Malware slowing PC down

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Malware slowing PC down

Post by Gazza79 on Wed 30 Mar 2011, 4:50 am

Hi there

New member here hoping for some help if you can please

My PC has just been infected with Malware and is slowing my computer down,Firefox and Internet Explorer either take a long time to open or don't open at all,also it takes a while for my PC to log off,restart or shut down

I have done a Hijackthis scan and saved a log if it helps at all?

Thanks in advance

Gazza79

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2011-03-30
Operating System : windows xp

View user profile

Back to top Go down

Re: Malware slowing PC down

Post by Gazza79 on Wed 30 Mar 2011, 5:09 am

By the way the forum won't let me post my OTL log files,keeps saying connection has been reset

Gazza79

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2011-03-30
Operating System : windows xp

View user profile

Back to top Go down

Re: Malware slowing PC down

Post by Belahzur on Wed 30 Mar 2011, 5:32 am

Can you attach the logs instead?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Malware slowing PC down

Post by Gazza79 on Wed 30 Mar 2011, 5:46 am

It keeps saying not a valid file

They are text document files

Gazza79

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2011-03-30
Operating System : windows xp

View user profile

Back to top Go down

Re: Malware slowing PC down

Post by Gazza79 on Wed 30 Mar 2011, 10:29 am

[img]OTL logfile created on: 3/29/2011 6:57:44 PM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Nicki\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free 5.00 Gb Paging File | 5.00 Gb Available in Paging File | 93.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 458.92 Gb Total Space | 415.07 Gb Free Space | 90.45% Space Free | Partition Type: NTFS Computer Name: NICKI-D48DA8E0F | User Name: Nicki | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/03/29 18:54:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicki\My Documents\Downloads\OTL.com PRC - [2011/03/23 18:25:09 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011/01/13 09:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2011/01/13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (SafeList) ========== MOD - [2011/03/29 18:54:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicki\My Documents\Downloads\OTL.com MOD - [2011/01/13 09:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011/01/13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) ========== Driver Services (SafeList) ========== DRV - [2011/01/13 09:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011/01/13 09:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011/01/13 09:40:04 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2011/01/13 09:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011/01/13 09:37:11 | 000,029,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2011/01/13 09:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011/01/03 09:38:36 | 000,136,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011/01/03 09:38:36 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV - [2011/01/03 09:38:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV - [2008/06/27 04:24:56 | 004,742,656 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008/01/03 15:10:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2001/08/17 14:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "google.co.uk" FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.2.5.2 FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3 FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/03 00:49:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/03 00:49:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/23 18:25:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 18:25:23 | 000,000,000 | ---D | M] [2011/01/26 18:25:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nicki\Application Data\Mozilla\Extensions [2011/03/27 21:37:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nicki\Application Data\Mozilla\Firefox\Profiles\4lish9d5.default\extensions [2011/03/09 12:30:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Nicki\Application Data\Mozilla\Firefox\Profiles\4lish9d5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/02/21 15:07:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Nicki\Application Data\Mozilla\Firefox\Profiles\4lish9d5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011/02/01 00:20:33 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Nicki\Application Data\Mozilla\Firefox\Profiles\4lish9d5.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [2011/02/01 00:20:33 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Nicki\Application Data\Mozilla\Firefox\Profiles\4lish9d5.default\extensions\engine@conduit.com [2011/02/01 00:20:33 | 000,000,863 | ---- | M] () -- C:\Documents and Settings\Nicki\Application Data\Mozilla\Firefox\Profiles\4lish9d5.default\searchplugins\conduit.xml [2011/03/27 21:37:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/02/20 20:25:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011/02/03 00:49:41 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO [2011/02/03 00:49:41 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA [2011/02/20 20:25:35 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011/02/20 20:25:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010/12/03 18:47:02 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2010/12/03 18:47:02 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2010/12/03 18:47:02 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2010/12/03 18:47:02 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2006/02/28 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/01/27 01:32:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: AppMgmt - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {0F141D90-D559-24DB-11A0-D1A87CD8480C} - DirectX ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - DOTNETFRAMEWORKS ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: ~[Filtered]~[/img]

Gazza79

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2011-03-30
Operating System : windows xp

View user profile

Back to top Go down

Re: Malware slowing PC down

Post by Gazza79 on Wed 30 Mar 2011, 10:32 am

[img]OTL Extras logfile created on: 3/29/2011 6:57:44 PM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Nicki\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free 5.00 Gb Paging File | 5.00 Gb Available in Paging File | 93.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 458.92 Gb Total Space | 415.07 Gb Free Space | 90.45% Space Free | Partition Type: NTFS Computer Name: NICKI-D48DA8E0F | User Name: Nicki | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\~[Filtered]~[/img]

Gazza79

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2011-03-30
Operating System : windows xp

View user profile

Back to top Go down

Re: Malware slowing PC down

Post by Gazza79 on Wed 30 Mar 2011, 10:33 am

Sorry if i've posted it all wrong but it's not letting me copy and paste or attach for some reason

Gazza79

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2011-03-30
Operating System : windows xp

View user profile

Back to top Go down

Re: Malware slowing PC down

Post by Belahzur on Thu 31 Mar 2011, 5:52 am

Can you upload the logs to mediafire.com and post the share URL?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Malware slowing PC down

Post by Gazza79 on Thu 31 Mar 2011, 7:24 am

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Gazza79

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2011-03-30
Operating System : windows xp

View user profile

Back to top Go down

Re: Malware slowing PC down

Post by Gazza79 on Fri 01 Apr 2011, 8:41 am

Sometimes now when i boot up the PC the desktop has no icons,and it has asked me a few times to reactivate windows

Gazza79

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2011-03-30
Operating System : windows xp

View user profile

Back to top Go down

Re: Malware slowing PC down

Post by Belahzur on Fri 01 Apr 2011, 12:01 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Malware slowing PC down

Post by Gazza79 on Sat 02 Apr 2011, 1:51 am

Malwarebytes' Anti-Malware 1.50.1.1100
[You must be registered and logged in to see this link.]

Database version: 6205

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

4/1/2011 8:00:35 PM
mbam-log-2011-04-01 (20-00-35).txt

Scan type: Full scan (C:\|)
Objects scanned: 245898
Time elapsed: 35 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{34556a16-0128-4718-865e-b668d6862505}\RP10\A0000968.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{34556a16-0128-4718-865e-b668d6862505}\RP10\A0002243.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{34556a16-0128-4718-865e-b668d6862505}\RP41\A0009360.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\$ntservicepackuninstall$\userinit.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Gazza79

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2011-03-30
Operating System : windows xp

View user profile

Back to top Go down

Re: Malware slowing PC down

Post by Belahzur on Sat 02 Apr 2011, 7:12 am

Hello.

  • Download combofix from here
    Link 1

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Malware slowing PC down

Post by Gazza79 on Sat 02 Apr 2011, 11:24 am

ComboFix 11-04-01.01 - Nicki 04/02/2011 1:14.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2724 [GMT 1:00]
Running from: c:\documents and settings\Nicki\My Documents\Combo-Fix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\muzapp.exe
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2011-03-02 to 2011-04-02 )))))))))))))))))))))))))))))))
.
.
2011-04-01 14:01 . 2011-04-01 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2011-03-30 16:21 . 2011-03-30 16:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-03-30 16:21 . 2011-03-30 16:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-30 00:43 . 2011-03-30 00:43 -------- d-----w- c:\documents and settings\Nicki\Application Data\DDMSettings
2011-03-29 23:49 . 2011-03-29 23:49 -------- d-----w- c:\documents and settings\Nicki\Local Settings\Application Data\Unity
2011-03-29 18:18 . 2011-03-29 18:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2011-03-29 18:18 . 2011-03-29 18:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-03-29 02:41 . 2011-03-29 02:41 -------- d-----w- c:\documents and settings\Nicki\Local Settings\Application Data\Identities
2011-03-28 23:58 . 2011-03-28 23:58 388096 ----a-r- c:\documents and settings\Nicki\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-28 23:58 . 2011-03-28 23:58 -------- d-----w- c:\program files\Trend Micro
2011-03-28 17:17 . 2011-03-28 17:17 -------- d-----w- c:\documents and settings\Administrator
2011-03-28 16:01 . 2011-03-28 16:01 -------- d-----w- c:\documents and settings\Nicki\Application Data\Malwarebytes
2011-03-28 16:01 . 2011-03-28 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-28 16:01 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-28 16:01 . 2011-03-29 18:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-28 16:01 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-28 10:40 . 2011-03-28 15:54 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-03-14 14:24 . 2011-03-14 14:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-03-13 17:02 . 2011-03-13 17:02 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-03-13 17:02 . 2011-03-13 17:11 -------- d-----w- c:\program files\Google
2011-03-13 17:02 . 2011-03-13 17:07 -------- d-----w- c:\documents and settings\Nicki\Local Settings\Application Data\Google
2011-03-08 16:14 . 2011-03-08 16:14 -------- d-----w- c:\documents and settings\Nicki\Local Settings\Application Data\Electronic Arts
2011-03-06 18:54 . 2011-03-08 10:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2011-03-06 18:54 . 2011-03-06 18:54 -------- d-----w- C:\ProgramData
2011-03-06 18:53 . 2008-09-04 18:17 447752 ----a-r- c:\windows\system32\vp6vfw.dll
2011-03-06 18:53 . 2011-03-06 18:53 -------- d-----w- c:\program files\Microsoft WSE
2011-03-06 18:36 . 2011-03-16 18:58 -------- d-----w- c:\program files\Electronic Arts
2011-03-05 18:28 . 2011-03-05 18:28 -------- d-----w- c:\windows\Sun
2011-03-04 18:52 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-03-04 18:52 . 2011-03-04 18:52 -------- d-----w- c:\program files\Windows Media Connect 2
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-20 19:25 . 2011-02-20 19:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-20 19:25 . 2011-02-20 19:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-09 13:53 . 2006-02-28 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2006-02-28 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2011-01-27 00:28 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-29 23:16 . 2011-01-29 23:16 30056 ----a-w- c:\windows\system32\MASetupCleaner.exe
2011-01-29 17:00 . 2011-02-20 19:11 4659712 ----a-w- c:\windows\system32\Redemption.dll
2011-01-29 17:00 . 2011-01-29 17:00 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2011-01-29 17:00 . 2011-01-29 17:00 325552 ----a-w- c:\windows\MASetupCaller.dll
2011-01-29 17:00 . 2011-01-29 17:00 30568 ----a-w- c:\windows\MusiccityDownload.exe
2011-01-29 17:00 . 2011-01-29 17:00 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2011-01-29 17:00 . 2011-01-29 17:00 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2011-01-29 17:00 . 2011-01-29 17:00 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2011-01-29 17:00 . 2011-01-29 17:00 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2011-01-29 17:00 . 2011-01-29 17:00 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2011-01-29 17:00 . 2011-01-29 17:00 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2011-01-29 17:00 . 2011-01-29 17:00 569344 ----a-w- c:\windows\system32\muzdecode.ax
2011-01-29 17:00 . 2011-01-29 17:00 491520 ----a-w- c:\windows\system32\muzapp.dll
2011-01-29 17:00 . 2011-01-29 17:00 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2011-01-29 17:00 . 2011-01-29 17:00 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2011-01-29 17:00 . 2011-01-29 17:00 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2011-01-29 17:00 . 2011-01-29 17:00 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2011-01-29 17:00 . 2011-01-29 17:00 40960 ----a-w- c:\windows\system32\MAMACExtract.dll
2011-01-29 17:00 . 2011-01-29 17:00 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2011-01-29 17:00 . 2011-01-29 17:00 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2011-01-29 17:00 . 2011-01-29 17:00 245760 ----a-w- c:\windows\system32\MSCLib.dll
2011-01-29 17:00 . 2011-01-29 17:00 200704 ----a-w- c:\windows\system32\muzwmts.dll
2011-01-29 17:00 . 2011-01-29 17:00 155648 ----a-w- c:\windows\system32\MSFLib.dll
2011-01-29 17:00 . 2011-01-29 17:00 143360 ----a-w- c:\windows\system32\3DAudio.ax
2011-01-29 17:00 . 2011-01-29 17:00 135168 ----a-w- c:\windows\system32\muzaf1.dll
2011-01-29 17:00 . 2011-01-29 17:00 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2011-01-29 17:00 . 2011-01-29 17:00 122880 ----a-w- c:\windows\system32\muzeffect.ax
2011-01-29 17:00 . 2011-01-29 17:00 118784 ----a-w- c:\windows\system32\MaDRM.dll
2011-01-29 17:00 . 2011-01-29 17:00 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2011-01-29 17:00 . 2011-02-20 19:11 821824 ----a-w- c:\windows\system32\dgderapi.dll
2011-01-29 17:00 . 2011-02-20 19:11 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2011-01-29 17:00 . 2011-02-20 19:11 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2011-01-27 11:57 . 2011-01-27 00:28 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-26 17:40 . 2011-01-26 17:40 15256 ----a-w- c:\documents and settings\Nicki\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
2011-01-21 14:44 . 2006-02-28 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-13 08:47 . 2011-01-26 17:29 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2011-01-26 17:29 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2011-01-26 17:29 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2011-01-26 17:29 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2011-01-26 17:29 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2011-01-26 17:29 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2011-01-26 17:29 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2011-01-26 17:29 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2011-01-26 17:29 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-07 14:09 . 2006-02-28 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2011-01-03 08:38 . 2011-02-20 19:11 136680 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2011-01-03 08:38 . 2011-02-20 19:11 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2011-01-03 08:38 . 2011-02-20 19:11 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2011-01-03 08:38 . 2011-02-20 19:11 10472 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2011-01-03 08:38 . 2011-02-20 19:11 121192 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2011-01-03 08:38 . 2011-02-20 19:11 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2011-01-03 08:38 . 2011-02-20 19:11 10344 ----a-w- c:\windows\system32\drivers\ssadwh.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-24 13574144]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
2011-01-13 08:47 3396624 ----a-w- c:\program files\Alwil Software\Avast5\AvastUI.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\football manager 2011\\fm.exe"=
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/26/2011 6:29 PM 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/26/2011 6:29 PM 17744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/13/2011 6:02 PM 136176]
S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2/20/2011 8:11 PM 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2/20/2011 8:11 PM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2/20/2011 8:11 PM 136680]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-01 c:\windows\Tasks\doxillionShakeIcon.job
- c:\program files\NCH Software\Doxillion\doxillion.exe [2011-04-01 14:01]
.
2011-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-13 17:02]
.
2011-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-13 17:02]
.
2011-02-09 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2011-02-02 23:58]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Nicki\Application Data\Mozilla\Firefox\Profiles\4lish9d5.default\
FF - prefs.js: browser.startup.homepage - google.co.uk
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : [You must be registered and logged in to see this link.] - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Java Quick Starter: [You must be registered and logged in to see this link.] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-04-02 01:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-04-02 01:22:48
ComboFix-quarantined-files.txt 2011-04-02 00:22
.
Pre-Run: 454,294,437,888 bytes free
Post-Run: 454,706,286,592 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 5851A5FB027B71FFD6A96BD48BA45156

Gazza79

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2011-03-30
Operating System : windows xp

View user profile

Back to top Go down

Re: Malware slowing PC down

Post by Belahzur on Sun 03 Apr 2011, 12:44 pm

Hello.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Malware slowing PC down

Post by Gazza79 on Sun 03 Apr 2011, 11:34 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17095 (vista_gdr.101217-1830)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=7cd079e7ee0b7a4f8682b2876c060e60
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-03 12:31:54
# local_time=2011-04-03 01:31:54 (+0000, GMT Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 475727 475727 0 0
# compatibility_mode=768 16777215 100 0 5773073 5773073 0 0
# compatibility_mode=8192 67108863 100 0 131 131 0 0
# scanned=146547
# found=2
# cleaned=2
# scan_time=1472
C:\Documents and Settings\Nicki\My Documents\Downloads\Nero-7.10.1.0_eng_full.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Nicki\My Documents\Downloads\Nero 8 Ultra Edition 8.2.8.0+Keymaker\Nero-8.2.8.0_eng_trial.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C

Gazza79

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2011-03-30
Operating System : windows xp

View user profile

Back to top Go down

Re: Malware slowing PC down

Post by Belahzur on Mon 04 Apr 2011, 12:16 pm

Hello.

Please download CKScanner by askey127 from here
Save it to your desktop.

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Malware slowing PC down

Post by Gazza79 on Tue 05 Apr 2011, 5:55 am

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\nicki\my documents\downloads\adobe_photoshop_cs2_keygen.zip
scanner sequence 3.AP.11
----- EOF -----

Gazza79

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2011-03-30
Operating System : windows xp

View user profile

Back to top Go down

Re: Malware slowing PC down

Post by Belahzur on Tue 05 Apr 2011, 6:21 am

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :files
    c:\documents and settings\nicki\my documents\downloads\adobe_photoshop_cs2_keygen.zip


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Malware slowing PC down

Post by Gazza79 on Fri 08 Apr 2011, 5:38 am

========== FILES ==========
c:\documents and settings\nicki\my documents\downloads\adobe_photoshop_cs2_keygen.zip moved successfully.

OTL by OldTimer - Version 3.2.22.3 log created on 04072011_193800

Gazza79

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2011-03-30
Operating System : windows xp

View user profile

Back to top Go down

Re: Malware slowing PC down

Post by Belahzur on Fri 08 Apr 2011, 12:20 pm

How is the machine running now?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Malware slowing PC down

Post by Gazza79 on Sat 09 Apr 2011, 7:13 am

Much quicker and free from pop ups etc...

Is that it,has everything been sorted now?

Gazza79

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2011-03-30
Operating System : windows xp

View user profile

Back to top Go down

Re: Malware slowing PC down

Post by Belahzur on Sat 09 Apr 2011, 8:11 am

Nearly.

I see that you are running µTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    µTorrent
    Java(TM) 6 Update 22

Updating Java:

  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 24.
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u24-windows-i586.exe that you downloaded to install the newest version.

Please download Firefox 4 and install it. It will install over version 3.6.15 you currently have installed, so you won't lose any bookmarked websites.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Malware slowing PC down

Post by Gazza79 on Sun 10 Apr 2011, 12:22 am

Ok mate i did everything you just said

Gazza79

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2011-03-30
Operating System : windows xp

View user profile

Back to top Go down

Re: Malware slowing PC down

Post by Belahzur on Sun 10 Apr 2011, 5:41 am

Then everything should be good to go.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Malware slowing PC down

Post by Sponsored content Today at 12:54 am


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum