Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page need some help - computer running very slow
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 07-03-2007, 10:47 PM   #1 (permalink)
Registered User
 
Join Date: Jul 2007
Location: Illinois
Posts: 29
OS: XP


need some help - computer running very slow
For a while now my I have been dealing with a very slow computer. It wasn't a problem at first but it has been getting worse. Am sure I picked up something when I was downloading. I would appreciate if anyone can help me out! Thanks in advance.

Deckard's System Scanner v20070611.50
Run by Dan Pearson on 2007-07-03 at 23:04:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-07-04 04:04:05 UTC - RP1 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Dan Pearson.exe) -----------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:05:29 PM, on 7/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
E:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
E:\Program Files\Norton AntiVirus\navapsvc.exe
E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
E:\PROGRA~1\Grisoft\AVG7\avgcc.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
E:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Dan Pearson\Desktop\dss.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\HIJACK~1\Dan Pearson.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.eyeseek.com/firstsite.asp?b=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,muauvvq.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ogp156a4] RUNDLL32.EXE w21bd03a.dll,n 0061569e0000000321bd03a
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\RunOnce: [D7vydvBD] "C:\WINDOWS\system32\lkyaekrrr.exe" -xeWfjU
O4 - HKLM\..\RunOnce: [Sd8WPn] cmd /c IF EXIST "C:\WINDOWS\system32\drei.exe" del /s /q "C:\WINDOWS\system32\drei.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PSDream] "C:\Program Files\PSDream\PSDream.exe"
O4 - HKCU\..\Run: [Ataa] "C:\DOCUME~1\DANPEA~1\MYDOCU~1\CURITY~1\wuaclt.exe" -vt yazb
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsregt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://awbeta.net-nucleus.com/CABUPDATES/winwcd.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - E:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - E:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - E:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "E:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys <Not Verified; Protection Technology; StarForce Protection System>
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.2500>
R2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.2500>

S3 ATWPKT2 - c:\program files\america online 8.0\atwpkt2.sys (file missing)
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 SaiNtHid - c:\windows\system32\drivers\sainthid.sys <Not Verified; Saitek; Configuration Software>
S3 SymEvent - c:\program files\symantec\symevent.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Scheduled Tasks -------------------------------------------------------------

2007-07-03 22:59:04 374 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2007-06-01 20:05:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-06-01 19:59:59 542 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Dan Pearson.job


-- Files created between 2007-06-03 and 2007-07-03 -----------------------------

2007-07-03 15:50:27 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-07-03 15:50:18 0 d-------- C:\WINDOWS\LastGood
2007-06-25 15:34:59 0 d-------- C:\WINDOWS\.jagex_cache_32
2007-06-17 20:29:16 0 --a------ C:\Documents and Settings\Dan Pearson\dir
2007-06-07 22:42:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2007-06-07 22:42:04 0 d-------- C:\Program Files\Logitech
2007-06-07 22:42:04 0 d-------- C:\Program Files\Common Files\LogiShrd
2007-06-07 22:40:28 0 d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2007-06-03 20:00:41 0 d-------- C:\Documents and Settings\rich sipek\Application Data\AVG7
2007-06-03 17:03:01 0 dr-h----- C:\$VAULT$.AVG
2007-06-03 12:01:31 0 d-------- C:\Documents and Settings\Dan Pearson\Application Data\AVG7
2007-06-03 12:01:18 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-06-03 12:01:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-06-03 12:01:04 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7


-- Find3M Report ---------------------------------------------------------------

2007-07-03 18:37:42 0 dr------- C:\Program Files\Messenger
2007-07-03 18:29:34 0 d-------- C:\Program Files\Google
2007-07-03 18:27:29 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-03 16:15:43 0 d-------- C:\Program Files\Microsoft Works
2007-07-03 15:21:02 0 d-------- C:\Documents and Settings\Dan Pearson\Application Data\Skype
2007-06-07 22:32:31 0 d-------- C:\Program Files\iPod
2007-06-04 04:43:17 0 d--hs---- C:\Program Files\outlook
2007-05-23 19:57:41 0 d-------- C:\Documents and Settings\Dan Pearson\Application Data\U3
2007-05-23 19:47:31 0 d--h----- C:\Program Files\WindowsUpdate
2007-05-23 19:29:58 0 d-------- C:\Documents and Settings\Dan Pearson\Application Data\Lavasoft
2007-05-23 19:29:48 0 d-------- C:\Program Files\Lavasoft
2007-05-23 19:27:58 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-22 19:58:13 0 d-------- C:\Documents and Settings\Dan Pearson\Application Data\Macromedia
2007-05-20 14:35:36 0 d-------- C:\Program Files\TurboTax
2007-05-12 22:12:00 0 d-------- C:\Program Files\QuickTime
2007-05-12 22:05:19 0 d-------- C:\Program Files\Apple Software Update
2007-05-02 20:35:58 77312 --a------ C:\WINDOWS\ua2.dll
2007-04-27 22:18:40 664 --a------ C:\WINDOWS\system32\d3d9caps.dat


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F} E:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Microsoft Works Portfolio"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers"
"Microsoft Works Update Detection"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"
"nwiz"="nwiz.exe /install"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"ogp156a4"="RUNDLL32.EXE w21bd03a.dll,n 0061569e0000000321bd03a"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"AVG7_CC"="E:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"iTunesHelper"="\"E:\\Program Files\\iTunes\\iTunesHelper.exe\""
"LogitechCommunicationsManager"="\"C:\\Program Files\\Common Files\\LogiShrd\\LComMgr\\Communications_Helper.exe\""
"LogitechQuickCamRibbon"="\"C:\\Program Files\\Logitech\\QuickCam10\\QuickCam10.exe\" /hide"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"PSDream"="\"C:\\Program Files\\PSDream\\PSDream.exe\""
"Ataa"="\"C:\\DOCUME~1\\DANPEA~1\\MYDOCU~1\\CURITY~1\\wuaclt.exe\" -vt yazb"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"D7vydvBD"="\"C:\\WINDOWS\\system32\\lkyaekrrr.exe\" -xeWfjU"
"Sd8WPn"="cmd /c IF EXIST \"C:\\WINDOWS\\system32\\drei.exe\" del /s /q \"C:\\WINDOWS\\system32\\drei.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"{B496E091-03E9-1033-0626-011021030001}"="\"C:\\Program Files\\Common Files\\{B496E091-03E9-1033-0626-011021030001}\\Update.exe\" mc-110-12-0000140"
"{B496E091-03EA-1033-0626-011021030001}"="\"C:\\Program Files\\Common Files\\{B496E091-03EA-1033-0626-011021030001}\\Update.exe\" mc-110-12-0000140"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
"backup"="C:\\WINDOWS\\pss\\America Online 8.0 Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AMERIC~1.0\\aoltray.exe -check"
"item"="America Online 8.0 Tray Icon"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~3\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkVwMon.exe.lnk]
"backup"="C:\\WINDOWS\\pss\\NkVwMon.exe.lnkCommon Startup"
"location"="Common Startup"
"command"="E:\\PROGRA~1\\Nikon\\NkView4\\NkVwMon.exe "
"item"="NkVwMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Money Express"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft Money\\System\\Money Express.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ViewMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wkfud"
"hkey"="HKLM"
"command"="C:\\Program Files\\Microsoft Works\\wkfud.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of Deckard's System Scanner: finished at 2007-07-03 at 23:07:26 ---------
Attached Files
File Type: txt extra.txt (15.1 KB, 1 views)
Dan53 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 07-04-2007, 12:23 AM   #2 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,792
OS: WinXP and Vista


Re: need some help - computer running very slow
Hello Dan53 and welcome,

You sure did pick up a few things.

Before we begin, you currently have 2 Anti Virus programs installed. (AVG Free and Norton AV) While it may seem to be added protection for you, more than 1 Anti Virus can cause conflicts and confusion between the AV programs as well as system instability. Please choose and run only 1 and uninstall the other via the Add/Remove Programs in the Control Panel.

------------------------------------------------------------------

Download ComboFix Place it on your desktop.

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

Close any open browsers.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please post the C:\ComboFix.txt so we can continue cleaning the system.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-04-2007, 12:25 PM   #3 (permalink)
Registered User
 
Join Date: Jul 2007
Location: Illinois
Posts: 29
OS: XP


Re: need some help - computer running very slow
Thanks for the quick reply.

Ok I uninstalled Norton AV, but it is still showing up in the add/remove program list.

"Dan Pearson" - 2007-07-04 12:37:50 - ComboFix 07-07-04.4 - Service Pack 2


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\DANPEA~1\APPLIC~1\Dxcknwrd.dll
C:\DOCUME~1\DANPEA~1\APPLIC~1\Dxcuknwrd.dll
C:\DOCUME~1\DANPEA~1\MYDOCU~1.\curity~1
C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon\domains.txt
C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon\log.txt
C:\Program Files\Common Files\{3496E~1
C:\Program Files\Common Files\{3496E~2
C:\Program Files\Common Files\{B496E~1
C:\Program Files\Common Files\{B496E~2
C:\Program Files\crosof~1.net
C:\Program Files\printview
C:\Program Files\printview\chnlist.dat
C:\Program Files\printview\hotlist.dat
C:\Program Files\printview\remlist.dat
C:\WINDOWS\876056.exe
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\system32\bang-006.ico
C:\WINDOWS\system32\wcpsvcc.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2007-06-04 to 2007-07-04 )))))))))))))))))))))))))))))))


2007-07-04 12:37 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-03 23:03 <DIR> d-------- C:\Deckard
2007-07-03 15:50 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-06-25 15:34 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-06-07 22:50 59,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys
2007-06-07 22:49 53,760 --a------ C:\WINDOWS\SYSTEM32\vfwwdm32.dll
2007-06-07 22:49 31,616 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbccgp.sys
2007-06-07 22:47 490,272 --a------ C:\WINDOWS\SYSTEM32\LVUI2.dll
2007-06-07 22:47 465,696 --a------ C:\WINDOWS\SYSTEM32\LVUI2RC.dll
2007-06-07 22:47 416,544 --a------ C:\WINDOWS\SYSTEM32\lvcodec2.dll
2007-06-07 22:47 41,888 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\LVUSBSta.sys
2007-06-07 22:47 3,580,832 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\lvuvc.sys
2007-06-07 22:47 22,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\lvuvcflt.sys
2007-06-07 22:47 195,360 --a------ C:\WINDOWS\SYSTEM32\lvci1100.dll
2007-06-07 22:47 15,558 --a------ C:\WINDOWS\SYSTEM32\Repository.reg
2007-06-07 22:47 1,921,184 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\lvpopflt.sys
2007-06-07 22:42 <DIR> d-------- C:\Program Files\Logitech
2007-06-07 22:42 <DIR> d-------- C:\Program Files\Common Files\LogiShrd
2007-06-07 22:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
2007-06-07 22:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-04 17:34:49 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-04 17:34:08 -------- d-----w C:\Program Files\Symantec
2007-07-04 17:26:28 -------- d-----w C:\DOCUME~1\DANPEA~1\APPLIC~1\Skype
2007-07-04 00:25:21 -------- d-----w C:\Program Files\Microsoft Works
2007-07-03 23:37:42 -------- d-----r C:\Program Files\Messenger
2007-07-03 23:29:34 -------- d-----w C:\Program Files\Google
2007-06-08 03:32:31 -------- d-----w C:\Program Files\iPod
2007-06-04 09:43:17 -------- d-sh--w C:\Program Files\outlook
2007-05-24 00:57:41 -------- d-----w C:\DOCUME~1\DANPEA~1\APPLIC~1\U3
2007-05-24 00:47:31 -------- d--h--w C:\Program Files\WindowsUpdate
2007-05-24 00:29:58 -------- d-----w C:\DOCUME~1\DANPEA~1\APPLIC~1\Lavasoft
2007-05-24 00:29:48 -------- d-----w C:\Program Files\Lavasoft
2007-05-24 00:27:58 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-05-20 19:35:36 -------- d-----w C:\Program Files\TurboTax
2007-05-17 15:25:18 323,624 ----a-w C:\WINDOWS\system32\wiaaut.dll
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-13 03:12:00 -------- d-----w C:\Program Files\QuickTime
2007-05-13 03:05:19 -------- d-----w C:\Program Files\Apple Software Update
2007-05-11 22:30:16 25,888 ----a-w C:\WINDOWS\system32\drivers\LVPr2Mon.sys
2007-05-11 22:29:54 2,142,752 ----a-w C:\WINDOWS\system32\drivers\LVMVdrv.sys
2007-05-11 22:27:58 2,107,808 ----a-w C:\WINDOWS\system32\drivers\Lvckap.sys
2007-05-03 01:35:58 77,312 ----a-w C:\WINDOWS\ua2.dll
2007-04-28 03:18:40 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2004-05-12 02:03 744960 --a------ E:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-20 00:55 2403392 -ra------ c:\program files\google\googletoolbar3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-08-08 15:00]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-08-08 15:00]
"nwiz"="nwiz.exe" [2004-03-24 10:04 C:\WINDOWS\SYSTEM32\nwiz.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-02-17 10:05]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-04-26 18:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"ogp156a4"="w21bd03a.dll" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"AVG7_CC"="E:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-03 12:01]
"iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 10:52]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 10:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-09-25 18:50]
"Ataa"="C:\DOCUME~1\DANPEA~1\MYDOCU~1\CURITY~1\wuaclt.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-26 16:49]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
backup=C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkVwMon.exe.lnk]
backup=C:\WINDOWS\pss\NkVwMon.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"C:\Program Files\Microsoft Money\System\Money Express.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
C:\Program Files\Microsoft Works\wkfud.exe


Contents of the 'Scheduled Tasks' folder
2007-06-02 01:05:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-04 12:54:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-07-04 12:58:35 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-04 12:58

--- E O F ---
Dan53 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-04-2007, 11:26 PM   #4 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,792
OS: WinXP and Vista


Re: need some help - computer running very slow
Hi Dan,

Quote:
Ok I uninstalled Norton AV, but it is still showing up in the add/remove program list.
Hmmm..I also still see it active on your system. All of the following are components of Norton that I pulled off of the extra.txt you provided. Go into your Add or Remove programs and uninstall every one of these:

Norton AntiVirus 2005
Norton AntiVirus 2005
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
Norton WMI Update
Symantec
Symantec Script Blocking Installer

-------------------------------------------------------------

After you've done that...

Open notepad and copy/paste the text in the quotebox below into it:

Quote:
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ogp156a4"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ataa"=-
Save this as CFScript, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

--------------------------------------------------------------------

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------------

Run a new scan with HijackThis and save the log.

--------------------------------------------------------------------

Please include the following in your next reply:

C:\ComboFix.txt
Panda results
New HijackThis log
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-05-2007, 03:47 PM   #5 (permalink)
Registered User
 
Join Date: Jul 2007
Location: Illinois
Posts: 29
OS: XP


Re: need some help - computer running very slow
Alright did all of that. The panda scan took all day. The only one in the add\remove program list is Norton AntiVirus 2005(Symantec Corporation) and when I try to remove it nothing happens. Also I have a program called iMeshBar in the add\remove list that when I try to remove says "error loading C:\PROGRA~1\iMeshBar\bar\1.bin\iMeshBar.dll The specified module could not be found."

Thanks for all your help!

"Dan Pearson" - 2007-07-05 6:45:08 - ComboFix 07-07-04.4 - Service Pack 2
Command switches used :: C:\Documents and Settings\Dan Pearson\Desktop\CFScript.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\DANPEA~1\Desktop.\internet explorer.lnk


((((((((((((((((((((((((( Files Created from 2007-06-05 to 2007-07-05 )))))))))))))))))))))))))))))))


2007-07-04 12:37 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-03 23:03 <DIR> d-------- C:\Deckard
2007-07-03 15:50 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-06-25 15:34 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-06-07 22:50 59,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys
2007-06-07 22:49 53,760 --a------ C:\WINDOWS\SYSTEM32\vfwwdm32.dll
2007-06-07 22:49 31,616 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbccgp.sys
2007-06-07 22:47 490,272 --a------ C:\WINDOWS\SYSTEM32\LVUI2.dll
2007-06-07 22:47 465,696 --a------ C:\WINDOWS\SYSTEM32\LVUI2RC.dll
2007-06-07 22:47 416,544 --a------ C:\WINDOWS\SYSTEM32\lvcodec2.dll
2007-06-07 22:47 41,888 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\LVUSBSta.sys
2007-06-07 22:47 3,580,832 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\lvuvc.sys
2007-06-07 22:47 22,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\lvuvcflt.sys
2007-06-07 22:47 195,360 --a------ C:\WINDOWS\SYSTEM32\lvci1100.dll
2007-06-07 22:47 15,558 --a------ C:\WINDOWS\SYSTEM32\Repository.reg
2007-06-07 22:47 1,921,184 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\lvpopflt.sys
2007-06-07 22:42 <DIR> d-------- C:\Program Files\Logitech
2007-06-07 22:42 <DIR> d-------- C:\Program Files\Common Files\LogiShrd
2007-06-07 22:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
2007-06-07 22:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-04 18:13:15 -------- d-----w C:\DOCUME~1\DANPEA~1\APPLIC~1\Skype
2007-07-04 17:34:49 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-04 17:34:08 -------- d-----w C:\Program Files\Symantec
2007-07-04 00:25:21 -------- d-----w C:\Program Files\Microsoft Works
2007-07-03 23:37:42 -------- d-----r C:\Program Files\Messenger
2007-07-03 23:29:34 -------- d-----w C:\Program Files\Google
2007-06-08 03:32:31 -------- d-----w C:\Program Files\iPod
2007-06-04 09:43:17 -------- d-sh--w C:\Program Files\outlook
2007-05-24 00:57:41 -------- d-----w C:\DOCUME~1\DANPEA~1\APPLIC~1\U3
2007-05-24 00:47:31 -------- d--h--w C:\Program Files\WindowsUpdate
2007-05-24 00:29:58 -------- d-----w C:\DOCUME~1\DANPEA~1\APPLIC~1\Lavasoft
2007-05-24 00:29:48 -------- d-----w C:\Program Files\Lavasoft
2007-05-24 00:27:58 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-05-20 19:35:36 -------- d-----w C:\Program Files\TurboTax
2007-05-17 15:25:18 323,624 ----a-w C:\WINDOWS\system32\wiaaut.dll
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-13 03:12:00 -------- d-----w C:\Program Files\QuickTime
2007-05-13 03:05:19 -------- d-----w C:\Program Files\Apple Software Update
2007-05-11 22:30:16 25,888 ----a-w C:\WINDOWS\system32\drivers\LVPr2Mon.sys
2007-05-11 22:29:54 2,142,752 ----a-w C:\WINDOWS\system32\drivers\LVMVdrv.sys
2007-05-11 22:27:58 2,107,808 ----a-w C:\WINDOWS\system32\drivers\Lvckap.sys
2007-05-03 01:35:58 77,312 ----a-w C:\WINDOWS\ua2.dll
2007-04-28 03:18:40 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2004-05-12 02:03 744960 --a------ E:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-20 00:55 2403392 -ra------ c:\program files\google\googletoolbar3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-08-08 15:00]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-08-08 15:00]
"nwiz"="nwiz.exe" [2004-03-24 10:04 C:\WINDOWS\SYSTEM32\nwiz.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-02-17 10:05]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-04-26 18:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"AVG7_CC"="E:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-03 12:01]
"iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 10:52]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 10:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-09-25 18:50]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-26 16:49]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
backup=C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkVwMon.exe.lnk]
backup=C:\WINDOWS\pss\NkVwMon.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"C:\Program Files\Microsoft Money\System\Money Express.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
C:\Program Files\Microsoft Works\wkfud.exe

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
2007-06-02 01:05:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-05 06:58:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-07-05 7:00:24
C:\ComboFix-quarantined-files.txt ... 2007-07-05 06:59
C:\ComboFix2.txt ... 2007-07-04 12:58

--- E O F ---


Panda ActiveScan


Incident Status Location

Adware:adware/sqwire Not disinfected Windows Registry
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.ad.yieldmanager.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.zedo.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.overture.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.com.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[server.iad.liveperson.net/hc/79599383]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[server.iad.liveperson.net/hc/79599383]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.clickbank.net/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[server.iad.liveperson.net/hc/7895639]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.go.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.revenue.net/]
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.sexlist.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Dan Pearson\Application Data\Mozilla\Firefox\Profiles\bpfk2o5n.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Dan Pearson\Cookies\dan_pearson@atwola[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Dan Pearson\Cookies\dan_pearson@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\rich sipek\Application Data\Mozilla\Firefox\Profiles\qhhyy00g.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\rich sipek\Application Data\Mozilla\Firefox\Profiles\qhhyy00g.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\rich sipek\Application Data\Mozilla\Firefox\Profiles\qhhyy00g.default\cookies.txt[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\rich sipek\Application Data\Mozilla\Firefox\Profiles\qhhyy00g.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\rich sipek\Application Data\Mozilla\Firefox\Profiles\qhhyy00g.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\rich sipek\Application Data\Mozilla\Firefox\Profiles\qhhyy00g.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\rich sipek\Application Data\Mozilla\Firefox\Profiles\qhhyy00g.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\rich sipek\Application Data\Mozilla\Firefox\Profiles\qhhyy00g.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\rich sipek\Application Data\Mozilla\Firefox\Profiles\qhhyy00g.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\rich sipek\Application Data\Mozilla\Firefox\Profiles\qhhyy00g.default\cookies.txt[.overture.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\rich sipek\Application Data\Mozilla\Firefox\Profiles\qhhyy00g.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\rich sipek\Application Data\Mozilla\Firefox\Profiles\qhhyy00g.default\cookies.txt[.go.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\rich sipek\Cookies\rich_sipek@247realmedia[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\rich sipek\Cookies\rich_sipek@apmebf[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\rich sipek\Cookies\rich_sipek@go[2].txt
Adware:Adware/Mirar Not disinfected C:\QooBox\Quarantine\C\WINDOWS\876056.exe.vir
Spyware:Spyware/LinkReplacer Not disinfected C:\WINDOWS\system32drei.exe


Logfile of HijackThis v1.99.1
Scan saved at 4:30:19 PM, on 7/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
E:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
E:\PROGRA~1\Grisoft\AVG7\avgcc.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
E:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://awbeta.net-nucleus.com/CABUPDATES/winwcd.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - E:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Dan53 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-05-2007, 08:34 PM   #6 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,792
OS: WinXP and Vista


Re: need some help - computer running very slow
Hi,

Here is a guide for uninstalling Norton, including uninstallers. Be sure to use the uninstaller for the version of Norton/Symantec that is active on your system --> http://basconotw.mvps.org/SymRem.htm

----------------------------------------------------------

Open HJT. Click on Open the Misc Tools Section.
*Click on 'Open Uninstall Manager"
*Highlight (click on) iMeshBar
*Click "Delete this entry"
Close HijackThis

--------------------------------------------------------------------

Please ensure Hidden files and folders are viewable:

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

--------------------------------------------------------------------

Using 'My Computer', navigate to and delete the following File and Folders if they still exist.

C:\WINDOWS\ system32drei.exe
C:\Program Files\ iMeshBar
C:\Program Files\ outlook

--------------------------------------------------------------------

Clear your Internet Explorer7 cookies:

* Click on the Start button, then >Control Panel>Internet Options>General tab
* Under Browsing History, click on Delete.
* In the Delete Browsing History box that opens, click on Delete cookies

--------------------------------------------------------------------

Clear Mozilla Firefox cookies:

Open the Mozilla Browser, click Tools>Options>Privacy>Cookies>Clear

--------------------------------------------------------------------

Run a new scan with dss.exe and post the main.txt in your next reply.

How is the system behaving?
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-05-2007, 09:24 PM   #7 (permalink)
Registered User
 
Join Date: Jul 2007
Location: Illinois
Posts: 29
OS: XP


Re: need some help - computer running very slow
Hi again and thanks for the help,

The Norton remover worked great and its not in the list any more. I deleted system32drei.exe, I couldn't find the iMeshbar folder, and there was no folder called "outlook". There was a folder called "outlook express" if that’s what you meant? The computer seems to be running better. It does seems like it could be a little better but that might just be me. I use a few different computers a day so it can be hard to judge. I did everything else and here is the log.


Deckard's System Scanner v20070611.50
Run by Dan Pearson on 2007-07-05 at 22:04:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Dan Pearson.exe) -----------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:05:31 PM, on 7/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
E:\PROGRA~1\Grisoft\AVG7\avgcc.exe
E:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\nvsvc32.exe
E:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Dan Pearson\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\DANPEA~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://awbeta.net-nucleus.com/CABUPDATES/winwcd.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - E:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


-- Files created between 2007-06-05 and 2007-07-05 -----------------------------

2007-07-03 15:50:27 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-06-25 15:34:59 0 d-------- C:\WINDOWS\.jagex_cache_32
2007-06-17 20:29:16 0 --a------ C:\Documents and Settings\Dan Pearson\dir
2007-06-07 22:42:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2007-06-07 22:42:04 0 d-------- C:\Program Files\Logitech
2007-06-07 22:42:04 0 d-------- C:\Program Files\Common Files\LogiShrd
2007-06-07 22:40:28 0 d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd


-- Find3M Report ---------------------------------------------------------------

2007-07-05 22:03:14 0 d-------- C:\Documents and Settings\Dan Pearson\Application Data\Skype
2007-07-05 21:50:39 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-05 12:42:27 0 d-------- C:\Program Files\QuickTime
2007-07-05 12:35:38 0 d-------- C:\Program Files\Microsoft Works
2007-07-05 10:44:37 0 d-------- C:\Program Files\Google
2007-07-05 08:00:34 0 d-------- C:\Documents and Settings\Dan Pearson\Application Data\AVG7
2007-07-03 18:37:42 0 dr------- C:\Program Files\Messenger
2007-06-07 22:32:31 0 d-------- C:\Program Files\iPod
2007-06-04 04:43:17 0 d--hs---- C:\Program Files\outlook
2007-05-23 19:57:41 0 d-------- C:\Documents and Settings\Dan Pearson\Application Data\U3
2007-05-23 19:47:31 0 d--h----- C:\Program Files\WindowsUpdate
2007-05-23 19:29:58 0 d-------- C:\Documents and Settings\Dan Pearson\Application Data\Lavasoft
2007-05-23 19:29:48 0 d-------- C:\Program Files\Lavasoft
2007-05-23 19:27:58 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-22 19:58:13 0 d-------- C:\Documents and Settings\Dan Pearson\Application Data\Macromedia
2007-05-20 14:35:36 0 d-------- C:\Program Files\TurboTax
2007-05-12 22:05:19 0 d-------- C:\Program Files\Apple Software Update
2007-05-02 20:35:58 77312 --a------ C:\WINDOWS\ua2.dll
2007-04-27 22:18:40 664 --a------ C:\WINDOWS\system32\d3d9caps.dat


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F} E:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Microsoft Works Portfolio"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers"
"Microsoft Works Update Detection"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"
"nwiz"="nwiz.exe /install"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"AVG7_CC"="E:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"iTunesHelper"="\"E:\\Program Files\\iTunes\\iTunesHelper.exe\""
"LogitechCommunicationsManager"="\"C:\\Program Files\\Common Files\\LogiShrd\\LComMgr\\Communications_Helper.exe\""
"LogitechQuickCamRibbon"="\"C:\\Program Files\\Logitech\\QuickCam10\\QuickCam10.exe\" /hide"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
"backup"="C:\\WINDOWS\\pss\\America Online 8.0 Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AMERIC~1.0\\aoltray.exe -check"
"item"="America Online 8.0 Tray Icon"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~3\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkVwMon.exe.lnk]
"backup"="C:\\WINDOWS\\pss\\NkVwMon.exe.lnkCommon Startup"
"location"="Common Startup"
"command"="E:\\PROGRA~1\\Nikon\\NkView4\\NkVwMon.exe "
"item"="NkVwMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Money Express"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft Money\\System\\Money Express.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ViewMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wkfud"
"hkey"="HKLM"
"command"="C:\\Program Files\\Microsoft Works\\wkfud.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of Deckard's System Scanner: finished at 2007-07-05 at 22:07:04 ---------
Dan53 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-05-2007, 09:32 PM   #8 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,792
OS: WinXP and Vista


Re: need some help - computer running very slow
Good, the Norton uninstallers usually do the trick.

Quote:
there was no folder called "outlook". There was a folder called "outlook express" if that’s what you meant?
No--do not dlete outlook express folder.

I'm still seeing the folder in your main.txt--it only reports what it sees.

Please check again. It has a creation date of 6/04/2007

2007-06-04 04:43:17 0 d--hs---- C:\Program Files\outlook
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-05-2007, 09:41 PM   #9 (permalink)
Registered User
 
Join Date: Jul 2007
Location: Illinois
Posts: 29
OS: XP


Re: need some help - computer running very slow
Alright sorry about that I had forgot to uncheck "Hide protected operating system files". I got it deleted now.
Dan53 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-05-2007, 09:49 PM   #10 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,792
OS: WinXP and Vista


Re: need some help - computer running very slow
Ah, ok. Good.
Quote:
The computer seems to be running better. It does seems like it could be a little better but that might just be me. I use a few different computers a day so it can be hard to judge.
If you like, we can use a different online scanner to see if it finds anything further.

Perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

**Note for Internet Explorer 7 users**

If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-06-2007, 06:05 AM   #11 (permalink)
Registered User
 
Join Date: Jul 2007
Location: Illinois
Posts: 29
OS: XP


Re: need some help - computer running very slow
Ok here are the results.


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, July 06, 2007 7:02:42 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 6/07/2007
Kaspersky Anti-Virus database records: 358814
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 144452
Number of viruses found: 5
Number of infected objects: 6
Number of suspicious objects: 2
Duration of the scan process: 03:30:07

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Works\Portfolio\Sample.wsb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MediaMotor1.zip/dohancer/webinstaller.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MediaMotor1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Dan Pearson\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dan Pearson\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Dan Pearson\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dan Pearson\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dan Pearson\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dan Pearson\Local Settings\History\History.IE5\MSHist012007070520070706\index.dat Object is locked skipped
C:\Documents and Settings\Dan Pearson\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dan Pearson\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Dan Pearson\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\876056.exe.vir Infected: not-a-virus:AdWare.Win32.SaveNow.bj skipped
C:\RECYCLER\S-1-5-21-1214440339-507921405-1343024091-1005\Dc3.exe Infected: not-a-virus:AdWare.Win32.SearchAssistant.g skipped
C:\System Volume Information\_restore{B1C87658-78C9-4AEF-B2CE-179C8BBD539A}\RP1\A0001030.exe Infected: not-a-virus:AdWare.Win32.SearchAssistant.g skipped
C:\System Volume Information\_restore{B1C87658-78C9-4AEF-B2CE-179C8BBD539A}\RP2\A0001043.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{B1C87658-78C9-4AEF-B2CE-179C8BBD539A}\RP2\A0001089.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bj skipped
C:\System Volume Information\_restore{B1C87658-78C9-4AEF-B2CE-179C8BBD539A}\RP4\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\pfirewall.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{B1C87658-78C9-4AEF-B2CE-179C8BBD539A}\RP1\A0000034.exe Infected: Trojan-Dropper.Win32.Agent.mu skipped

Scan process completed.
Dan53 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-06-2007, 07:31 AM   #12 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,792
OS: WinXP and Vista


Re: need some help - computer running very slow
Hi Dan,

Kapserpersky is only seeing items already quarantined by Spybot, ComboFix, and items in your System Restore. We'll clear all that now.

1. Launch Spybot S&D and select 'Recovery'. Purge all items.

2. Delete C:\Qoobox folder.

3. Create a new System Restore point
Click Start >> Run - type SYSDM.CPL & press Enter
* Select the System Restore Tab
* Tick on the checkbox - "Turn off System Restore on all drives"
Click Apply
* Then untick the same checkbox & click OK
This will flush out previous restore points and create a new restore point. Doing so will prevent reinfection from previous restore points.

-------------------------------------------------------------------

Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links:

Reset hidden/system files and folders

===============
Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Deselect the Show hidden files and folders option.
* Select the Hide file extensions for known types option.
* Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Ensure Windows Auto Update is Enabled
*Go to Start>Run - type wuaucpl.cpl
*Tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

*************************************************

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

Spyware Guard to catch and block spyware before it can execute.

IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)
  • Now navigate to C:\ie-spyad. Double click to open it.
  • From within the folder, double-click install.bat
  • Select Option #2 - Install the new IE-SPYAD list, by typing 2
  • Then return to the main menu.
  • Select option #4 - Add the old porn sites domain, by typing 4

Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-06-2007, 08:55 AM   #13 (permalink)
Registered User
 
Join Date: Jul 2007
Location: Illinois
Posts: 29
OS: XP


Re: need some help - computer running very slow
Hey thanks for all the help!

I'll finsh the rest of that when I get home this afternoon and I should be done correct? Just curious, is there anyway I can learn how to do this. Not only for my benefit but maybe help you guys out also. How long does it take to learn? I have another computer that someone brought me that wants help cleaning it up. So it's definitely a skill I could use a lot.
Dan53 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-06-2007, 09:21 AM   #14 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,792
OS: WinXP and Vista


Re: need some help - computer running very slow
Yes, you're good to go.

Regarding your other question, please see my forthcoming PM.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-06-2007, 02:33 PM   #15 (permalink)
Registered User
 
Join Date: Jul 2007
Location: Illinois
Posts: 29
OS: XP


Re: need some help - computer running very slow
Everything works perfect! Thanks so much!!!!! I'll check out those articles also. Thanks again!

Dan
Dan53 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 07:56 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85