Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Slow Computer - possible virus?

This is a discussion on Slow Computer - possible virus? within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. For the past couple days, my computer has slowed down. When I click to open an application, like the internet


Closed Thread
 
Thread Tools Search this Thread
Old 02-03-2011, 09:28 AM   #1
Registered Member
 
Join Date: Nov 2010
Posts: 64
OS: XP



For the past couple days, my computer has slowed down. When I click to open an application, like the internet or MS Word, it's about two minutes before the application opens (yes, I have timed this). So, I tried to download the DDS file, and a dialog box opened, saying "The procedure * could not be located in the DLL sfc.dll". When I pushed "OK", the dialog box kept coming up. [IMG]file:///C:/DOCUME%7E1/Parent/LOCALS%7E1/Temp/moz-screenshot.png[/IMG]Then a window appeared saying the scan wouldn't take longer than 3 minutes, but nothing happened for half an hour. Help, please!
alicerain is offline  
Sponsored Links
Advertisement
 
Old 02-06-2011, 08:53 AM   #2
Security Manager
Analyst
Rangemaster, TSF Academy
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 39,536
OS: Windows 10 Pro

My System


Hi

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.


Let's try this first

Please download Rkill from any one of these links and save it to your desktop.

Rkill.com
Rkill.scr
Rkill.pif


Now double click on Rkill to run it. If the first one doesn't work try the next one.

This will help remove certain processes and should restore any file associations and your desktop. Note: Your system is still infected as Rkill does not delete files - it merely helps to temporarily disable the infections, allowing us to start the cleansing process.


Then try this

Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.
  • Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click the exe file.
  • The program will begin to run, and perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.
  • In any case, after the initial scan is complete, click on the Save button, and save the log file somewhere you can easily find it, such as your desktop, and attach it in your reply.



If that works try running DDS again.
Glaswegian is offline  
Old 02-11-2011, 06:30 PM   #3
Registered Member
 
Join Date: Nov 2010
Posts: 64
OS: XP



OK, it has taken me so long to reply because I keep trying to do this. Every time, it looks like the file is downloading, then I get a message that says, "The procedure * could not be located in the DLL sfc.dll". And I've tried the different links, too.
alicerain is offline  
Sponsored Links
Advertisement
 
Old 02-12-2011, 07:47 AM   #4
Security Manager
Analyst
Rangemaster, TSF Academy
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 39,536
OS: Windows 10 Pro

My System


Hi

Do you have access to another computer? And perhaps a USB drive or similar? You could then download the files on the good machine and transfer to the infected machine.
Glaswegian is offline  
Old 02-16-2011, 08:47 PM   #5
Registered Member
 
Join Date: Nov 2010
Posts: 64
OS: XP



OK, I figured out what the problem was. The computer I have isn't mine, and I wasn't logged in as the administrator. Here is the DDS and Attach file. By the way, I've been getting pop-ups from internet explorer, which I think is another sign I have some sort of malware problem.

DDS:



DDS (Ver_10-12-12.02) - NTFSx86
Run by Administrator at 21:43:40.87 on Thu 02/17/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1097 [GMT -8:00]

AV: Total Protection Service *Enabled/Updated* {8C354827-2F54-4E28-90DC-AD391E77808C}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ClickPotatoLite\bin\10.0.659.0\ClickPotatoLiteSA.exe
C:\Documents and Settings\All Users\Application Data\QuestBrwSearch\questbrowse127.exe
C:\Program Files\QuestBrwSearch\questbrwsearch.exe
C:\Program Files\proXPN\bin\proxpn.exe
C:\Documents and Settings\Administrator\Desktop\Vidalia Bundle\Vidalia\vidalia.exe
C:\Documents and Settings\Administrator\Desktop\Vidalia Bundle\Tor\tor.exe
C:\Documents and Settings\Administrator\Desktop\Vidalia Bundle\Polipo\polipo.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bing.com/?pc=Z022&form=ZGAPHP
uDefault_Page_URL = hxxp://www.k12.com
mDefault_Page_URL = hxxp://www.k12.com
mStart Page = hxxp://www.k12.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: ShopperReports: {100eb1fd-d03e-47fd-81f3-ee91287f9465} - c:\program files\shopperreports3\bin\3.1.22.0\ShopperReports.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Simppull Toolbar: {627af46b-2076-42ae-a2fd-8428734d3e74} - c:\program files\simppulltoolbar\simppulldx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\managed virusscan\vscan\ScriptSn.20100929222703.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVD0.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Updater For Simppull Toolbar: {c4b8bab4-1667-11df-a242-ba9455d89593} - c:\program files\simppulltoolbar\auxi\simppulltoolbAu.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Simppull Toolbar: {627af46b-2076-42ae-a2fd-8428734d3e74} - c:\program files\simppulltoolbar\simppulldx.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVD0.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
EB: ShopperReports – Price Comparison: {a7cddcdc-beeb-4685-a062-978f5e07ceee} - c:\program files\shopperreports3\bin\3.1.22.0\ShopperReports.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Vidalia] "c:\documents and settings\administrator\desktop\vidalia bundle\vidalia\vidalia.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [McAfee Managed Services Tray] c:\program files\mcafee\managed virusscan\desktopui\XTray.Exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [MVS Splash] "c:\program files\mcafee\managed virusscan\desktopui\XTray.exe" /LOGON
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ClickPotatoLiteSA] "c:\program files\clickpotatolite\bin\10.0.659.0\ClickPotatoLiteSA.exe"
mPolicies-explorer: RestrictRun = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - {7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} - c:\program files\clickpotatolite\bin\10.0.659.0\ClickPotatoLiteSABHO.dll
IE: {C5428486-50A0-4a02-9D20-520B59A9F9B2} - {C9CCBB35-D123-4a31-AFFC-9B2933132116} - c:\program files\shopperreports3\bin\3.1.22.0\ShopperReports.dll
IE: {C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} - c:\program files\shopperreports3\bin\3.1.22.0\ShopperReports.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - c:\program files\mcafee\managed virusscan\agent\MyRmProt5.0.0.811.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-9-27 214664]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R2 EngineServer;EngineServer;c:\program files\mcafee\managed virusscan\vscan\EngineServer.exe [2010-9-27 14144]
R2 McShield;McShield;c:\progra~1\mcafee\manage~1\vscan\McShield.exe [2010-9-27 144704]
R2 QuestBrowse Service;QuestBrowse Service;c:\documents and settings\all users\application data\questbrwsearch\questbrowse127.exe [2011-2-16 49424]
R3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\mfeavfk.sys [2010-9-27 79816]
R3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\mfebopk.sys [2010-9-27 35272]
R3 ntkvpnMP;ntkvpnMP;c:\windows\system32\drivers\ntkvpn.sys [2011-2-16 28768]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-9-27 722432]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-8 136176]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2010-9-27 34248]
S3 ntkvpn;Loki VPN Service;c:\windows\system32\drivers\ntkvpn.sys [2011-2-16 28768]
S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S4 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2010-9-27 282824]

=============== Created Last 30 ================


==================== Find3M ====================


============= FINISH: 21:45:51.93 ===============



Attach:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/27/2010 10:36:39 AM
System Uptime: 2/10/2011 4:23:08 AM (185 hours ago)

Motherboard: Hewlett-Packard | | 0A64h
Processor: AMD Sempron(tm) Processor 3400+ | XU1 PROCESSOR | 1795/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 51.37 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&2B255CD7&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&2B255CD7&0
Service: i8042prt

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&2B255CD7&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&2B255CD7&0
Service: i8042prt

==== System Restore Points ===================

RP77: 11/20/2010 3:00:15 AM - Software Distribution Service 3.0
RP78: 11/21/2010 3:44:13 AM - Software Distribution Service 3.0
RP79: 11/22/2010 3:46:45 AM - System Checkpoint
RP80: 11/22/2010 8:29:30 AM - Software Distribution Service 3.0
RP81: 11/23/2010 8:29:42 AM - Software Distribution Service 3.0
RP82: 11/24/2010 8:31:48 AM - Software Distribution Service 3.0
RP83: 11/25/2010 8:31:42 AM - Software Distribution Service 3.0
RP84: 11/26/2010 8:31:49 AM - Software Distribution Service 3.0
RP85: 11/27/2010 8:31:05 AM - Software Distribution Service 3.0
RP86: 11/28/2010 2:16:30 AM - Software Distribution Service 3.0
RP87: 11/28/2010 8:31:43 AM - Software Distribution Service 3.0
RP88: 11/29/2010 1:19:45 PM - System Checkpoint
RP89: 11/29/2010 11:31:35 PM - Software Distribution Service 3.0
RP90: 11/30/2010 11:31:38 PM - Software Distribution Service 3.0
RP91: 12/1/2010 11:31:34 PM - Software Distribution Service 3.0
RP92: 12/3/2010 12:31:20 AM - System Checkpoint
RP93: 12/3/2010 9:35:29 AM - Software Distribution Service 3.0
RP94: 12/4/2010 9:35:22 AM - Software Distribution Service 3.0
RP95: 12/5/2010 1:50:41 AM - Software Distribution Service 3.0
RP96: 12/5/2010 9:35:20 AM - Software Distribution Service 3.0
RP97: 12/6/2010 9:35:23 AM - Software Distribution Service 3.0
RP98: 12/7/2010 9:35:34 AM - Software Distribution Service 3.0
RP99: 12/8/2010 9:34:47 AM - Software Distribution Service 3.0
RP100: 12/9/2010 9:35:35 AM - Software Distribution Service 3.0
RP101: 12/10/2010 9:37:57 AM - System Checkpoint
RP102: 12/10/2010 9:42:41 AM - Software Distribution Service 3.0
RP103: 12/11/2010 9:37:34 AM - Software Distribution Service 3.0
RP104: 12/12/2010 1:59:45 AM - Software Distribution Service 3.0
RP105: 12/12/2010 9:34:54 AM - Software Distribution Service 3.0
RP106: 12/13/2010 9:48:41 AM - System Checkpoint
RP107: 12/13/2010 12:52:20 PM - Software Distribution Service 3.0
RP108: 12/14/2010 3:00:15 AM - Software Distribution Service 3.0
RP109: 12/15/2010 3:00:31 AM - Software Distribution Service 3.0
RP110: 12/15/2010 3:33:30 AM - Software Distribution Service 3.0
RP111: 12/16/2010 3:28:23 AM - Software Distribution Service 3.0
RP112: 12/17/2010 418 AM - System Checkpoint
RP113: 12/17/2010 3:10:23 PM - Software Distribution Service 3.0
RP114: 12/18/2010 3:10:14 PM - Software Distribution Service 3.0
RP115: 12/19/2010 2:09:27 AM - Software Distribution Service 3.0
RP116: 12/19/2010 3:10:13 PM - Software Distribution Service 3.0
RP117: 12/20/2010 3:10:19 PM - Software Distribution Service 3.0
RP118: 12/21/2010 3:10:13 PM - Software Distribution Service 3.0
RP119: 12/22/2010 3:10:16 PM - Software Distribution Service 3.0
RP120: 12/23/2010 3:10:20 PM - Software Distribution Service 3.0
RP121: 12/24/2010 3:12:32 PM - Software Distribution Service 3.0
RP122: 12/25/2010 3:10:15 PM - Software Distribution Service 3.0
RP123: 12/26/2010 2:10:12 AM - Software Distribution Service 3.0
RP124: 12/26/2010 3:10:13 PM - Software Distribution Service 3.0
RP125: 12/27/2010 3:10:13 PM - Software Distribution Service 3.0
RP126: 12/28/2010 3:10:13 PM - Software Distribution Service 3.0
RP127: 12/29/2010 3:49:32 PM - System Checkpoint
RP128: 12/29/2010 6:53:32 PM - Software Distribution Service 3.0
RP129: 12/30/2010 6:53:07 PM - Software Distribution Service 3.0
RP130: 12/31/2010 3:00:14 AM - Software Distribution Service 3.0
RP131: 1/1/2011 3:24:32 AM - Software Distribution Service 3.0
RP132: 1/2/2011 2:17:18 AM - Software Distribution Service 3.0
RP133: 1/3/2011 2:20:25 AM - System Checkpoint
RP134: 1/3/2011 3:23:53 AM - Software Distribution Service 3.0
RP135: 1/4/2011 3:24:25 AM - Software Distribution Service 3.0
RP136: 1/5/2011 3:00:15 AM - Software Distribution Service 3.0
RP137: 1/5/2011 3:29:19 AM - Software Distribution Service 3.0
RP138: 1/6/2011 3:24:23 AM - Software Distribution Service 3.0
RP139: 1/7/2011 3:24:25 AM - Software Distribution Service 3.0
RP140: 1/8/2011 3:24:21 AM - Software Distribution Service 3.0
RP141: 1/9/2011 1:48:09 AM - Software Distribution Service 3.0
RP142: 1/10/2011 2:20:34 AM - System Checkpoint
RP143: 1/10/2011 3:24:20 AM - Software Distribution Service 3.0
RP144: 1/11/2011 3:24:25 AM - Software Distribution Service 3.0
RP145: 1/12/2011 3:00:14 AM - Software Distribution Service 3.0
RP146: 1/12/2011 3:30:49 AM - Software Distribution Service 3.0
RP147: 1/13/2011 3:25:20 AM - Software Distribution Service 3.0
RP148: 1/14/2011 3:25:24 AM - Software Distribution Service 3.0
RP149: 1/15/2011 3:25:59 AM - Software Distribution Service 3.0
RP150: 1/16/2011 2:22:35 AM - Software Distribution Service 3.0
RP151: 1/17/2011 2:28:02 AM - System Checkpoint
RP152: 1/17/2011 1:32:16 PM - Software Distribution Service 3.0
RP153: 1/18/2011 1:31:44 PM - Software Distribution Service 3.0
RP154: 1/19/2011 1:31:44 PM - Software Distribution Service 3.0
RP155: 1/20/2011 1:31:05 PM - Software Distribution Service 3.0
RP156: 1/21/2011 1:31:15 PM - Software Distribution Service 3.0
RP157: 1/22/2011 4:57:36 PM - System Checkpoint
RP158: 1/23/2011 2:03:56 AM - Software Distribution Service 3.0
RP159: 1/23/2011 1045 AM - Software Distribution Service 3.0
RP160: 1/24/2011 10:07:29 AM - Software Distribution Service 3.0
RP161: 1/25/2011 1035 AM - Software Distribution Service 3.0
RP162: 1/26/2011 1007 AM - Software Distribution Service 3.0
RP163: 1/27/2011 1040 AM - Software Distribution Service 3.0
RP164: 1/28/2011 1048 AM - Software Distribution Service 3.0
RP165: 1/29/2011 10:07:04 AM - Software Distribution Service 3.0
RP166: 1/30/2011 2:04:04 AM - Software Distribution Service 3.0
RP167: 1/30/2011 10:07:07 AM - Software Distribution Service 3.0
RP168: 1/31/2011 10:07:38 AM - Software Distribution Service 3.0
RP169: 2/1/2011 10:07:16 AM - Software Distribution Service 3.0
RP170: 2/2/2011 11:20:42 AM - Software Distribution Service 3.0
RP171: 2/3/2011 12:09:10 PM - System Checkpoint
RP172: 2/4/2011 9:14:17 AM - Software Distribution Service 3.0
RP173: 2/5/2011 9:13:00 AM - Software Distribution Service 3.0
RP174: 2/6/2011 1:35:12 AM - Software Distribution Service 3.0
RP175: 2/6/2011 9:13:46 AM - Software Distribution Service 3.0
RP176: 2/7/2011 9:13:45 AM - Software Distribution Service 3.0
RP177: 2/8/2011 9:13:51 AM - Software Distribution Service 3.0
RP178: 2/9/2011 3:00:29 AM - Software Distribution Service 3.0
RP179: 2/10/2011 3:24:09 AM - System Checkpoint
RP180: 2/10/2011 3:28:33 AM - Software Distribution Service 3.0
RP181: 2/11/2011 3:27:54 AM - Software Distribution Service 3.0
RP182: 2/12/2011 3:27:53 AM - Software Distribution Service 3.0
RP183: 2/13/2011 1:37:31 AM - Software Distribution Service 3.0
RP184: 2/14/2011 2:24:19 AM - System Checkpoint
RP185: 2/14/2011 3:29:10 AM - Software Distribution Service 3.0
RP186: 2/15/2011 3:29:09 AM - Software Distribution Service 3.0
RP187: 2/16/2011 4:27:12 AM - System Checkpoint
RP188: 2/16/2011 4:35:49 AM - Software Distribution Service 3.0
RP189: 2/16/2011 9:44:37 AM - ARO 2011 - Before Installation
RP190: 2/17/2011 2:28:16 PM - System Checkpoint

==== Installed Programs ======================


Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
AVS Audio Converter version 6.2
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
blinkx beat
Bonjour
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon MP Navigator EX 4.0
Canon MP280 series MP Drivers
Canon MP280 series User Registration
Canon My Printer
Canon Solution Menu EX
ClickPotato
Compatibility Pack for the 2007 Office system
DivX Setup
DVDVideoSoftTB Toolbar
Free iPod Video Converter 1.34
Free Studio version 4.9.13
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
iTunes
Java Auto Updater
Java DB 10.5.3.0
Java(TM) 6 Update 22
Java(TM) SE Development Kit 6 Update 22
KwiClick
Loki VPN Client version 1.7.4.119
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Security Essentials
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.6.13)
MPlayer (remove only)
Norton Security Scan
Polipo 1.0.4.1
proXPN 2.4.5
QuestBrowse 1.0 build 127
QuickTime
Realtek High Definition Audio Driver
Safari
Search Toolbar
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
ShopperReports
Simppull Toolbar (Remove Toolbar Only)
Skype Toolbars
Skype™ 5.0
Tor 0.2.1.27
TubeTillaFree
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Vidalia 0.2.10
VideoLAN VLC media player 0.8.6f
Visual C++ 8.0 x86 Runtime Setup Package
WeatherBug
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Xvid 1.2.1 final uninstall
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

2/17/2011 905 PM, error: Dhcp [1002] - The IP address lease 173.0.12.185 for the Network Card with network address 00FFEEDAADDB has been denied by the DHCP server 173.0.8.254 (The DHCP Server sent a DHCPNACK message).
2/17/2011 9:05:50 PM, error: Dhcp [1002] - The IP address lease 173.0.7.163 for the Network Card with network address 00FFEEDAADDB has been denied by the DHCP server 173.0.12.254 (The DHCP Server sent a DHCPNACK message).
2/16/2011 10:53:41 AM, error: Dhcp [1002] - The IP address lease 173.0.12.143 for the Network Card with network address 00FFEEDAADDB has been denied by the DHCP server 173.0.7.254 (The DHCP Server sent a DHCPNACK message).
2/16/2011 10:01:53 AM, error: PSched [14103] - QoS [Adapter {AA65CAC4-CCB6-4546-85FF-33550D44E62B}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
2/16/2011 10:01:50 AM, error: Service Control Manager [7034] - The Hotspot Shield Routing Service service terminated unexpectedly. It has done this 1 time(s).
2/10/2011 1:45:27 PM, error: Print [6161] - The document Microsoft Word - Aryana Jaleh.doc owned by Parent failed to print on printer Canon MP280 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 65536. Number of bytes printed: 28540. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\K12-BB9F8493EFA. Win32 error code returned by the print processor: 13 (0xd).

==== End Of File ===========================
alicerain is offline  
Old 02-17-2011, 02:29 PM   #6
Security Manager
Analyst
Rangemaster, TSF Academy
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 39,536
OS: Windows 10 Pro

My System


Hi again

No worries.

I'd like to see a Gmer log please.

Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.
  • Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click the exe file.
  • The program will begin to run, and perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.
  • In any case, after the initial scan is complete, click on the Save button, and save the log file somewhere you can easily find it, such as your desktop, and attach it in your reply.
Glaswegian is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Malware on Computer from a year ago...
A year ago, my computer got some kind of virus, so I turned it off thinking, "I'll deal with it later..." and now a year later I still haven't. It's just been sitting in a corner in my room as I've been scared to death of turning it back on. Asking for help here for my brother's computer (thanks...
Piper Resolved HJT Threads 7 02-05-2011 01:28 PM
Computer Slow After Video Card Upgrade
Hey Everyone, So I'm a game reviewer by trade, and my computer is my livliehood, but recently it hasn't been working and I've been losing money over it. Basically what happened was this. My graphics card basically died. It was an old Nvidia GeForce 8800 GT. I brought it in to a local computer...
MyLifeIsAnRPG Video Card Support 17 02-03-2011 03:33 PM
Computer running super slow
Hi...I was helped with a BSOD problem in the XP section...I finally figured out it was a driver in my external drive causing the crashes..I removed it and now the computer is stable but very slow..Opening explorer or any programs or website takes about 20 seconds..I scanned with several malware...
bomp Resolved HJT Threads 1 01-23-2011 06:11 PM
Computer freezes, extremely slow!
Hi everyone, Struggling to get my head around with whats wrong with my pc. Had it for around 4 months now and it's recently became a nightmare to use. Within the last 2 weeks it can go randomly very slow (20mins for it to boot up) programs not responding then it will just freeze. Yesterday I got...
Double54 BSOD, App Crashes And Hangs 4 01-08-2011 05:12 AM
Power Supply Information and Selection
:smile: CHOOSING AND UNDERSTANDING A POWER SUPPLY UNIT The power supply unit in today’s modern computer assumes a role probably more critical than any other single component in your system even when compared to the CPU and motherboard. Therefore, there are multiple factors that must...
Tumbleweed36 RAM and Power Supply Support 0 07-09-2006 03:41 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 01:20 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts