29 PM 11,935 wadv11nt.sys
04/13/2008 02:57 PM 34,560 wanarp.sys
08/03/2004 10:29 PM 22,271 watv06nt.sys
08/03/2004 10:29 PM 25,471 watv10nt.sys
04/13/2008 03:17 PM 83,072 wdmaud.sys
08/04/2004 08:00 AM 4,352 wmilib.sys
10/18/2006 08:00 PM 38,528 wpdusb.sys
08/04/2004 08:00 AM 12,032 ws2ifsl.sys
09/28/2006 06:55 PM 77,568 WudfPf.sys
09/28/2006 07:00 PM 82,944 WudfRd.sys
285 File(s) 30,349,703 bytes

Directory of C:\Windows\System32\Drivers\disdn

08/11/2004 02:01 PM .
08/11/2004 02:01 PM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\etc

10/05/2009 02:59 PM .
10/05/2009 02:59 PM ..
08/04/2004 03:00 PM 734 hosts
08/04/2004 08:00 AM 3,683 lmhosts.sam
08/04/2004 03:00 PM 407 networks
08/04/2004 03:00 PM 799 protocol
08/04/2004 03:00 PM 7,116 services
5 File(s) 12,739 bytes

Directory of C:\Windows\System32\Drivers\UMDF

10/05/2009 01:00 PM .
10/05/2009 01:00 PM ..
10/18/2006 09:47 PM 671,232 wpdmtpdr.dll
1 File(s) 671,232 bytes

Total Files Listed:
291 File(s) 31,033,674 bytes
11 Dir(s) 15,145,377,792 bytes free


***********************Hidden Drivers********************
Volume in drive C is HP_PAVILION
Volume Serial Number is 28FB-76ED

Directory of C:\Windows\System32\Drivers

09/30/2009 06:15 PM 471,328 fidbox.dat
09/30/2009 06:15 PM 7,388 fidbox.idx
09/30/2009 06:15 PM 30,752 fidbox2.dat
09/30/2009 06:15 PM 3,908 fidbox2.idx
06/30/2008 01:34 AM 4,156 HP_PJ562AA-ABA a705w_YC_Pavi_QCNC441_E44NAheBLW1_4_IGamila Giovani Neon series_SMICRO-STAR INTERNATIONAL CO., LTD_V030_B3.15_T040805_WXH2_L409_M248_J40_7Intel_8Celeron_92.93_1_N10EC8139_P_Z12B91007_K_A808624C5_U808624C2.MRK
5 File(s) 517,532 bytes
0 Dir(s) 15,145,373,696 bytes free


*********************Processes*******************


PROCESS PID PRIO PATH
smss.exe 416 Normal C:\WINDOWS\System32\smss.exe
csrss.exe 480 Normal C:\WINDOWS\system32\csrss.exe
winlogon.exe 504 High C:\WINDOWS\system32\winlogon.exe
services.exe 548 Normal C:\WINDOWS\system32\services.exe
lsass.exe 560 Normal C:\WINDOWS\system32\lsass.exe
svchost.exe 708 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 764 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 800 Normal C:\WINDOWS\System32\svchost.exe
svchost.exe 848 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 932 Normal C:\WINDOWS\system32\svchost.exe
spoolsv.exe 1056 Normal C:\WINDOWS\system32\spoolsv.exe
svchost.exe 1132 Normal C:\WINDOWS\system32\svchost.exe
jqs.exe 1184 Idle C:\Program Files\Java\jre6\bin\jqs.exe
lxdccoms.exe 1204 High C:\WINDOWS\system32\lxdccoms.exe
MDM.EXE 1240 Normal C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
SeaPort.exe 1300 Normal C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
sp_rsser.exe 1360 Normal C:\Program Files\Spyware Terminator\sp_rsser.exe
svchost.exe 1392 Normal C:\WINDOWS\system32\svchost.exe
alg.exe 1612 Normal C:\WINDOWS\System32\alg.exe
wscntfy.exe 352 Normal C:\WINDOWS\system32\wscntfy.exe
Explorer.EXE 716 Normal C:\WINDOWS\Explorer.EXE
wuauclt.exe 968 Normal C:\WINDOWS\system32\wuauclt.exe
hpsysdrv.exe 552 Normal C:\windows\system\hpsysdrv.exe
hkcmd.exe 1652 Normal C:\WINDOWS\system32\hkcmd.exe
hphmon06.exe 1520 Normal C:\WINDOWS\system32\hphmon06.exe
KBD.EXE 1512 High C:\HP\KBD\KBD.EXE
realsched.exe 760 Normal C:\Program Files\Common Files\Real\Update_OB\realsched.exe
iTunesHelper.exe 1040 Normal C:\Program Files\iTunes\iTunesHelper.exe
USRmlnkA.exe 1788 Real Time C:\WINDOWS\SYSTEM32\USRmlnkA.exe
ALCXMNTR.EXE 1820 Normal C:\WINDOWS\ALCXMNTR.EXE
igfxtray.exe 1836 Normal C:\WINDOWS\system32\igfxtray.exe
qttask.exe 1884 Normal C:\Program Files\QuickTime\qttask.exe
HPWuSchd2.exe 996 Normal C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
jusched.exe 1648 Normal C:\Program Files\Java\jre6\bin\jusched.exe
ctfmon.exe 1292 Normal C:\WINDOWS\system32\ctfmon.exe
hpqtra08.exe 1748 Normal C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Updates from HP.exe 1928 Normal C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
USRshutA.exe 620 Normal C:\WINDOWS\SYSTEM32\USRshutA.exe
USRmlnkA.exe 1552 Normal C:\WINDOWS\SYSTEM32\USRmlnkA.exe
iPodService.exe 2104 Normal C:\Program Files\iPod\bin\iPodService.exe
hpqimzone.exe 2472 Normal C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
IEXPLORE.EXE 3092 Normal C:\Program Files\Internet Explorer\IEXPLORE.EXE
IEXPLORE.EXE 3544 Normal C:\Program Files\Internet Explorer\IEXPLORE.EXE
msntask.exe 3476 Normal C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe
cmd.exe 2440 Normal C:\WINDOWS\system32\cmd.exe
processes.exe 1440 Normal C:\Documents and Settings\HP_Owner\My Documents\SpiderKill\SpiderKill\processes.exe


Module information for 'Explorer.EXE'(716)
MODULE BASE SIZE PATH
Explorer.EXE 1000000 1044480 C:\WINDOWS\Explorer.EXE 6.00.2900.5512 (xpsp.080413-2105) Windows Explorer
ntdll.dll 7c900000 729088 C:\WINDOWS\system32\ntdll.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) NT Layer DLL
kernel32.dll 7c800000 1007616 C:\WINDOWS\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 598016 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.5795 (xpsp_sp3_gdr.090415-1241) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
BROWSEUI.dll 75f80000 1036288 C:\WINDOWS\system32\BROWSEUI.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
GDI32.dll 77f10000 299008 C:\WINDOWS\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
USER32.dll 7e410000 593920 C:\WINDOWS\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft OLE for Windows
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Light-weight Utility Library
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.5512 5.1.2600.5512
SHDOCVW.dll 7e290000 1511424 C:\WINDOWS\system32\SHDOCVW.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Doc Object and Control Library
CRYPT32.dll 77a80000 610304 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.5512 (xpsp.080413-2113) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.5512 (xpsp.080413-0852) ASN.1 Runtime APIs
CRYPTUI.dll 754d0000 524288 C:\WINDOWS\system32\CRYPTUI.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust UI Provider
NETAPI32.dll 5b860000 348160 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312) Net Win32 API DLL
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
WININET.dll 3d930000 942080 C:\WINDOWS\system32\WININET.dll 8.00.6001.18806 (longhorn_ie8_gdr.090701-1700) Internet Extensions for Win32
Normaliz.dll 400000 36864 C:\WINDOWS\system32\Normaliz.dll 6.0.5441.0 (winmain(wmbla).060628-1735) Unicode Normalization DLL
urlmon.dll 78130000 1253376 C:\WINDOWS\system32\urlmon.dll 8.00.6001.18806 (longhorn_ie8_gdr.090701-1700) OLE32 Extensions for Win32
iertutil.dll 3dfd0000 1998848 C:\WINDOWS\system32\iertutil.dll 8.00.6001.18806 (longhorn_ie8_gdr.090701-1700) Run time utility for Internet Explorer
WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.5512 (xpsp.080413-2105) Windows NT Image Helper
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
SHELL32.dll 7c9c0000 8482816 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319) Windows Shell Common Dll
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
ShimEng.dll 5cb70000 155648 C:\WINDOWS\system32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.5512 (xpsp.080413-0845) MCI API DLL
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
USERENV.dll 769c0000 737280 C:\WINDOWS\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
IMM32.DLL 76390000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 6.0 (xpsp.080413-2105) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.080413-2105) Common Controls Library
msctfime.ime 755c0000 188416 C:\WINDOWS\system32\msctfime.ime 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442) Microsoft Text Frame Work Service IME
appHelp.dll 77b40000 139264 C:\WINDOWS\system32\appHelp.dll 5.1.2600.5512 (xpsp.080413-2105) Application Compatibility Client Library
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.700 2001.12.4414.700
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.700 2001.12.4414.700
cscui.dll 77a20000 344064 C:\WINDOWS\System32\cscui.dll 5.1.2600.5512 (xpsp.080413-2105) Client Side Caching UI
CSCDLL.dll 76600000 118784 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.5512 (xpsp.080413-2111) Offline Network Agent
themeui.dll 5ba60000 462848 C:\WINDOWS\system32\themeui.dll 6.00.2900.5512 (xpsp.080413-2105) Windows Theme API
MSIMG32.dll 76380000 20480 C:\WINDOWS\system32\MSIMG32.dll 5.1.2600.5512 (xpsp.080413-2105) GDIEXT Client DLL
xpsp2res.dll 1170000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.5512 (xpsp.080413-2113) SAM Library DLL
ntshrui.dll 76990000 151552 C:\WINDOWS\system32\ntshrui.dll 5.1.2600.5512 (xpsp.080413-2105) Shell extensions for sharing
ATL.DLL 76b20000 69632 C:\WINDOWS\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
LINKINFO.dll 76980000 32768 C:\WINDOWS\system32\LINKINFO.dll 5.1.2600.5512 (xpsp.080413-2105) Windows Volume Tracking
SETUPAPI.dll 77920000 995328 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Setup API
ieframe.dll 3e1c0000 11083776 C:\WINDOWS\system32\ieframe.dll 8.00.6001.18812 (longhorn_ie8_gdr.090717-2100) Internet Explorer
NETSHELL.dll 76400000 1724416 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.5512 (xpsp.080413-0852) Network Connections Shell
credui.dll 76c00000 188416 C:\WINDOWS\system32\credui.dll 5.1.2600.5512 (xpsp.080413-2113) Credential Manager User Interface
dot3api.dll 478c0000 40960 C:\WINDOWS\system32\dot3api.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 Autoconfiguration API
rtutils.dll 76e80000 57344 C:\WINDOWS\system32\rtutils.dll 5.1.2600.5512 (xpsp.080413-0852) Routing Utilities
dot3dlg.dll 736d0000 24576 C:\WINDOWS\system32\dot3dlg.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 UI Helper
OneX.DLL 5dca0000 163840 C:\WINDOWS\system32\OneX.DLL 5.1.2600.5512 (xpsp.080413-0852) IEEE 802.1X supplicant library
WTSAPI32.dll 76f50000 32768 C:\WINDOWS\system32\WTSAPI32.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Terminal Server SDK APIs
WINSTA.dll 76360000 65536 C:\WINDOWS\system32\WINSTA.dll 5.1.2600.5512 (xpsp.080413-2111) Winstation Library
eappcfg.dll 745b0000 139264 C:\WINDOWS\system32\eappcfg.dll 5.1.2600.5512 (xpsp.080413-0852) Eap Peer Config
MSVCP60.dll 76080000 413696 C:\WINDOWS\system32\MSVCP60.dll 6.02.3104.0 Microsoft (R) C++ Runtime Library
eappprxy.dll 5dcd0000 57344 C:\WINDOWS\system32\eappprxy.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft EAPHost Peer Client DLL
iphlpapi.dll 76d60000 102400 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.5512 (xpsp.080413-0852) IP Helper API
WS2_32.dll 71ab0000 94208 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
webcheck.dll 1e50000 249856 C:\WINDOWS\system32\webcheck.dll 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) Web Site Monitor
MLANG.dll 75cf0000 593920 C:\WINDOWS\system32\MLANG.dll 6.00.2900.5512 (xpsp.080413-2105) Multi Language Support DLL
stobject.dll 76280000 135168 C:\WINDOWS\system32\stobject.dll 5.1.2600.5512 (xpsp.080413-2105) Systray shell service object
BatMeter.dll 74af0000 40960 C:\WINDOWS\system32\BatMeter.dll 6.00.2900.5512 (xpsp.080413-2105) Battery Meter Helper DLL
POWRPROF.dll 74ad0000 32768 C:\WINDOWS\system32\POWRPROF.dll 6.00.2900.5512 (xpsp.080413-2105) Power Profile Helper DLL
WPDShServiceObj.dll 164a0000 143360 C:\WINDOWS\system32\WPDShServiceObj.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device Shell Service Object
WINHTTP.dll 4d4f0000 364544 C:\WINDOWS\system32\WINHTTP.dll 5.1.2600.5727 (xpsp_sp3_gdr.081215-1359) Windows HTTP Services
msi.dll 7d1e0000 2867200 C:\WINDOWS\system32\msi.dll 3.1.4001.5512 Windows Installer
mydocs.dll 72410000 106496 C:\WINDOWS\system32\mydocs.dll 6.00.2900.5512 (xpsp.080413-2105) My Documents Folder UI
wdmaud.drv 72d20000 36864 C:\WINDOWS\system32\wdmaud.drv 5.1.2600.5512 (xpsp.080413-2108) WDM Audio driver mapper
msacm32.drv 72d10000 32768 C:\WINDOWS\system32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
midimap.dll 77bd0000 28672 C:\WINDOWS\system32\midimap.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft MIDI Mapper
PortableDeviceTypes.dll 109c0000 180224 C:\WINDOWS\system32\PortableDeviceTypes.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device (Parameter) Types Component
PortableDeviceApi.dll 10930000 299008 C:\WINDOWS\system32\PortableDeviceApi.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device API Components
rsaenh.dll 68000000 221184 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.5507 (xpsp.080318-1711) Microsoft Enhanced Cryptographic Provider
MSCTF.dll 74720000 311296 C:\WINDOWS\system32\MSCTF.dll 5.1.2600.5512 (xpsp.080413-2105) MSCTF Server DLL
IadHide5.dll 10000000 24576 C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\IadHide5.dll Version 6.3.2 (Build 62R) IAdHide
NTMARTA.DLL 77690000 135168 C:\WINDOWS\system32\NTMARTA.DLL 5.1.2600.5512 (xpsp.080413-2113) Windows NT MARTA provider
MPR.dll 71b20000 73728 C:\WINDOWS\system32\MPR.dll 5.1.2600.5512 (xpsp.080413-0852) Multiple Provider Router DLL
drprov.dll 75f60000 28672 C:\WINDOWS\System32\drprov.dll 5.1.2600.5512 (xpsp.080413-2111) Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 57344 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft® Lan Manager
NETUI0.dll 71cd0000 94208 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - GUI Classes
NETUI1.dll 71c90000 262144 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 28672 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.5512 (xpsp.080413-2113) Net Remote Admin Protocol DLL
davclnt.dll 75f70000 40960 C:\WINDOWS\System32\davclnt.dll 5.1.2600.5512 (xpsp.080413-2111) Web DAV Client DLL
mslbui.dll 605d0000 36864 C:\WINDOWS\system32\mslbui.dll 5.1.2600.5512 (xpsp.080413-2105) LangageBar Add In
SXS.DLL 7e720000 720896 C:\WINDOWS\system32\SXS.DLL 5.1.2600.5512 (xpsp.080413-2111) Fusion 2.5
WZCSAPI.DLL 73030000 65536 C:\WINDOWS\system32\WZCSAPI.DLL 5.1.2600.5512 (xpsp.080413-0852) Wireless Zero Configuration service API
wzcdlg.dll 5df10000 393216 C:\WINDOWS\system32\wzcdlg.dll 5.1.2600.5512 (xpsp.080413-0852) Wireless Zero Configuration Service UI
browselc.dll 71600000 73728 C:\WINDOWS\system32\browselc.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
DSOUND.dll 73f10000 376832 C:\WINDOWS\system32\DSOUND.dll 5.3.2600.5512 (xpsp.080413-0845) DirectSound
DUSER.dll 6c1b0000 315392 C:\WINDOWS\system32\DUSER.dll 5.1.2600.5512 (xpsp.080413-2105) Windows DirectUser Engine
printui.dll 74b80000 573440 C:\WINDOWS\system32\printui.dll 5.1.2600.5512 (xpsp.080413-0852) Print UI DLL
ACTIVEDS.dll 77cc0000 204800 C:\WINDOWS\system32\ACTIVEDS.dll 5.1.2600.5512 (xpsp.080413-2113) ADs Router Layer DLL
adsldpc.dll 76e10000 151552 C:\WINDOWS\system32\adsldpc.dll 5.1.2600.5512 (xpsp.080413-2113) ADs LDAP Provider C DLL
CFGMGR32.dll 74ae0000 28672 C:\WINDOWS\system32\CFGMGR32.dll 5.1.2600.5512 (xpsp.080413-2111) Configuration Manager Forwarder DLL
WINSPOOL.DRV 73000000 155648 C:\WINDOWS\system32\WINSPOOL.DRV 5.1.2600.5512 (xpsp.080413-0852) Windows Spooler Driver
OLEACC.dll 74c80000 180224 C:\WINDOWS\system32\OLEACC.dll 4.2.5406.0 (xpclient.010817-1148) Active Accessibility Core Component
shdoclc.dll 71800000 557056 C:\WINDOWS\system32\shdoclc.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Doc Object and Control Library
MSGINA.dll 75970000 1015808 C:\WINDOWS\system32\MSGINA.dll 5.1.2600.5512 (xpsp.080413-2113) Windows NT Logon GINA DLL
ODBC32.dll 74320000 249856 C:\WINDOWS\system32\ODBC32.dll 3.525.1132.0 (xpsp.080413-0852) Microsoft Data Access - ODBC Driver Manager
comdlg32.dll 763b0000 299008 C:\WINDOWS\system32\comdlg32.dll 6.00.2900.5512 (xpsp.080413-2105) Common Dialogs DLL
odbcint.dll 2940000 94208 C:\WINDOWS\system32\odbcint.dll 3.525.1132.0 (xpsp.080413-0852) Microsoft Data Access - ODBC Resources
DNSAPI.dll 76f20000 159744 C:\WINDOWS\system32\DNSAPI.dll 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249) DNS Client API DLL
RASAPI32.dll 76ee0000 245760 C:\WINDOWS\system32\RASAPI32.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access API
rasman.dll 76e90000 73728 C:\WINDOWS\system32\rasman.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access Connection Manager
TAPI32.dll 76eb0000 192512 C:\WINDOWS\system32\TAPI32.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft® Windows(TM) Telephony API Client DLL
jscript.dll 3d7a0000 737280 C:\WINDOWS\system32\jscript.dll 5.8.6001.22886 Microsoft (R) Jscript
msv1_0.dll 77c70000 151552 C:\WINDOWS\system32\msv1_0.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Microsoft Authentication Package v1.0
cryptdll.dll 76790000 49152 C:\WINDOWS\system32\cryptdll.dll 5.1.2600.5512 (xpsp.080413-2113) Cryptography Manager
sensapi.dll 722b0000 20480 C:\WINDOWS\system32\sensapi.dll 5.1.2600.5512 (xpsp.080413-2108) SENS Connectivity API DLL
mswsock.dll 71a50000 258048 C:\WINDOWS\System32\mswsock.dll 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249) Microsoft Windows Sockets 2.0 Service Provider
rasadhlp.dll 76fc0000 24576 C:\WINDOWS\system32\rasadhlp.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access AutoDial Helper
hnetcfg.dll 662b0000 360448 C:\WINDOWS\system32\hnetcfg.dll 5.1.2600.5512 (xpsp.080413-0852) Home Networking Configuration Manager
wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Sockets Helper DLL
mscoree.dll 79000000 282624 C:\WINDOWS\system32\mscoree.dll 2.0.50727.253 (QFE.050727-2500) Microsoft .NET Runtime Execution Engine
Shfusion.dll 796e0000 253952 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Shfusion.dll 1.1.4322.573 Microsoft COM Runtime Fusion Assembly Viewer
MSVCR71.dll 7c340000 352256 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll 7.10.3052.4 Microsoft® C Runtime Library
PDFShell.dll e00000 372736 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll 9.1.0.2009022700 PDF Shell Extension
MSVCR80.dll e60000 634880 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 8.00.50727.762 Microsoft® C Runtime Library
msxml3.dll 74980000 1130496 C:\WINDOWS\system32\msxml3.dll 8.100.1048.0 MSXML 3.0 SP10
sti.dll 73ba0000 77824 C:\WINDOWS\system32\sti.dll 5.1.2600.5512 (xpsp.080413-0852) Still Image Devices client DLL
zipfldr.dll 73380000 356352 C:\WINDOWS\system32\zipfldr.dll 6.00.2900.5512 (xpsp.080413-2105) Compressed (zipped) Folders
mstask.dll 75830000 282624 C:\WINDOWS\system32\mstask.dll 5.1.2600.5512 (xpsp.080413-2108) Task Scheduler interface DLL
NTDSAPI.dll 767a0000 77824 C:\WINDOWS\system32\NTDSAPI.dll 5.1.2600.5512 (xpsp.080413-2113) NT5DS
sptcontmenu.dll f60000 188416 C:\Program Files\Spyware Terminator\sptcontmenu.dll 1.1.0.15 Crawler Spyware Terminator Shell Extension
SHFolder.dll 76780000 36864 C:\WINDOWS\system32\SHFolder.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Folder Service
mbamext.dll 2b50000 73728 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll 1, 2, 0, 0 Malwarebytes' Anti-Malware
MSISIP.DLL 605f0000 28672 C:\WINDOWS\system32\MSISIP.DLL 3.1.4001.5512 MSI Signature SIP Provider
wshext.dll 7dfa0000 90112 C:\WINDOWS\system32\wshext.dll 5.7.0.18066 Microsoft (R) Shell Extension for Windows script Host
MCPS.DLL 36d30000 110592 C:\PROGRA~1\MI1933~1\OFFICE11\MCPS.DLL 11.0.8164 Media Catalog Proxy/Stub



******************************************
EOF

khunt104
Novice
Novice

Posts Posts : 17
Joined Joined : 2009-10-03
OS OS : xp
Points Points : 26223
# Likes # Likes : 0

View user profile

Back to top Go down

spiderkill

Post by khunt104 on Wed Oct 07, 2009 3:26 am


It is not necessary to post multiple versions of the same log(s). Please post only the logs requested, and no more after that.
~ DragonMaster Jay

khunt104
Novice
Novice

Posts Posts : 17
Joined Joined : 2009-10-03
OS OS : xp
Points Points : 26223
# Likes # Likes : 0

View user profile

Back to top Go down

malware

Post by khunt104 on Wed Oct 07, 2009 3:29 am


It is not necessary to post multiple versions of the same log(s). Please post only the logs requested, and no more after that.
~ DragonMaster Jay

khunt104
Novice
Novice

Posts Posts : 17
Joined Joined : 2009-10-03
OS OS : xp
Points Points : 26223
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer running slow...Virus??

Post by Dr Jay on Wed Oct 07, 2009 4:15 am

Hi

To bump your topic, just reply with the word Bump. It is better than posting multiple logs. Sorry for the delay.

Please do a scan with [You must be registered and logged in to see this link.]

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302069
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Computer running slow...Virus??

Post by khunt104 on Tue Oct 13, 2009 2:00 pm

I have tried to run Kaspersky Scanner twice it freezes after a few hours and will not finish scanning. I left it on for over 12 hours and it still did nothing. Let me think

khunt104
Novice
Novice

Posts Posts : 17
Joined Joined : 2009-10-03
OS OS : xp
Points Points : 26223
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer running slow...Virus??

Post by Dr Jay on Tue Oct 13, 2009 2:53 pm

Please re-run ComboFix as noted above and post a log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302069
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Computer running slow...Virus??

Post by khunt104 on Wed Oct 14, 2009 2:51 am

ComboFix 09-10-13.01 - HP_Owner 10/13/2009 22:27.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.117 [GMT -4:00]
Running from: c:\documents and settings\HP_Owner\My Documents\a1b1.exe
AV: Defender Pro Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Defender Pro Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Shared

.
((((((((((((((((((((((((( Files Created from 2009-09-14 to 2009-10-14 )))))))))))))))))))))))))))))))
.

2009-10-13 19:21 . 2009-10-13 19:21 -------- d-----w- c:\windows\LastGood
2009-10-06 17:16 . 2009-10-06 17:16 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Malwarebytes
2009-10-06 17:16 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-06 17:16 . 2009-10-06 17:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-06 17:16 . 2009-10-06 17:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-06 17:16 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-06 04:24 . 2009-10-06 04:24 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\NOS
2009-10-05 22:51 . 2009-10-05 22:51 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\BitDefender
2009-10-05 21:56 . 2009-10-05 21:56 81984 ----a-w- c:\windows\system32\bdod.bin
2009-10-05 16:30 . 2009-10-05 16:30 -------- d-----w- C:\92b8d7da8ac3017544136e
2009-10-05 16:29 . 2009-10-05 17:00 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-10-05 16:29 . 2009-10-05 16:29 -------- d-----w- c:\windows\system32\LogFiles
2009-10-04 05:58 . 2009-10-04 05:58 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-30 00:52 . 2009-09-30 22:15 471328 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-30 00:52 . 2009-09-30 22:15 30752 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-09-30 00:39 . 2009-09-30 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-09-30 00:38 . 2009-09-30 00:38 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Downloaded Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-07 00:53 . 2008-06-23 22:49 -------- d-----w- c:\program files\interMute
2009-10-06 04:23 . 2009-08-12 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-05 23:09 . 2008-06-29 23:01 -------- d-----w- c:\program files\Spyware Terminator
2009-10-05 23:04 . 2009-06-11 23:06 -------- d-----w- c:\program files\Oberon Media
2009-10-05 00:58 . 2005-01-12 00:11 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-04 15:09 . 2008-06-29 23:01 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Spyware Terminator
2009-10-04 05:38 . 2009-08-12 17:10 -------- d-----w- c:\program files\NOS
2009-10-04 03:13 . 2004-08-12 02:36 -------- d-----w- c:\program files\Java
2009-10-04 02:55 . 2009-07-01 14:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-30 22:15 . 2009-09-30 00:52 3908 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-09-30 22:15 . 2009-09-30 00:52 7388 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-30 12:09 . 2004-08-12 04:27 -------- d-----w- c:\program files\Easy Internet signup
2009-09-11 00:16 . 2008-02-16 00:00 -------- d-----w- c:\program files\Lx_cats
2009-09-08 23:45 . 2008-06-30 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-09-08 23:43 . 2009-09-08 23:43 -------- d-----w- c:\program files\Crawler
2009-08-24 02:47 . 2009-08-24 02:47 -------- d-----w- c:\program files\Microsoft
2009-08-23 17:16 . 2009-08-23 17:15 -------- d-----w- c:\program files\CCleaner
2009-08-18 20:14 . 2007-10-31 03:12 45432 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-16 15:22 . 2004-08-12 04:04 -------- d-----w- c:\program files\Common Files\L&H
2009-08-16 15:19 . 2004-08-12 03:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-16 15:19 . 2004-08-12 04:25 -------- d---a-w- c:\program files\PC-Doctor for Windows
2009-08-16 15:16 . 2009-07-07 00:25 -------- d-----w- c:\program files\Windows Live
2009-08-06 23:24 . 2004-09-20 02:21 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2004-09-20 02:21 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2007-07-31 02:19 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2004-09-20 02:21 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2004-09-20 02:21 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-09-20 03:11 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2004-09-20 02:21 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2009-07-07 19:44 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23 . 2009-07-07 19:44 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2004-09-20 02:21 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-09-20 02:19 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-28 20:33 . 2009-08-23 17:17 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-17 19:01 . 2004-09-20 03:11 58880 ----a-w- c:\windows\system32\atl.dll
2007-05-17 00:52 . 2007-05-17 00:52 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-12 00:59 . 2009-10-06 17:05 52764 c:\windows\system32\perfc009.dat
+ 2009-10-06 04:24 . 2009-10-06 04:24 88589 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2004-08-12 00:59 . 2009-10-06 17:05 380350 c:\windows\system32\perfh009.dat
+ 2009-07-18 03:12 . 2009-07-18 03:12 257440 c:\windows\system32\Macromed\Flash\FlashUtil10c.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-08 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-08 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-08-12 180269]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-04-22 286720]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"USRpdA"="c:\windows\SYSTEM32\USRmlnkA.exe" [2004-08-04 77891]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-08-12 98304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-04 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2004-8-12 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\WINDOWS\\system32\\lxdccoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcwbgw.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdctime.exe"=

R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [9/19/2004 10:19 PM 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - [You must be registered and logged in to see this link.]
DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-10-13 22:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4196632007-4185411347-1678400071-1009\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1108)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-14 22:47
ComboFix-quarantined-files.txt 2009-10-14 02:47
ComboFix2.txt 2009-10-06 03:36

Pre-Run: 14,802,661,376 bytes free
Post-Run: 14,921,007,104 bytes free

178 --- E O F --- 2009-10-13 07:01

khunt104
Novice
Novice

Posts Posts : 17
Joined Joined : 2009-10-03
OS OS : xp
Points Points : 26223
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer running slow...Virus??

Post by Dr Jay on Wed Oct 14, 2009 3:16 am

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302069
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Computer running slow...Virus??

Post by khunt104 on Wed Oct 14, 2009 4:04 am

Malwarebytes' Anti-Malware 1.41
Database version: 2955
Windows 5.1.2600 Service Pack 3

10/14/2009 12:02:53 AM
mbam-log-2009-10-14 (00-02-53).txt

Scan type: Quick Scan
Objects scanned: 111635
Time elapsed: 9 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

khunt104
Novice
Novice

Posts Posts : 17
Joined Joined : 2009-10-03
OS OS : xp
Points Points : 26223
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer running slow...Virus??

Post by Dr Jay on Wed Oct 14, 2009 4:09 am

Hi

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


How is your computer running?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302069
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Computer running slow...Virus??

Post by khunt104 on Wed Oct 14, 2009 4:14 am

My computer is still freezing up alot.

Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
``````````````````````````````
Anti-malware/Other Utilities Check:

CCleaner (remove only)
Java(TM) 6 Update 16
Adobe Flash Player 10
Adobe Reader 9.1
``````````````````````````````
Process Check:
objlist.exe by Laurent

``````````````````````````````
DNS Vulnerability Check:

Unknown. This method cannot test your vulnerability to DNS cache poisoning.

`````````End of Log```````````

khunt104
Novice
Novice

Posts Posts : 17
Joined Joined : 2009-10-03
OS OS : xp
Points Points : 26223
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer running slow...Virus??

Post by Dr Jay on Wed Oct 14, 2009 4:15 am

Please run [You must be registered and logged in to see this link.] online scan.

  • Click Scan now.
  • Read and put a Check next to Yes I accept the terms of use.
  • Click the Launching HouseCall>> button.
  • If confirmed that HouseCall can run on your system, under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
  • You may receive a Security Warning about the TrendMicro Java applet, click YES.
  • Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
  • Please be patient while it installs, updates, and scans your system.
  • Once the scan is complete, it will take you to the summary page.
  • Under Cleanup options, choose clean all detected infections automatically.
  • Click the Clean now>> button.
  • If anything was found you may be prompted to run the scan again, you can just close the browser window.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302069
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Computer running slow...Virus??

Post by khunt104 on Fri Oct 16, 2009 12:10 am

I ran Housecall it did delete 2 things but said: Detected vulnerabilities ms06-071 and mso7-042 error occurred.

khunt104
Novice
Novice

Posts Posts : 17
Joined Joined : 2009-10-03
OS OS : xp
Points Points : 26223
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer running slow...Virus??

Post by Dr Jay on Fri Oct 16, 2009 1:18 am

Goofy

Please run a free online scan with the [You must be registered and logged in to see this link.]
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302069
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Computer running slow...Virus??

Post by khunt104 on Fri Oct 16, 2009 10:31 am

ESETSmartInstaller@High as downloader log:
all ok
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=d69a960e9674da4bb6e355691419c70a
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-10-16 06:51:27
# local_time=2009-10-16 02:51:27 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=90070
# found=1
# cleaned=1
# scan_time=5895
C:\Qoobox\Quarantine\C\WINDOWS\casinoc.exe.vir a variant of Win32/PTCasino application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

khunt104
Novice
Novice

Posts Posts : 17
Joined Joined : 2009-10-03
OS OS : xp
Points Points : 26223
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer running slow...Virus??

Post by Dr Jay on Fri Oct 16, 2009 12:24 pm

To uninstall ComboFix

  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /u



(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.


==

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Antivirus/Antispyware

  • [You must be registered and logged in to see this link.]: this is Microsoft's free antivirus/antispyware program. It equips you with protection against viruses, spyware, trojans, rootkits, and worms. It is also light on the computer's performance. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.
  • [You must be registered and logged in to see this link.]: this is one of the most powerful, and easiest to use security software. The free version equips you with protection against viruses, spyware, trojans, rootkits, worms, and rogue software. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.


Firewall

  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version.
  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  • [You must be registered and logged in to see this link.]: free and excellent firewall.


Note: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
[You must be registered and logged in to see this link.]

Securing your computer

  • [You must be registered and logged in to see this link.] - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • [You must be registered and logged in to see this link.] replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:


Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302069
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Computer running slow...Virus??

Post by khunt104 on Sat Oct 17, 2009 1:53 am

I have recently purchased defender pro15-in-1 is it safe to use?

khunt104
Novice
Novice

Posts Posts : 17
Joined Joined : 2009-10-03
OS OS : xp
Points Points : 26223
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer running slow...Virus??

Post by Dr Jay on Sat Oct 17, 2009 5:01 am

It is not. It is considered a rogue software.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302069
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Computer running slow...Virus??

Post by khunt104 on Sun Oct 18, 2009 2:18 am

Thank you!!!!!!!!

khunt104
Novice
Novice

Posts Posts : 17
Joined Joined : 2009-10-03
OS OS : xp
Points Points : 26223
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer running slow...Virus??

Post by Dr Jay on Sun Oct 18, 2009 3:34 am

You are welcome.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302069
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum