typing lag after removing malware win32/renos

View previous topic View next topic Go down

Solved typing lag after removing malware win32/renos

Post by x_joe on 13th November 2008, 6:57 am

hi,

i just successfully removed the malware trojandownloader:win32/renos, the one that sends fake warning messages and downloads fake software onto your computer. a few hours before the virus i noticed that my keyboard lagged whenever i typed anywhere, on notepad or my internet browser(firefox); the task manager showed no sign of too many processes, and remained at low cpu usage. at times firefox would not respond, and wouldnt close (not even force close), and other programs would do the same if i tried to run them while firefox would act up. i soon got the virus and successfully removed it using malwarebytes. but the lag continued after, and ive done several scans that showed no viruses. i have trend micro anti-virus and malware installed at the same time but since the problem started before that i doubt the two are the cause.

my computer is a Dell inspiron 1501, AMD turion with windows xp media center edition, and has 1.99 GHz, 1.8 GB of RAM

I would really appreciate any kind of help. thank you


Last edited by x_joe on 13th November 2008, 11:45 pm; edited 1 time in total

x_joe
Novice
Novice

Posts Posts : 20
Joined Joined : 2008-11-13
OS OS : windows xp media center edition
Points Points : 29460
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: typing lag after removing malware win32/renos

Post by Belahzur on 13th November 2008, 12:56 pm

Hello. Please [You must be registered and logged in to see this link.] and post a Hijack This log.
====

Smitfraud Infection Detected
Please download [You must be registered and logged in to see this link.] (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: typing lag after removing malware win32/renos

Post by x_joe on 13th November 2008, 11:41 pm

here is my hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:34:21 PM, on 11/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VCX Systems\Startup Master\sm.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Ian\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Startup Master] C:\Program Files\VCX Systems\Startup Master\sm.exe /minimize
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

x_joe
Novice
Novice

Posts Posts : 20
Joined Joined : 2008-11-13
OS OS : windows xp media center edition
Points Points : 29460
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: typing lag after removing malware win32/renos

Post by Belahzur on 13th November 2008, 11:47 pm

Looks clean.
Can you run smitfraudfix?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: typing lag after removing malware win32/renos

Post by x_joe on 14th November 2008, 12:40 am

heres my smitfraud log

SmitFraudFix v2.375

Scan done at 16:35:58.10, Thu 11/13/2008
Run from C:\Documents and Settings\Ian\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VCX Systems\Startup Master\sm.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

hosts


C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\Documents and Settings\Ian


C:\DOCUME~1\Ian\LOCALS~1\Temp


C:\Documents and Settings\Ian\Application Data


Start Menu


C:\DOCUME~1\Ian\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


RK



DNS

Description: Dell Wireless 1390 WLAN Mini-Card - Packet Scheduler Miniport
DNS Server Search Order: 64.9.224.36
DNS Server Search Order: 64.9.224.37

HKLM\SYSTEM\CCS\Services\Tcpip\..\{F0DB3722-6982-4071-AE33-ED1BF3CD6A2B}: DhcpNameServer=64.9.224.36 64.9.224.37
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F0DB3722-6982-4071-AE33-ED1BF3CD6A2B}: DhcpNameServer=64.9.224.36 64.9.224.37
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F0DB3722-6982-4071-AE33-ED1BF3CD6A2B}: DhcpNameServer=64.9.224.36 64.9.224.37
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=64.9.224.36 64.9.224.37
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=64.9.224.36 64.9.224.37
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=64.9.224.36 64.9.224.37


Scanning for wininet.dll infection


End

x_joe
Novice
Novice

Posts Posts : 20
Joined Joined : 2008-11-13
OS OS : windows xp media center edition
Points Points : 29460
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: typing lag after removing malware win32/renos

Post by Belahzur on 14th November 2008, 12:45 am

Darn, that came back clean.
===
Lets go deeper.


  • Download combofix from here, use the top links - [You must be registered and logged in to see this link.]
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: typing lag after removing malware win32/renos

Post by x_joe on 14th November 2008, 3:20 am

here is my combofix log. i was just wondering, after the scan and reboot and log pop up there was an internet explorer icon on my desktop and i remember uninstalling internet explorer a while back. should i be worried?


ComboFix 08-11-12.01 - Ian 2008-11-13 18:49:03.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1337 [GMT 8:00]
Running from: c:\documents and settings\Ian\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\wsnpoem.sys
.
---- Previous Run -------
.
c:\documents and settings\Ian\Application Data\inst.exe

.
((((((((((((((((((((((((( Files Created from 2008-10-13 to 2008-11-13 )))))))))))))))))))))))))))))))
.

2008-11-13 16:36 . 2008-11-13 16:36 2,310 --a------ c:\windows\system32\tmp.reg
2008-11-13 16:35 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
2008-11-13 16:35 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
2008-11-13 16:35 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe
2008-11-13 16:35 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe
2008-11-13 16:35 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
2008-11-13 16:35 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe
2008-11-13 16:35 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe
2008-11-13 16:35 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe
2008-11-13 16:35 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
2008-11-13 16:35 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
2008-11-12 19:10 . 2008-09-05 01:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 19:10 . 2008-10-24 19:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 16:35 . 2008-11-12 16:35 d-------- c:\program files\VCX Systems
2008-11-12 16:35 . 2008-11-12 16:35 d-------- c:\documents and settings\Ian\Application Data\VCX Systems
2008-11-12 15:10 . 2008-11-12 15:10 230 --a------ c:\windows\system32\spupdsvc.inf
2008-11-11 22:24 . 2008-11-11 22:24 d-------- c:\program files\Safari
2008-11-11 21:20 . 2008-11-11 21:20 d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-11 21:20 . 2008-11-11 21:20 d-------- c:\documents and settings\Ian\Application Data\Malwarebytes
2008-11-11 21:20 . 2008-11-11 21:20 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-11 21:20 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-11 21:20 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-09 22:34 . 2008-11-09 22:37 1,466,775,389 --a------ C:\Documents and foof
2008-10-31 00:22 . 2008-10-31 00:22 d-------- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2008-10-30 23:43 . 2008-11-11 22:08 d-------- c:\program files\Solveig Multimedia
2008-10-29 18:54 . 2008-10-29 18:55 d-------- c:\program files\iTunes
2008-10-29 18:54 . 2008-10-29 18:55 d-------- c:\program files\iPod
2008-10-29 18:54 . 2008-10-29 18:55 d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-28 21:32 . 2008-10-29 18:49 d-------- c:\program files\MKVtoolnix
2008-10-27 21:43 . 2008-11-06 00:32 664 --a------ c:\windows\system32\d3d9caps.dat
2008-10-27 19:53 . 2008-11-06 17:07 d-------- C:\Temp
2008-10-27 19:46 . 2008-10-27 19:46 d-------- c:\program files\AviSynth 2.5
2008-10-27 19:45 . 2008-10-27 19:45 d-------- c:\program files\Winnydows
2008-10-27 19:44 . 2008-10-27 19:44 d-------- c:\program files\MSBuild
2008-10-27 19:41 . 2008-10-27 19:41 d-------- c:\windows\system32\XPSViewer
2008-10-27 19:40 . 2008-10-27 19:40 d-------- c:\program files\Reference Assemblies
2008-10-27 19:39 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-10-27 18:27 . 2008-11-11 22:33 d-------- c:\documents and settings\Ian\Application Data\Apple Computer
2008-10-27 18:24 . 2008-10-27 18:25 d-------- c:\program files\QuickTime
2008-10-27 18:24 . 2008-10-30 23:52 d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-27 18:23 . 2008-10-27 18:24 d-------- c:\program files\Common Files\Apple
2008-10-27 18:23 . 2008-10-27 18:23 d-------- c:\program files\Apple Software Update
2008-10-27 18:23 . 2008-10-27 18:23 d-------- c:\documents and settings\All Users\Application Data\Apple
2008-10-27 18:23 . 2008-10-01 13:01 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2008-10-27 18:08 . 2008-10-27 18:54 d-------- c:\program files\AllToAVI
2008-10-23 16:41 . 2008-10-23 16:41 54,156 --ah----- c:\windows\QTFont.qfn
2008-10-23 16:41 . 2008-10-23 16:41 1,409 --a------ c:\windows\QTFont.for
2008-10-23 15:19 . 2008-10-16 00:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-10-22 20:07 . 2008-10-22 20:11 d-------- c:\documents and settings\Ian\Application Data\River Past G5
2008-10-15 22:19 . 2008-09-08 18:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2008-10-15 22:18 . 2008-08-14 18:11 2,189,184 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 22:18 . 2008-08-14 18:09 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 22:18 . 2008-09-15 20:12 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys
2008-10-15 22:17 . 2008-08-14 17:33 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 22:17 . 2008-08-14 17:33 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-12 11:10 --------- d-----w c:\documents and settings\Ian\Application Data\OpenOffice.org2
2008-11-11 10:21 --------- d-----w c:\documents and settings\Ian\Application Data\MegauploadToolbar
2008-10-27 10:26 --------- d-----w c:\program files\Bonjour
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-18 09:22 --------- d-----w c:\documents and settings\Ian\Application Data\Azureus
2008-10-11 08:42 --------- d-----w c:\program files\Vuze
2008-10-11 08:42 --------- d-----w c:\program files\AskSBar
2008-10-11 08:42 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2008-10-11 08:39 --------- d-----w c:\documents and settings\Ian\Application Data\mIRC
2008-10-08 07:02 --------- d-----w c:\program files\Red Kawa
2008-10-07 10:01 --------- d-----w c:\documents and settings\Ian\Application Data\Yahoo!
2008-10-07 10:01 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-10-04 09:55 --------- d-----w c:\documents and settings\All Users\Application Data\QuickTime
2008-10-01 14:56 1,686 ----a-w c:\documents and settings\Ian\Application Data\wklnhst.dat
2008-09-29 12:16 --------- d-----w c:\program files\Java
2008-09-29 12:15 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-09-29 12:14 --------- d-----w c:\program files\Yahoo!
2008-09-28 12:39 --------- d-----w c:\program files\OpenOffice.org 2.4
2008-09-28 10:53 --------- d-----w c:\program files\MSECache
2008-09-24 06:04 --------- d-----w c:\documents and settings\Ian\Application Data\AdobeUM
2008-09-15 12:08 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-09-15 11:57 --------- d-----w c:\program files\YouTube Downloader
2008-09-15 11:52 --------- d-----w c:\program files\Common Files\xing shared
2008-09-15 11:52 --------- d-----w c:\program files\Common Files\Real
2008-09-15 09:21 --------- d-----w c:\program files\Microsoft Works
2008-09-15 07:34 --------- d-----w c:\program files\PowerISO
2008-09-08 13:02 47,360 ----a-w c:\documents and settings\Ian\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-C39E-35F1D2A32EC8}"= "c:\progra~1\MEGAUP~2\MEGAUP~1.DLL" [2008-08-05 1947080]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A057A204-BACC-4D26-C39E-35F1D2A32EC8}"= "c:\progra~1\MEGAUP~2\MEGAUP~1.DLL" [2008-08-05 1947080]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-c39e-35f1d2a32ec8}]
[HKEY_CLASSES_ROOT\megauploadtoolbar.MEGAUPLOADTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Startup Master"="c:\program files\VCX Systems\Startup Master\sm.exe" [2007-09-13 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-11 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-23 761947]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-24 1032192]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-20 1347584]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-29 1398024]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-15 185896]
"SigmatelSysTrayApp"="stsystra.exe" [2006-09-23 c:\windows\stsystra.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= c:\windows\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Ian\Application Data\Mozilla\Firefox\Profiles\bub0t4ke.Default User\
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2008-11-13 19:10:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\windows\system32\dllhost.exe
c:\program files\Trend Micro\Internet Security\TmProxy.exe
c:\windows\ehome\ehmsas.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
**************************************************************************
.
Completion time: 2008-11-13 19:14:35 - machine was rebooted [Ian]
ComboFix-quarantined-files.txt 2008-11-13 11:14:28

Pre-Run: 16,745,201,664 bytes free
Post-Run: 16,836,341,760 bytes free

204 --- E O F --- 2008-11-13 07:25:57

x_joe
Novice
Novice

Posts Posts : 20
Joined Joined : 2008-11-13
OS OS : windows xp media center edition
Points Points : 29460
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: typing lag after removing malware win32/renos

Post by Belahzur on 14th November 2008, 1:13 pm

Hello.

Your computer has multiple infections, including a backdoor. A backdoor gives intruders complete control of your computer, logs your keystrokes, steal personal information, etc.

You are strongly advised to do the following:

  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).

Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its backdoor functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.

To help you understand more, please take some time to read the following articles:

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

If you wish to clean it, follow these instructions.


  • Now open a new notepad file.
  • Input this into the notepad file:

    @echo off
    dir "C:\Documents and foof" > log.txt
    del look.bat
    start notepad log.txt

  • Save this as look.bat, save it to your desktop.
  • Double click look.bat to run it.
  • Post log.txt back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: typing lag after removing malware win32/renos

Post by x_joe on 15th November 2008, 2:24 am

thanks so much for your help.

here is the log file from look.bat
should i be worried about viruses in files i backed up? and if i needed your help i reinstalling my OS how would you do it?

Volume in drive C has no label.
Volume Serial Number is 5458-7713

Directory of C:\

11/09/2008 10:37 PM 1,466,775,389 Documents and foof
1 File(s) 1,466,775,389 bytes
0 Dir(s) 15,273,148,416 bytes free

x_joe
Novice
Novice

Posts Posts : 20
Joined Joined : 2008-11-13
OS OS : windows xp media center edition
Points Points : 29460
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: typing lag after removing malware win32/renos

Post by Belahzur on 15th November 2008, 2:27 pm

Delete this folder
C:\Documents and foof

I advised changing your passwords because the file combofix deleted is a backdoor trojan, but formatting is your option.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: typing lag after removing malware win32/renos

Post by x_joe on 16th November 2008, 12:30 am

im going to restore my system now. do you know any good free fire walls and anti virus programs? and how can i be sure the backdoor is gone after i restore my computer?

x_joe
Novice
Novice

Posts Posts : 20
Joined Joined : 2008-11-13
OS OS : windows xp media center edition
Points Points : 29460
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: typing lag after removing malware win32/renos

Post by Belahzur on 16th November 2008, 12:39 am

Okay. Smile

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: typing lag after removing malware win32/renos

Post by x_joe on 16th November 2008, 12:51 am

thank you so much dude.

but one more thing, can viruses come in matroska video files? when i deleted the C:\Documents and foof file it was 1.36 gb, the same size as a video i downloaded just before getting attacked. could that have been the problem? i scanned the file but my antivirus said there was nothing wrong with it. i deleted it anyway though

x_joe
Novice
Novice

Posts Posts : 20
Joined Joined : 2008-11-13
OS OS : windows xp media center edition
Points Points : 29460
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: typing lag after removing malware win32/renos

Post by Belahzur on 16th November 2008, 1:00 am

Yes, that probably was the problem if it happened when you opened it and "played" it.
An antivirus won't do everything on one file, most AV's won't detect malicious code in how the video is encoded. And the folder name was kind of funny, that's why I wanted you to run the folder look bat script. Documents and settings is the legit folder, no other folder should be called Documents and xxxxxx, that just screams an infection. LMBO or ROFL
===

But I'm glad you decided to format. Now your machine will be clean and probably give you back more HD space than you had before.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: typing lag after removing malware win32/renos

Post by x_joe on 16th November 2008, 1:05 am

what av do you use?

x_joe
Novice
Novice

Posts Posts : 20
Joined Joined : 2008-11-13
OS OS : windows xp media center edition
Points Points : 29460
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: typing lag after removing malware win32/renos

Post by Belahzur on 16th November 2008, 1:10 am

I use AVG8. We advise victims to use one of these AV's. All 3 are small and easy to use on the CPU. In my opinion, I'd go with Avast! Big Grin

1) [You must be registered and logged in to see this link.]
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.
2) [You must be registered and logged in to see this link.]
-Anti-virus program for Windows.
-The home edition is freeware for noncommercial user.
3) [You must be registered and logged in to see this link.]
- Free edition of the AVG anti-virus program for Windows.
- Available for single computer use for home and non commercial use.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: typing lag after removing malware win32/renos

Post by x_joe on 16th November 2008, 1:38 am

i just restored my computer but i still got the type lag Shocking Whoa

x_joe
Novice
Novice

Posts Posts : 20
Joined Joined : 2008-11-13
OS OS : windows xp media center edition
Points Points : 29460
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: typing lag after removing malware win32/renos

Post by Belahzur on 16th November 2008, 1:43 am

Restore as in reformat or as in system restore?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: typing lag after removing malware win32/renos

Post by x_joe on 16th November 2008, 1:47 am

system restore. how do i reformat?

x_joe
Novice
Novice

Posts Posts : 20
Joined Joined : 2008-11-13
OS OS : windows xp media center edition
Points Points : 29460
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: typing lag after removing malware win32/renos

Post by Belahzur on 16th November 2008, 1:49 am

Using system restore, you've just brought back the infection.
Reformatting requires a CD to re-install XP.

If you can't do that, then download combofix again and run it, we'll attempt to clean it up.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: typing lag after removing malware win32/renos

Post by x_joe on 16th November 2008, 2:01 am

i have two cds. one to reinstall my operating system, and one for my drivers and diagnostics.

should i go ahead and reinstal my operating system?

x_joe
Novice
Novice

Posts Posts : 20
Joined Joined : 2008-11-13
OS OS : windows xp media center edition
Points Points : 29460
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: typing lag after removing malware win32/renos

Post by Belahzur on 16th November 2008, 2:06 am

Yes, the trojan is a backdoor and your system is compromised.
Go ahead and re-install.

I'll give you some tips on keeping your machine clean and at a decent speed once your done. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: typing lag after removing malware win32/renos

Post by x_joe on 16th November 2008, 7:18 am

okay, so Ive reformatted my OS, but I still have a type lag. not sure if its still the exact same problem because i havent tried going onto the internet yet. im installing avast right now and doing a scan, should i do a combofix scan and post it here? :oops:

x_joe
Novice
Novice

Posts Posts : 20
Joined Joined : 2008-11-13
OS OS : windows xp media center edition
Points Points : 29460
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: typing lag after removing malware win32/renos

Post by Belahzur on 16th November 2008, 12:33 pm

Please download Purera.exe from [You must be registered and logged in to see this link.]

  • First, unzip the program.
  • Double click Purera.exe to open it.
  • When it opens, press the "Clean" button.
  • This will open up a menu of options.
  • Tick the box that says "Check All"
  • Then press the "Clean Selected" button.
  • This will start the cleaning proccess.
  • For a minute or two, Purera.exe may act like it isn't responding, but let it run.
  • After it's done, it will make a log file of what it's removed.
  • Paste the log back here.



Download [You must be registered and logged in to see this link.]

  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
  • Close ATF-Cleaner.exe.

=====

Keep your startup speed fast. Turn off unneeded startup items via msconfig. You can do this via Start > msconfig > Startup tab > untick just about everything apart from your AV.

Do a disk defragment every so often. To do this, press Start again > Run.
Then type in the open field: dfrg.msc and press enter. This will load the defragment tool. Press Analyze on both your drives (C and D), it will analzy how much space is there, and then press the Defragment button. This will organize files and speed up your HD.

Delete any unneeded files that you don't use very often, or at all. This will help keep the space down on your HD.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: typing lag after removing malware win32/renos

Post by x_joe on 17th November 2008, 1:19 am

purera log part 1

RaProducts' PureRa v1.2
Log created at 09:07 on 17/11/2008
===================================

C:\WINDOWS\$NtUninstallKB900325$\audiodepthconverters.ax << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\authorscript.dll << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\bdatunepia.dll << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\comic.ttf << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\comicbd.ttf << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\createdisc.dll << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\directshowtaps.ax << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\ehcir.dll << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\ehcm.dll << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\ehcommon.dll << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\ehdebug.dll << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\ehdrop.dll << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\ehentt.dll << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\ehepg.dll << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\ehepg.resources.dll << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\ehepg.resources.dll.000 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\ehepg.resources.dll.001 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\ehepg.resources.dll.002 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\ehepg.resources.dll.003 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\ehepg.resources.dll.004 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\ehepg.resources.dll.005 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\ehepgdat.dll << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\ehglid.dll << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\ehiextens.dll << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\ehiplay.dll << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\ehiproxy.dll << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\ehiuserxp.dll << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\ehividctl.dll << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\ehiwuapi.dll << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\ehjpnime.dll << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\ehmsas.exe << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\ehplayer.dll << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\ehproxy.dll << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\ehrec.exe << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\ehrecobj.dll << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\ehrecvr.exe << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\ehres.dll << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\ehsched.exe << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\ehshell.exe << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\ehui.dll << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\ehuihlp.dll << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\encdec.dll << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\epgtos.txt << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\eula.txt << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\gdiplus.dll << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\georgia.ttf << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\georgiab.ttf << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\georgiai.ttf << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\georgiaz.ttf << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\mcdftreg.inf << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\mcetuningoverrides.xml << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\mcrmgr.dll << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\mcrmgr.exe << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\medctrro.exe << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\microsoft.mediacenter.dll << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\mpeg2data.ax << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\mpg2data.ax << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\mpg2splt.ax << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\msvidctl.dll << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\primosdk.dll << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\px.dll << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\pxdrv.dll << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\pxhelp20.sys << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\pxmas.dll << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\pxwavedec.dll << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\pxwma.dll << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00006 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00008 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00010 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00011 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00012 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00013 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00014 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00015 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00016 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00017 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00018 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00019 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00020 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00021 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00022 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00023 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00024 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00025 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00026 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00027 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00028 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00029 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00030 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00031 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00032 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00033 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00034 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00035 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00036 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00037 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00038 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00039 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00040 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00041 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00042 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00043 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00044 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00045 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00046 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00047 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00048 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00049 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00050 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00051 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00052 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00053 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00054 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00055 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00056 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00057 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00058 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00059 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00060 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00061 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00062 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00063 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00064 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00065 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00066 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00067 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00068 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00069 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00070 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00071 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00072 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00073 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00074 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00075 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00076 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00077 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00078 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00079 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00080 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00081 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00082 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00083 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00084 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00085 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00086 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00087 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00088 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00089 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00090 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00091 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00092 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00093 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00094 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00095 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00096 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00097 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00098 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00099 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00100 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00101 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00102 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00103 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00104 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00105 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00106 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00107 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00108 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00109 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00110 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00111 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00112 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00113 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00114 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00115 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00116 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00117 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00118 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00119 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00120 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00121 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00122 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00123 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00124 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00125 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00126 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00127 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00128 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00129 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00130 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00131 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00132 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00133 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00134 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00135 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00136 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00137 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00138 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00139 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00140 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00141 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00142 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00143 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00144 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00145 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00146 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00147 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00148 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00149 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00150 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00151 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00152 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00153 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00154 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00155 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00156 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00157 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00158 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00159 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00160 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00161 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00162 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00163 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00164 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00165 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00166 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00167 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00168 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00169 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00170 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00171 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00172 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00173 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00174 << Deleted.
C:\WINDOWS\$NtUninstallKB900325$\reg00175 << Deleted.

x_joe
Novice
Novice

Posts Posts : 20
Joined Joined : 2008-11-13
OS OS : windows xp media center edition
Points Points : 29460
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: typing lag after removing malware win32/renos

Post by Belahzur on 17th November 2008, 1:21 am

How is the machine, did you format?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: typing lag after removing malware win32/renos

Post by x_joe on 17th November 2008, 1:25 am

Still have the type lag, i ran pureRa and from having 21gb free space on a 51 gb hard disc to having 41gb free space.

do you still want the rest of the pureRa log?

x_joe
Novice
Novice

Posts Posts : 20
Joined Joined : 2008-11-13
OS OS : windows xp media center edition
Points Points : 29460
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: typing lag after removing malware win32/renos

Post by Belahzur on 17th November 2008, 1:29 am

Nah, no need.
You can probably save alittle more space by turning down system restore.

Press Start > Right click "my computer" > System Restore tab > Highlight C:\ drive and press the settings button and turn it down to about 3%.

Does the machine seem any faster now you have 20gb back?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: typing lag after removing malware win32/renos

Post by x_joe on 17th November 2008, 11:57 pm

still finding a better personal firewall, I tried using comodo because it had so many good reviews but I think it's conflicting with avast. I'm going to try kerio. I still have the bad type lag and I'm afraid to use my laptop, any suggestions?

x_joe
Novice
Novice

Posts Posts : 20
Joined Joined : 2008-11-13
OS OS : windows xp media center edition
Points Points : 29460
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: typing lag after removing malware win32/renos

Post by Belahzur on 18th November 2008, 12:00 am

Avast? I only see Trend Micro.

Can you post a new hijack this log?
Also, I wanna see what's installed.
Lets generate an installed items list.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post with the new Hijack This log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: typing lag after removing malware win32/renos

Post by x_joe on 18th November 2008, 2:35 am

new hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:53 AM, on 11/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ian\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\cssdll32.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 5858 bytes

x_joe
Novice
Novice

Posts Posts : 20
Joined Joined : 2008-11-13
OS OS : windows xp media center edition
Points Points : 29460
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: typing lag after removing malware win32/renos

Post by x_joe on 18th November 2008, 5:31 am

sorry, got the uninstall list


Adobe Reader 7.0.8
AMD Processor Driver
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOLIcon
Ask Toolbar
ATI Catalyst Control Center
ATI Display Driver
avast! Antivirus
Broadcom Management Programs
COMODO Internet Security
COMODO SafeSurf
Conexant HDA D110 MDC V.92 Modem
Dell Support 3.2.1
Dell Wireless WLAN Card
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
EarthLink Setup Files
EducateU
ESPNMotion
Games, Music, & Photos Launcher
GemMaster Mystic
Get High Speed Internet!
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Internet Service Offers Launcher
J2SE Runtime Environment 5.0 Update 6
Learn2 Player (Uninstall Only)
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft Digital Image Standard 2006
Microsoft Encarta Encyclopedia Standard 2006
Microsoft Money 2006
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Streets & Trips 2006
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
Mozilla Firefox (3.0.4)
NetWaiting
NetZeroInstallers
Otto
PowerDVD 5.7
QuickSet
QuickTime
RealPlayer Basic
Sonic Encoders
Synaptics Pointing Device Driver
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Hotfix - KB890927
Windows XP Media Center Edition 2005 KB908246

x_joe
Novice
Novice

Posts Posts : 20
Joined Joined : 2008-11-13
OS OS : windows xp media center edition
Points Points : 29460
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: typing lag after removing malware win32/renos

Post by Belahzur on 18th November 2008, 9:20 am

Thank you.

A few holes we can fix up, then kill some startup items and we'll see where we stand after that.

Press Start > Control Panel > Add/remove programs
Uninstall all this by pressing the Remove button on the right after selecting each one.

Adobe Reader 7.0.8
Ask Toolbar
J2SE Runtime Environment 5.0 Update 6
Viewpoint Media Player


After you've uninstalled that, you need to update your Adobe Reader to 9.0. Download it here:
[You must be registered and logged in to see this link.]
=====

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 10".
  • Click the "Download" button to the right.
  • In the Window that opens, select your platform and language, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    - Java 2 Runtime Environment, SE v1.4.2
    - J2SE Runtime Environment 5.0
    - J2SE Runtime Environment 5.0 Update 2
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe that you downloaded to install the newest version.


Post a new Hijack This log after you've done that.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: typing lag after removing malware win32/renos

Post by x_joe on 19th November 2008, 5:43 am

new hijackthis log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:41:33 PM, on 11/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Ian\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\cssdll32.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 5908 bytes

x_joe
Novice
Novice

Posts Posts : 20
Joined Joined : 2008-11-13
OS OS : windows xp media center edition
Points Points : 29460
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: typing lag after removing malware win32/renos

Post by Belahzur on 19th November 2008, 12:24 pm

Lets see about making it abit faster.


  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe


  • Press "Fix Checked"
  • Close Hijack This.


May need to reboot for these change to take effect.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: typing lag after removing malware win32/renos

Post by x_joe on 20th November 2008, 4:43 am

I did that,windows made me get update service pack 3 and took up about 2 GB of space. still have the type lag but stops lagging from time to time and i havent experienced the firefox hang in a while. do you think i should go and have it physically looked at?

x_joe
Novice
Novice

Posts Posts : 20
Joined Joined : 2008-11-13
OS OS : windows xp media center edition
Points Points : 29460
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: typing lag after removing malware win32/renos

Post by Belahzur on 20th November 2008, 9:24 am

You mean get the hardware looked at? I'd say yes. Maybe get some more RAM for the machine. I have 2gb on my machine and it runs smoothly.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: typing lag after removing malware win32/renos

Post by x_joe on 21st November 2008, 3:04 am

I already have about 1.8gb of ram though. Do you still think it's a virus thats messing up my machine? Just wondering if it's probably safe to start using it again

x_joe
Novice
Novice

Posts Posts : 20
Joined Joined : 2008-11-13
OS OS : windows xp media center edition
Points Points : 29460
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: typing lag after removing malware win32/renos

Post by Belahzur on 24th November 2008, 2:54 pm

Hello.
Sorry for the delay.
I don't think it's a virus messing it up.

Yes, I think it's safe to use again.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: typing lag after removing malware win32/renos

Post by Doctor Inferno on 2nd December 2008, 2:28 am

Since this issue appears resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12015
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104610
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum