Laptop running slow.

View previous topic View next topic Go down

Laptop running slow.

Post by priya1984 on Fri May 01, 2009 6:09 pm

Hi,

My laptop is running very slow for the past one week. The applications, launching the browser, we pages is so so slow. Sad tearing Yesterday i did a virus scan with Malware bytes and it removed 6 of them.

Still my laptop is slow.
Please help. Sad tearing
-Priya-

priya1984
Intermediate
Intermediate

Status :
Online
Offline

Posts : 153
Joined : 2009-02-10
Gender : Male
OS : Windows XP Professional

View user profile

Back to top Go down

Re: Laptop running slow.

Post by Belahzur on Fri May 01, 2009 8:06 pm

Can you post the MBAM report please?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Laptop running slow.

Post by priya1984 on Fri May 01, 2009 8:23 pm

Hi,

do u want me to do a fresh scan or the log file of yesterday's scan?
If it is yesterday, here it goes

Malwarebytes' Anti-Malware 1.36
Database version: 2062
Windows 5.1.2600 Service Pack 3

4/30/2009 3:30:44 PM
mbam-log-2009-04-30 (15-30-44).txt

Scan type: Quick Scan
Objects scanned: 102000
Time elapsed: 26 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 4
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36f53a13-f580-42c5-8080-e4b08cc895f7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{36f53a13-f580-42c5-8080-e4b08cc895f7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bamilabuga (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cc3400b3 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

priya1984
Intermediate
Intermediate

Status :
Online
Offline

Posts : 153
Joined : 2009-02-10
Gender : Male
OS : Windows XP Professional

View user profile

Back to top Go down

Re: Laptop running slow.

Post by Belahzur on Fri May 01, 2009 8:54 pm

That explains the slowness, MBAM found vundo.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Laptop running slow.

Post by priya1984 on Fri May 01, 2009 9:26 pm

DDS (Ver_09-03-16.01) - NTFSx86
Run by Saravanan at 14:21:07.96 on Fri 05/01/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.323 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\C4ebreg\c4ebreg.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\C4ebreg\isamtray.exe
C:\Documents and Settings\Saravanan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Saravanan\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Saravanan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page =
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uWindow Title = Windows Internet Explorer provided by Yahoo!
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
uSearchAssistant =
mSearchAssistant =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
uRun: [Google Update] "c:\documents and settings\saravanan\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe
mRun: [TP4EX] tp4ex.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [QCWLICON] c:\program files\thinkpad\connectutilities\QCWLICON.EXE
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [C4EBReg] "c:\program files\c4ebreg\c4ebreg.exe" /q
mRun: [Isamtray] "c:\program files\c4ebreg\isamtray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &Yahoo! Search - [You must be registered and logged in to see this link.] files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\ibm\bluetooth software\btsendto_ie_ctx.htm
IE: Yahoo! &Dictionary - [You must be registered and logged in to see this link.] files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - [You must be registered and logged in to see this link.] files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - [You must be registered and logged in to see this link.] files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} - [You must be registered and logged in to see this link.]
DPF: {01113300-3E00-11D2-8470-0060089874ED} - [You must be registered and logged in to see this link.]
DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - [You must be registered and logged in to see this link.]
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - [You must be registered and logged in to see this link.]
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - [You must be registered and logged in to see this link.]
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - [You must be registered and logged in to see this link.]
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - [You must be registered and logged in to see this link.]
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - [You must be registered and logged in to see this link.]
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - [You must be registered and logged in to see this link.]
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - [You must be registered and logged in to see this link.]
DPF: {84B93AC6-A7F2-4420-9FED-EE6735EA9C8D} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {9519B2A2-6592-4E41-8290-D0298459270C} - [You must be registered and logged in to see this link.]
DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} - [You must be registered and logged in to see this link.]
DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} - [You must be registered and logged in to see this link.]
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - [You must be registered and logged in to see this link.]
DPF: {C130F0B3-CD97-4DFC-B052-2BD17A7B82F5} - [You must be registered and logged in to see this link.]
DPF: {CA8A9780-280D-11CF-A24D-444553540000} - [You must be registered and logged in to see this link.]
DPF: {CB97291A-6603-466A-AA11-80C2EB74CB10} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - [You must be registered and logged in to see this link.]
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - [You must be registered and logged in to see this link.]
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: QConGina - QConGina.dll
Notify: tphotkey - tphklock.dll
AppInit_DLLs: c:\windows\system32\geponesu.dll c:\windows\system32\fuliyulo.dll c:\windows\system32\kawitege.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli pwdmon c:\windows\system32\geponesu.dll c:\windows\system32\fuliyulo.dll

priya1984
Intermediate
Intermediate

Status :
Online
Offline

Posts : 153
Joined : 2009-02-10
Gender : Male
OS : Windows XP Professional

View user profile

Back to top Go down

Re: Laptop running slow.

Post by priya1984 on Fri May 01, 2009 9:27 pm

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sarava~1\applic~1\mozilla\firefox\profiles\nvhb8pi6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\saravanan\application data\mozilla\firefox\profiles\nvhb8pi6.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\saravanan\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\saravanan\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - HiddenExtension: XUL Cache: {00818160-A769-4E2E-AD8C-64F9A156CFBF} - c:\documents and settings\saravanan\local settings\application data\{00818160-A769-4E2E-AD8C-64F9A156CFBF}

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-10 64160]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [2005-8-25 59776]
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [2005-8-25 14208]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2005-8-25 11520]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.SYS [2005-8-25 2432]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-16 214024]
R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [2005-8-25 4608]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2005-8-25 4442]
R2 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [2004-12-16 63616]
R2 ISAMSvc;IBM Standard Asset Manager Service;c:\program files\c4ebreg\c4ebreg.exe [2007-9-7 364544]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-3-26 79880]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-3-26 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-3-26 40552]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [2005-8-25 6016]
S3 artour;IBM Mobility Interface for Windows;c:\windows\system32\drivers\artndint.sys [2007-7-3 7760]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-3-26 34216]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [2005-8-25 12288]

============== File Associations ===============

inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"

=============== Created Last 30 ================

2009-04-15 07:49 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-15 07:49 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-04-15 07:49 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-15 07:49 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-04-15 07:49 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-15 07:49 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 07:49 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 07:49 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 07:49 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-15 07:49 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-15 07:25 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-15 07:25 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 07:25 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-08 07:22 0 a------- c:\windows\Omicijezoweqoha.bin
2009-04-08 07:22 408 a------- c:\windows\Cxetodefakoro.dat
2009-04-05 19:15 --d----- c:\program files\WinPcap

==================== Find3M ====================

2009-05-01 13:57 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-05-01 13:57 0 a------- c:\windows\system32\drivers\logiflt.iad
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-30 11:07 23,596,840 a------- C:\SkypeSetupFull.exe
2009-03-27 18:33 15,452,536 a------- C:\IE7-WindowsXP-x86-enu.exe
2009-03-27 13:54 2,906,216 a------- C:\mbam-setup.exe
2009-03-27 11:38 1,222,128 a------- C:\DMSetup-Serial.exe
2009-03-27 10:39 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-26 13:38 812,344 a------- c:\program files\HJTInstall.exe
2009-03-26 13:35 438,592 a------- C:\msgr9us.exe
2009-03-25 11:06 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 11:06 214,024 a------- c:\windows\system32\drivers\mfehidk.sys
2009-03-25 11:06 79,880 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 11:06 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-03-25 11:05 34,216 a------- c:\windows\system32\drivers\mferkdk.sys
2009-03-21 07:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-10 22:18 934,792 -------- c:\windows\system32\dllcache\WgaTray.exe
2009-03-10 22:18 239,496 -------- c:\windows\system32\dllcache\wgaLogon.dll
2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-27 21:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 03:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 03:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-19 22:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-02-09 05:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 05:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 05:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 05:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 04:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-07 19:02 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 04:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 04:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 04:08 2,189,056 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 04:06 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 03:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 03:32 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-03 12:59 56,832 a------- c:\windows\system32\secur32.dll
2009-02-03 12:59 56,832 -------- c:\windows\system32\dllcache\secur32.dll

============= FINISH: 14:25:13.31 ===============

priya1984
Intermediate
Intermediate

Status :
Online
Offline

Posts : 153
Joined : 2009-02-10
Gender : Male
OS : Windows XP Professional

View user profile

Back to top Go down

Re: Laptop running slow.

Post by Belahzur on Fri May 01, 2009 9:30 pm

Hello.

Please download [You must be registered and logged in to see this link.] and save it to your Desktop. Please double-click GooredFix.exe on your Desktop to run it. Select 2. Fix Goored by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\windows\system32\drivers\lvuvc.hs
    C:\msgr9us.exe
    c:\windows\system32\drivers\logiflt.iad
    c:\windows\Omicijezoweqoha.bin
    c:\windows\Cxetodefakoro.dat

    :reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=-
    "AppInit_DLLs"=""
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00


  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log and GooredFix log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Laptop running slow.

Post by priya1984 on Fri May 01, 2009 9:58 pm

GooredFix v1.92 by jpshortstuff
Log created at 14:54 on 01/05/2009 running Option #2 (Saravanan)
Firefox version 3.0.10 (en-US)

=====Goored Deletions=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{00818160-A769-4E2E-AD8C-64F9A156CFBF}"="C:\Documents and Settings\Saravanan\Local Settings\Application Data\{00818160-A769-4E2E-AD8C-64F9A156CFBF}"
->Backing up value... Done.
->Deleting value... Done.

C:\Documents and Settings\Saravanan\Local Settings\Application Data\{00818160-A769-4E2E-AD8C-64F9A156CFBF}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{CAE7BB59-7CF6-4B42-887F-6002DBA05CB5}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor"










========== FILES ==========
c:\windows\system32\drivers\lvuvc.hs moved successfully.
C:\msgr9us.exe moved successfully.
c:\windows\system32\drivers\logiflt.iad moved successfully.
c:\windows\Omicijezoweqoha.bin moved successfully.
c:\windows\Cxetodefakoro.dat moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLs"|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05012009_145740

priya1984
Intermediate
Intermediate

Status :
Online
Offline

Posts : 153
Joined : 2009-02-10
Gender : Male
OS : Windows XP Professional

View user profile

Back to top Go down

Re: Laptop running slow.

Post by Belahzur on Fri May 01, 2009 10:07 pm

Hello.

Click Start >> Run and then copy/paste the following into the box and hit Enter:
"%userprofile%\Desktop\GooredFix.exe" /uninstall
note the space between " /
If any of your security programs query a new Registry/AutoStart value being added please allow the changes.

We can remove OTMoveIt now.

  • Please double-click OTMoveIt3.exe to run it again.
  • Press the green CleanUp! button.
  • Press Yes cleanup process prompt, do the same for the reboot prompt.
How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Laptop running slow.

Post by priya1984 on Fri May 01, 2009 10:40 pm

Thanks Belahzur. I can see the difference.
I suspect this virus to have come from a website called as [You must be registered and logged in to see this link.]
I visit that website to see indian serials/soaps.
Do u think that website is a infected one ?

priya1984
Intermediate
Intermediate

Status :
Online
Offline

Posts : 153
Joined : 2009-02-10
Gender : Male
OS : Windows XP Professional

View user profile

Back to top Go down

Re: Laptop running slow.

Post by Belahzur on Fri May 01, 2009 11:00 pm

Hard to tell. I'm not disabling NoScript to allow that site, but it looks like a warez site.

I would avoid it if I was you.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Laptop running slow.

Post by priya1984 on Fri May 01, 2009 11:23 pm

The Laptop is working fine now..fast enough ! Thank u so very much!

priya1984
Intermediate
Intermediate

Status :
Online
Offline

Posts : 153
Joined : 2009-02-10
Gender : Male
OS : Windows XP Professional

View user profile

Back to top Go down

Re: Laptop running slow.

Post by priya1984 on Fri May 01, 2009 11:24 pm

Ok dear! Thanks for all the help provided! Have a great time!!

priya1984
Intermediate
Intermediate

Status :
Online
Offline

Posts : 153
Joined : 2009-02-10
Gender : Male
OS : Windows XP Professional

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum