slow running caused by malware?

View previous topic View next topic Go down

Solved slow running caused by malware?

Post by KevLee on 25th August 2010, 5:44 pm

Here is the hijack this log I was told to post here. thanks, Kevin


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:37:48 PM, on 8/25/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\SelectRebates\SelectRebates.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Motorola Media Link\NServiceEntry.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
R3 - URLSearchHook: Messenger Plus Live US Toolbar - {de404f4c-3cde-4d74-a6fb-052d099c104c} - C:\Program Files\Messenger_Plus_Live_US\tbMess.dll
O2 - BHO: Gamevance - {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - C:\Program Files\Gamevance\gamevancelib32.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Freecause Shopping BHO - {20FEC4E7-F7B7-438B-8191-33D2EFC5EBEA} - C:\Program Files\Shop to Win 2\ShoppingBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Gamevance Text - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files\Gamevance\gvtl.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Messenger Plus Live US Toolbar - {de404f4c-3cde-4d74-a6fb-052d099c104c} - C:\Program Files\Messenger_Plus_Live_US\tbMess.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ShopAtHomeIEHelper - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: ShopAtHome Toolbar - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Messenger Plus Live US Toolbar - {de404f4c-3cde-4d74-a6fb-052d099c104c} - C:\Program Files\Messenger_Plus_Live_US\tbMess.dll
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinSer02] C:\Documents and Settings\Owner\Application Data\winoff02.exe
O4 - HKLM\..\Run: [SelectRebates] C:\Program Files\SelectRebates\SelectRebates.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [InstallIQUpdater] "C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
O4 - HKCU\..\Run: [WinSer02] C:\Documents and Settings\Owner\Application Data\winoff02.exe
O4 - HKCU\..\Run: [hptrdfwp] C:\Documents and Settings\Owner\Local Settings\Application Data\cifcphlin\fdcnxpwtssd.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.shockwave.com/gamelanding/destroyer.jsp"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10d.exe
O4 - HKLM\..\Policies\Explorer\Run: [WinSer02] C:\Documents and Settings\Owner\Application Data\winoff02.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [You must be registered and logged in to see this link.]
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} (FBootloaderAX) - [You must be registered and logged in to see this link.]
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - [You must be registered and logged in to see this link.]
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - [You must be registered and logged in to see this link.]
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DeviceMonitorService - Nero AG - C:\Program Files\Motorola Media Link\NServiceEntry.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c98949c8fa2c4a) (gupdate1c98949c8fa2c4a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O24 - Desktop Component 0: (no name) - [You must be registered and logged in to see this link.]

--
End of file - 14085 bytes

KevLee
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-08-06
Gender Gender : Male
OS OS : XP
Protection Protection : avast
Points Points : 27199
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: slow running caused by malware?

Post by Kenny94 on 26th August 2010, 11:19 pm

Hi

Please download [You must be registered and logged in to see this link.] by Atribune.


  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.


Click Exit on the Main menu to close the program.


Also, I would like you to generate a "Add/Remove Software list" log using the HijackThis application. Here is how you can do this:

To get an Uninstall List from HijackThis:

  • Open HijackThis, click Config, click Misc Tools
  • Click "Open Uninstall Manager"
  • Click "Save List" (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.

Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33531
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: slow running caused by malware?

Post by KevLee on 27th August 2010, 12:12 am

Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
Adobe Shockwave Player 11
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Camera Suite 2.1
Ask Toolbar
Ask.com Search Assistant 1.0.2
avast! Free Antivirus
Barbarian Invasion
Battlefield Heroes
Bonjour
Canon Camera Support Core Library
Canon Camera Window for ZoomBrowser EX
Canon iP1700
Canon iP1700 User Registration
Canon MovieEdit Task for ZoomBrowser EX
Canon My Printer
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
Cheat Engine 5.5
Coupon Printer for Windows
Creative MediaSource
Creative Memories Memory Manager 2
Creative MuVo NX-TX
Creative System Information
Critical Update for Windows Media Player 11 (KB959772)
Drivein Screen Saver
DVD Solution
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.1.5 Be
Easy-WebPrint
Gamevance
getPlus(R) for Adobe
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
High Definition Audio Driver Package - KB888111
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
InstallIQ Updater
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) 6 Update 17
Junk Mail filter update
Loki ActiveX Control
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Memory Manager Shared Components Update
Messenger Plus Live US Toolbar
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Starter Edition 2006
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Motorola Driver Installation 4.6.5
MOTOROLA MEDIA LINK
Mouse Suite
MS Access 97 SP2
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MuVo Driver
Picasa 3
Power2Go 4.0
PowerDVD
Private Islands Inc
PunkBuster Services
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
Rhapsody Player Engine
Rome - Total War
Roxio Media Manager
RS2Bot
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
Shop to Win 2
ShopAtHome SelectRebates
SimCity 3000 Unlimited
SimCity 4 Deluxe
Skype Toolbars
Skype™ 4.2
Soft Data Fax Modem with SmartCP
Spelling Dictionaries Support For Adobe Reader 9
The Sims
TWC Customer Controls
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
V CAST Music with Rhapsody
Windows Backup Utility
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver


KevLee
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-08-06
Gender Gender : Male
OS OS : XP
Protection Protection : avast
Points Points : 27199
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: slow running caused by malware?

Post by Kenny94 on 27th August 2010, 2:40 pm

I strongly recommend you to remove Ask from your computer because it;

  • Promoting its toolbars on sites targeted to kids.
  • Promoting its toolbars through ads that appear to be part of other companies' sites.
  • Promoting its toolbars through other companies' spyware.
  • Installing without any disclosure whatsoever and without any consent whatsoever.
  • Soliciting installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  • Making confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.
See [You must be registered and logged in to see this link.] for more info.

If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

  • Ask Toolbar
    Ask.com Search Assistant 1.0.2

Then please find and delete this folder in bold (if present):
C:\Program Files\AskBarDis

There are some older versions of Java on your computer. These can cause PC infections.

[
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of [You must be registered and logged in to see this link.] and save it to your desktop.
  • Scroll down to where it says Java SE Runtime Environment (JRE) - JRE 6 Update 21 -
  • Click the Download button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: I agree to the Java SE Runtime Environment 6u16 with JavaFX 1 License Agreement. Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u121 -windows-i586-p.exe to install the newest version.

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)

    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files


    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.



To test your Java Run-time, you may go to this page [You must be registered and logged in to see this link.]
When all is well, you should see Java Version: 1.6.0_21 from Sun Microsystems Inc.

-------------------------------------------------------------------

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read [You must be registered and logged in to see this link.].


  • Please go [You must be registered and logged in to see this link.] then click on:
  • Select the option YES, I accept the Terms of Use then click on:
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:


    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

  • Now click on:
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on:
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33531
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: slow running caused by malware?

Post by KevLee on 28th August 2010, 1:25 am

C:\Documents and Settings\Owner\My Documents\BroherSoft_CheatEngine55.exe Win32/HackTool.CheatEngine application
C:\Program Files\Cheat Engine\dbk32.sys Win32/HackTool.CheatEngine application
C:\Program Files\Gamevance\gamevancelib32.dll Win32/Adware.Gamevance.AJ application
C:\Program Files\Gamevance\gvtl.dll Win32/Adware.Gamevance.AI application
C:\Program Files\Gamevance\gvun.exe a variant of Win32/Adware.Gamevance.AJ application
C:\WINDOWS\system32\winoff02.exe probably a variant of Win32/Injector.CQQ trojan
Operating memory multiple threats

KevLee
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-08-06
Gender Gender : Male
OS OS : XP
Protection Protection : avast
Points Points : 27199
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: slow running caused by malware?

Post by Kenny94 on 28th August 2010, 1:43 am

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:
    :Processes

    :Services

    :Reg

    :Files
    C:\Documents and Settings\Owner\My Documents\BroherSoft_CheatEngine55.exe
    C:\Program Files\Cheat Engine\dbk32.sys
    C:\Program Files\Gamevance\gamevancelib32.dll
    C:\Program Files\Gamevance\gvtl.dll
    C:\Program Files\Gamevance\gvun.exe
    C:\WINDOWS\system32\winoff02.exe
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]
  • Return to OTM, right click in the "Paste instructions for items to be Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTM
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33531
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: slow running caused by malware?

Post by KevLee on 28th August 2010, 11:31 am

C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 84 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 42430713 bytes
->Temporary Internet Files folder emptied: 10377023 bytes
->Java cache emptied: 4909891 bytes
->FireFox cache emptied: 20496889 bytes
->Flash cache emptied: 1150009 bytes

%systemdrive% .tmp files removed: 9922670 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2675729 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 681612 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 84077180 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 169.00 mb

Restore point Set: OTM Restore Point (68719476736)

OTM by OldTimer - Version 3.1.15.0 log created on 08282010_071435

Files moved on Reboot...
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\MLSM8XYV\slow-running-caused-by-malware-t23510[1].htm moved successfully.
File C:\WINDOWS\temp\_avast5_\Webshlock.txt not found!

Registry entries deleted on Reboot...

KevLee
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-08-06
Gender Gender : Male
OS OS : XP
Protection Protection : avast
Points Points : 27199
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: slow running caused by malware?

Post by Kenny94 on 28th August 2010, 12:18 pm

How are things now?

Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33531
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: slow running caused by malware?

Post by KevLee on 28th August 2010, 2:03 pm

All is well! Thank you for the help!
I have another question. How many hours a week do spend helping people online? I am considering joining the GeekPolice team.
Thanks, Kevin

KevLee
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-08-06
Gender Gender : Male
OS OS : XP
Protection Protection : avast
Points Points : 27199
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: slow running caused by malware?

Post by Kenny94 on 29th August 2010, 3:08 pm

All is well! Thank you for the help!
I have another question. How many hours a week do spend helping people online? I am considering joining the GeekPolice team.
I would say around 2 hours a day. Your Welcome.... Smile

There are some older versions of Java on your computer. These can be a source of infection.

[
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of [You must be registered and logged in to see this link.] and save it to your desktop.
  • Scroll down to where it says Java SE Runtime Environment (JRE) - JRE 6 Update 21 -
  • Click the Download button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: I agree to the Java SE Runtime Environment 6u16 with JavaFX 1 License Agreement. Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u121 -windows-i586-p.exe to install the newest version.

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)

    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files


    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.



To test your Java Run-time, you may go to this page [You must be registered and logged in to see this link.]
When all is well, you should see Java Version: 1.6.0_21 from Sun Microsystems Inc.

Your Computer is Clean
[You must be registered and logged in to see this link.]


Some final items:


To remove all of the tools we used and the files and folders they created, please do the following:
Please download [You must be registered and logged in to see this link.] by OldTimer:

  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


Here are some additional links for you to check out to help you with your computer security.

Browsers

Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, [You must be registered and logged in to see this link.] and [You must be registered and logged in to see this link.], both are free to use and are more secure than IE.

If you are using firefox you can stay more secure by adding [You must be registered and logged in to see this link.] and [You must be registered and logged in to see this link.]

NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.


Additional Security Measures


Visit Microsoft's Windows Update Site Frequently - It is important that you visit [You must be registered and logged in to see this link.] regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

[You must be registered and logged in to see this link.]- SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

[You must be registered and logged in to see this link.]- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash.

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]






Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33531
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: slow running caused by malware?

Post by KevLee on 30th August 2010, 9:49 pm

Thanks for all your help and info. You have been more than helpful!!!

KevLee
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-08-06
Gender Gender : Male
OS OS : XP
Protection Protection : avast
Points Points : 27199
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum