[jsx9910]

My PC runs really slow and I wondered if someone here might help me, so i don't have to reinstall my computer because it would take me weeks.
Before when i opened IE7 it came alot of pop ups, so that i wasn't able to surf the internet, but i reinstalled IE7 and that seems to work for now. But the computer is still loaded with malware, virus... and it goes really slow.

Deckard's System Scanner v20071014.68
Run by Kjetil on 2007-11-17 17:27:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
114: 2007-11-17 16:27:33 UTC - RP868 - Deckard's System Scanner Restore Point
113: 2007-11-17 15:53:42 UTC - RP867 - Software Distribution Service 3.0
112: 2007-11-17 11:29:49 UTC - RP866 - Software Distribution Service 3.0
111: 2007-11-17 11:29:15 UTC - RP865 - Installed Windows Internet Explorer 7.
110: 2007-11-17 11:28:52 UTC - RP864 - Installed Windows IDNMitigationAPIs.


-- First Restore Point --
1: 2007-08-22 15:17:21 UTC - RP755 - Installed Windows XP Service Pack 2.


Performed disk cleanup.



-- HijackThis (run as Kjetil.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:28:21, on 17.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Kjetil.INGELANGMYRLIA\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kjetil.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/no/nor/gen/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Seekmo Search Assistant Helper /fleok=1D8A83A5C0EC177E9DAD75760EA83FA5EF80752B94E3D6765E7E4F213AC7 - {5929CD6E-2062-44a4-B2C5-2C7E78FBAB38} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {53E0B6E8-A51D-448B-B692-40B67B285543} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunServices: [] winlog.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 7142 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 vsbus (Virtual Serial Bus Enumerator) - c:\windows\system32\drivers\vsb.sys <Not Verified; ELTIMA Software; ELTIMA Virtual Serial Bus>

S3 hamachi (Hamachi Network Interface) - c:\windows\system32\drivers\hamachi.sys <Not Verified; Applied Networking Inc.; Hamachi Virtual Network Interface Driver>
S3 NAL (Nal Service ) - c:\windows\system32\drivers\iqvw32.sys <Not Verified; Intel Corporation; Intel(R) iQVW32.SYS>
S3 vserial (ELTIMA Virtual Serial Ports Driver) - c:\windows\system32\drivers\vserial.sys <Not Verified; ELTIMA Software; ELTIMA Virtual Serial Ports>
S4 CT20XUT.DLL - c:\windows\system32\ct20xut.dll (file missing)
S4 CTEAPSFX.DLL - c:\windows\system32\cteapsfx.dll (file missing)
S4 CTEDSPFX.DLL - c:\windows\system32\ctedspfx.dll (file missing)
S4 CTEDSPIO.DLL - c:\windows\system32\ctedspio.dll (file missing)
S4 CTEDSPSY.DLL - c:\windows\system32\ctedspsy.dll (file missing)
S4 CTERFXFX.DLL - c:\windows\system32\cterfxfx.dll (file missing)
S4 CTEXFIFX.DLL - c:\windows\system32\ctexfifx.dll (file missing)
S4 CTHWIUT.DLL - c:\windows\system32\cthwiut.dll (file missing)
S4 DS1410D - c:\windows\system32\drivers\ds1410d.sys (file missing)
S4 hap17v2k (Creative P17V HAL Driver) - c:\windows\system32\drivers\hap17v2k.sys (file missing)
S4 Imagedrv - c:\windows\system32\drivers\imagedrv.sys <Not Verified; Ahead Software AG and its licensors; NERO IMAGEDRIVE>
S4 IPSECSHM (Nortel IPSECSHM Adapter) - c:\windows\system32\drivers\ipsecw2k.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
S4 Autodesk Licensing Service - "c:\program files\common files\autodesk shared\service\adskscsrv.exe" <Not Verified; Autodesk; Autodesk Licensing Service>
S4 Client IP-IPX - "c:\windows\system32\svchosts.exe" -e mc-110-12-0001377 (file missing)
S4 r_server (Remote Administrator Service) - "c:\program files\radmin\r_server.exe" /service


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\91076D9023C01
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\91076D9023C01
Service: NIC1394

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: NERO IMAGEDRIVE SCSI Controller
Device ID: ROOT\SCSIADAPTER\0000
Manufacturer: Ahead AG
Name: NERO IMAGEDRIVE SCSI Controller
PNP Device ID: ROOT\SCSIADAPTER\0000
Service: Imagedrv


-- Scheduled Tasks -------------------------------------------------------------

2007-11-17 17:27:00 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2007-11-16 20:00:00 540 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Søk på min datamaskin - mp01841.job


-- Files created between 2007-10-17 and 2007-11-17 -----------------------------

2007-11-17 12:35:32 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-17 12:30:09 0 dr-h----- C:\Documents and Settings\Kjetil.INGELANGMYRLIA\Recent
2007-11-17 12:20:58 0 d-------- C:\Program Files\Trend Micro
2007-11-17 11:49:09 66048 --a------ C:\WINDOWS\ieResetIcons.exe <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2007-11-17 11:46:57 0 d-------- C:\Documents and Settings\Kjetil.INGELANGMYRLIA\Application Data\MSNInstaller
2007-11-17 11:40:59 0 d-------- C:\Program Files\DustBuster
2007-11-13 00:51:22 0 d-------- C:\Program Files\Microsoft
2007-11-13 00:50:48 0 d-------- C:\PRParser
2007-11-10 11:05:36 0 d-------- C:\Program Files\SpywareBlaster
2007-11-10 11:00:41 0 dr-h----- C:\Documents and Settings\mp01841\Recent
2007-11-10 10:58:50 0 d-------- C:\Program Files\CCleaner
2007-11-04 18:19:27 0 d-------- C:\Program Files\IKEA HomePlanner
2007-10-28 16:40:00 0 d-------- C:\Documents and Settings\mp01841\Application Data\harddriveguard
2007-10-28 16:35:00 0 dr------- C:\Documents and Settings\All Users\Application Data\harddriveguard
2007-10-28 16:34:56 0 dr------- C:\Documents and Settings\All Users\Application Data\SalesMonitor
2007-10-28 16:34:55 0 d-------- C:\Program Files\Common Files\HardDriveGuard
2007-10-19 15:34:33 0 d-------- C:\Documents and Settings\Kjetil.INGELANGMYRLIA\Application Data\TeamViewer
2007-10-17 20:46:43 0 d-------- C:\Documents and Settings\mp01841\Citrix


-- Find3M Report ---------------------------------------------------------------

2007-11-17 13:25:34 0 d-------- C:\Program Files\Norton AntiVirus
2007-11-17 13:19:31 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-17 12:30:35 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000005-00000000-00000004-00001102-00000004-20061102}.dat
2007-11-17 12:30:35 384 --a------ C:\WINDOWS\system32\DVCState-{00000005-00000000-00000004-00001102-00000004-20061102}.dat
2007-11-17 12:30:15 1660 --a------ C:\WINDOWS\bthservsdp.dat
2007-11-17 11:45:52 0 d-------- C:\Program Files\Live Billiards
2007-11-17 11:42:21 0 d-------- C:\Program Files\QuickTime
2007-11-17 11:27:46 0 d-------- C:\Program Files\Common Files
2007-11-17 11:27:36 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-11-14 19:21:19 0 d-------- C:\Program Files\Microsoft AutoRoute
2007-11-10 10:54:37 0 d-------- C:\Program Files\FileZilla
2007-11-10 10:53:01 0 d-------- C:\Documents and Settings\Kjetil.INGELANGMYRLIA\Application Data\Adobe
2007-11-08 07:30:13 0 d-------- C:\Program Files\Google
2007-11-07 00:04:51 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-07 00:04:51 0 d-------- C:\Program Files\AK Extranet
2007-11-04 18:19:13 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-23 17:58:55 0 d-------- C:\Program Files\Web Publish
2007-10-16 19:11:00 0 d-------- C:\Program Files\TrustIn Contextual
2007-10-16 17:40:56 0 d-------- C:\Program Files\Microsoft Works
2007-10-16 17:40:46 0 d-------- C:\Program Files\MSBuild
2007-10-16 17:36:49 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-10-15 20:07:10 0 d-------- C:\Program Files\MSECache
2007-10-12 18:56:45 0 d-------- C:\Program Files\eToro
2007-10-03 21:29:06 0 d-------- C:\Program Files\Common Files\Primavera Common
2007-10-03 21:29:03 0 d-------- C:\Program Files\Primavera
2007-10-03 20:31:15 0 d-------- C:\Program Files\Common Files\Borland Shared
2007-10-03 20:29:33 0 d-------- C:\Program Files\Microsoft SQL Server
2007-09-20 16:15:23 0 d-------- C:\Program Files\eMule


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929CD6E-2062-44a4-B2C5-2C7E78FBAB38}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [22.10.2006 11:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 05:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
@=winlog.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)
"ClearRecentDocsOnExit"=01

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Pinnacle Scheduler.lnk]
backup=C:\WINDOWS\pss\Pinnacle Scheduler.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kjetil.INGELANGMYRLIA^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mats.INGELANGMYRLIA^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^mp01841^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\mp01841\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bore Cool]
C:\DOCUME~1\KJETIL~1.ING\APPLIC~1\Play01\Mpeg Aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
"C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 942]
"C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellMCM]
"C:\Program Files\Dell Photo AIO Printer 942\memcard.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
L:\Files\PCRepairSystem\Eraser\Eraser.exe -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hldrrr]
C:\WINDOWS\system32\hldrrr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTAVApp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVUSB2Remote]
C:\Program Files\Pinnacle\PCTV USB2\Remote\Remoterm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TacticalOpsSetup.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
"C:\Program Files\Unlocker\UnlockerAssistant.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SCardSvr"=2 (0x2)
"RemoteRegistry"=2 (0x2)
"Fax"=2 (0x2)
"r_server"=2 (0x2)
"IDriverT"=3 (0x3)
"Client IP-IPX"=2 (0x2)
"Autodesk Licensing Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\O]
AutoRun\command- O:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Q]
AutoRun\command- Q:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe




-- End of Deckard's System Scanner: finished at 2007-11-17 17:28:40 ------------

 

[LonnyRJ]

Re: Slow PC full of malware - WhenU.SaveNow, TustCleaner...

Welcome jsx9910

Open a command prompt (start run type cmd press enter) type
sc delete "Client IP-IPX"
press enter, type exit and press enter to exit the command prompt
did you see a success message ?


Start Hijackthis Scan and place a check next to these items If there.
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {53E0B6E8-A51D-448B-B692-40B67B285543} - (no file)
O4 - HKLM\..\RunServices: [] winlog.exe


====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post a Kaspersky Lab - Free Online scan report:
http://www.kaspersky.com/virusscanner
Click scan settings and place a check next to use [x]extended database etc etc. Click ok.
Then choose: my computer: scan all your hard drives and mapped disks.
when finished click save as text and post that in your reply.

 

[jsx9910]

Re: Slow PC full of malware - WhenU.SaveNow, TustCleaner...

I guess it was successful when I saw this message:

[SC] DeleteService SUCCESS


Here is the Kaspersky Lab log:


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, November 24, 2007 7:52:33 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 24/11/2007
Kaspersky Anti-Virus database records: 464861
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
F:\
G:\
H:\
I:\
J:\
L:\

Scan Statistics:
Total number of scanned objects: 312840
Number of viruses found: 23
Number of infected objects: 98
Number of suspicious objects: 0
Duration of the scan process: 08:43:20

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\20071117172659\backup\WINDOWS\temp\hsperfdata_SYSTEM\1344 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\511a0f3f9e960fa97de3d0b74adfc574_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\abeeb648a332a2ec9b52bc8803e7aaaf_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Kjetil.INGELANGMYRLIA\Application Data\Mozilla\Firefox\Profiles\z4w66wg5.Extra\cert8.db Object is locked skipped
C:\Documents and Settings\Kjetil.INGELANGMYRLIA\Application Data\Mozilla\Firefox\Profiles\z4w66wg5.Extra\history.dat Object is locked skipped
C:\Documents and Settings\Kjetil.INGELANGMYRLIA\Application Data\Mozilla\Firefox\Profiles\z4w66wg5.Extra\key3.db Object is locked skipped
C:\Documents and Settings\Kjetil.INGELANGMYRLIA\Application Data\Mozilla\Firefox\Profiles\z4w66wg5.Extra\parent.lock Object is locked skipped
C:\Documents and Settings\Kjetil.INGELANGMYRLIA\Application Data\Mozilla\Firefox\Profiles\z4w66wg5.Extra\search.sqlite Object is locked skipped
C:\Documents and Settings\Kjetil.INGELANGMYRLIA\Application Data\Mozilla\Firefox\Profiles\z4w66wg5.Extra\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Kjetil.INGELANGMYRLIA\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Kjetil.INGELANGMYRLIA\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Kjetil.INGELANGMYRLIA\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Kjetil.INGELANGMYRLIA\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4w66wg5.Extra\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Kjetil.INGELANGMYRLIA\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4w66wg5.Extra\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Kjetil.INGELANGMYRLIA\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4w66wg5.Extra\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Kjetil.INGELANGMYRLIA\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4w66wg5.Extra\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Kjetil.INGELANGMYRLIA\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kjetil.INGELANGMYRLIA\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Kjetil.INGELANGMYRLIA\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kjetil.INGELANGMYRLIA\ntuser.dat Object is locked skipped
C:\Documents and Settings\Kjetil.INGELANGMYRLIA\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Mats.INGELANGMYRLIA\Local Settings\Temp\install.exe Infected: Trojan-Downloader.Win32.Small.gkk skipped
C:\Documents and Settings\mp01841\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped
C:\Documents and Settings\mp01841\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Radmin\AdmDll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
C:\Program Files\Radmin\raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
C:\Program Files\Radmin\radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
C:\Program Files\Radmin\r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
C:\RECYCLER\S-1-5-21-625037155-4162058062-839239244-1007\Dc5.exe/WISE0024.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\RECYCLER\S-1-5-21-625037155-4162058062-839239244-1007\Dc5.exe WiseSFX: infected - 1 skipped
C:\RECYCLER\S-1-5-21-625037155-4162058062-839239244-1007\Dc5.exe WiseSFX Dropper: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2\change.log Object is locked skipped
C:\temp\Perflib_Perfdata_5c8.dat Object is locked skipped
C:\temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\pfirewall.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{77424D1D-9A4E-4C21-9738-B3CB36E102D9}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\download\APP\Adobe\CS2+++\Adobe Acrobat Reader 7 Crack.rar/Adobe Acrobat Reader 7.0 Crack.exe/data0002 Infected: not-a-virus:AdWare.Win32.Beginto.a skipped
D:\download\APP\Adobe\CS2+++\Adobe Acrobat Reader 7 Crack.rar/Adobe Acrobat Reader 7.0 Crack.exe/data0003 Infected: not-a-virus:AdWare.Win32.Beginto.a skipped
D:\download\APP\Adobe\CS2+++\Adobe Acrobat Reader 7 Crack.rar/Adobe Acrobat Reader 7.0 Crack.exe Infected: not-a-virus:AdWare.Win32.Beginto.a skipped
D:\download\APP\Adobe\CS2+++\Adobe Acrobat Reader 7 Crack.rar RAR: infected - 3 skipped
D:\download\APP\Kjetil's PC\CobianBackup\C 2007-04-24 20;39;28\Program Files\UltraVNC\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
D:\download\APP\Kjetil's PC\CobianBackup\C 2007-04-24 20;39;28\Program Files\UltraVNC\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped
D:\download\APP\Kjetil's PC\CobianBackup\C 2007-04-24 20;39;28\Program Files\UltraVNC\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
D:\download\APP\Kjetil's PC\CobianBackup\D 2007-04-25 08;17;18\Firefox\Stuff\PCRepairSystem\ProduKey\ProduKey.exe Infected: not-a-virusSWTool.Win32.Dialupass.o skipped
D:\download\APP\Kjetil's PC\CobianBackup\D 2007-04-25 08;17;18\Firefox\Stuff\PCRepairSystem.zip/ProduKey/ProduKey.exe Infected: not-a-virusSWTool.Win32.Dialupass.o skipped
D:\download\APP\Kjetil's PC\CobianBackup\D 2007-04-25 08;17;18\Firefox\Stuff\PCRepairSystem.zip ZIP: infected - 1 skipped
D:\download\APP\Kjetil's PC\CobianBackup\D 2007-04-25 08;17;18\Firefox\Stuff\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
D:\download\APP\Kjetil's PC\CobianBackup\D 2007-04-25 08;17;18\Math\Files\PCRepairSystem\ProduKey\ProduKey.exe Infected: not-a-virusSWTool.Win32.Dialupass.o skipped
D:\download\APP\Kjetil's PC\CobianBackup\D 2007-04-25 08;17;18\My Downloads\01 Track 1 (highschool).wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
D:\download\APP\Kjetil's PC\CobianBackup\D 2007-04-25 08;17;18\My Downloads\02 Track 2 (highschool).wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
D:\download\APP\Kjetil's PC\CobianBackup\D 2007-04-25 08;17;18\My Downloads\06 Track 6 (highschool).wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
D:\download\APP\Kjetil's PC\CobianBackup\D 2007-04-25 08;17;18\My Downloads\07 Track 7 (highschool).wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
D:\download\APP\Kjetil's PC\USB 8128\Files\PCRepairSystem\ProduKey\ProduKey.exe Infected: not-a-virusSWTool.Win32.Dialupass.o skipped
D:\download\APP\Programming\Visual Basic\cd1\SAMPLES\VC98\SDK\SDKTOOLS\SPY\DLL\HOOK.DLL Infected: not-a-virus:Monitor.Win32.KeyLogger.30 skipped
D:\download\APP\Programming\Visual Basic\Microsoft.Visual.Studio6.0.MSDN.Library MSDN60CHSCD1.iso/SAMPLES/VC98/SDK/SDKTOOLS/SPY/DLL/HOOK.DLL Infected: not-a-virus:Monitor.Win32.KeyLogger.30 skipped
D:\download\APP\Programming\Visual Basic\Microsoft.Visual.Studio6.0.MSDN.Library MSDN60CHSCD1.iso ISO image: infected - 1 skipped
D:\download\APP\Tools\all the greatest p2p progs in 1! (including kazaa gold, imesh, dc++, shareaza, emule and much more!)\Overnet 0.50.1 + Upload-Banner Crack (no spyware).zip/Overnet 0.50.1 + Upload-Banner Crack/overnet0.50.1.exe/data0004/fatovernet.exe Infected: not-a-virus:Server-Proxy.Win32.Overnet skipped
D:\download\APP\Tools\all the greatest p2p progs in 1! (including kazaa gold, imesh, dc++, shareaza, emule and much more!)\Overnet 0.50.1 + Upload-Banner Crack (no spyware).zip/Overnet 0.50.1 + Upload-Banner Crack/overnet0.50.1.exe/data0004 Infected: not-a-virus:Server-Proxy.Win32.Overnet skipped
D:\download\APP\Tools\all the greatest p2p progs in 1! (including kazaa gold, imesh, dc++, shareaza, emule and much more!)\Overnet 0.50.1 + Upload-Banner Crack (no spyware).zip/Overnet 0.50.1 + Upload-Banner Crack/overnet0.50.1.exe/data0014/UCMIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
D:\download\APP\Tools\all the greatest p2p progs in 1! (including kazaa gold, imesh, dc++, shareaza, emule and much more!)\Overnet 0.50.1 + Upload-Banner Crack (no spyware).zip/Overnet 0.50.1 + Upload-Banner Crack/overnet0.50.1.exe/data0014/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
D:\download\APP\Tools\all the greatest p2p progs in 1! (including kazaa gold, imesh, dc++, shareaza, emule and much more!)\Overnet 0.50.1 + Upload-Banner Crack (no spyware).zip/Overnet 0.50.1 + Upload-Banner Crack/overnet0.50.1.exe/data0014 Infected: not-a-virus:AdWare.Win32.Ucmore skipped
D:\download\APP\Tools\all the greatest p2p progs in 1! (including kazaa gold, imesh, dc++, shareaza, emule and much more!)\Overnet 0.50.1 + Upload-Banner Crack (no spyware).zip/Overnet 0.50.1 + Upload-Banner Crack/overnet0.50.1.exe Infected: not-a-virus:AdWare.Win32.Ucmore skipped
D:\download\APP\Tools\all the greatest p2p progs in 1! (including kazaa gold, imesh, dc++, shareaza, emule and much more!)\Overnet 0.50.1 + Upload-Banner Crack (no spyware).zip ZIP: infected - 6 skipped
D:\download\APP\Tools\all the greatest p2p progs in 1! (including kazaa gold, imesh, dc++, shareaza, emule and much more!).zip/Overnet 0.50.1 + Upload-Banner Crack (no spyware).zip/Overnet 0.50.1 + Upload-Banner Crack/overnet0.50.1.exe/data0004/fatovernet.exe Infected: not-a-virus:Server-Proxy.Win32.Overnet skipped
D:\download\APP\Tools\all the greatest p2p progs in 1! (including kazaa gold, imesh, dc++, shareaza, emule and much more!).zip/Overnet 0.50.1 + Upload-Banner Crack (no spyware).zip/Overnet 0.50.1 + Upload-Banner Crack/overnet0.50.1.exe/data0004 Infected: not-a-virus:Server-Proxy.Win32.Overnet skipped
D:\download\APP\Tools\all the greatest p2p progs in 1! (including kazaa gold, imesh, dc++, shareaza, emule and much more!).zip/Overnet 0.50.1 + Upload-Banner Crack (no spyware).zip/Overnet 0.50.1 + Upload-Banner Crack/overnet0.50.1.exe/data0014/UCMIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
D:\download\APP\Tools\all the greatest p2p progs in 1! (including kazaa gold, imesh, dc++, shareaza, emule and much more!).zip/Overnet 0.50.1 + Upload-Banner Crack (no spyware).zip/Overnet 0.50.1 + Upload-Banner Crack/overnet0.50.1.exe/data0014/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
D:\download\APP\Tools\all the greatest p2p progs in 1! (including kazaa gold, imesh, dc++, shareaza, emule and much more!).zip/Overnet 0.50.1 + Upload-Banner Crack (no spyware).zip/Overnet 0.50.1 + Upload-Banner Crack/overnet0.50.1.exe/data0014 Infected: not-a-virus:AdWare.Win32.Ucmore skipped
D:\download\APP\Tools\all the greatest p2p progs in 1! (including kazaa gold, imesh, dc++, shareaza, emule and much more!).zip/Overnet 0.50.1 + Upload-Banner Crack (no spyware).zip/Overnet 0.50.1 + Upload-Banner Crack/overnet0.50.1.exe Infected: not-a-virus:AdWare.Win32.Ucmore skipped
D:\download\APP\Tools\all the greatest p2p progs in 1! (including kazaa gold, imesh, dc++, shareaza, emule and much more!).zip/Overnet 0.50.1 + Upload-Banner Crack (no spyware).zip Infected: not-a-virus:AdWare.Win32.Ucmore skipped
D:\download\APP\Tools\all the greatest p2p progs in 1! (including kazaa gold, imesh, dc++, shareaza, emule and much more!).zip ZIP: infected - 7 skipped
D:\download\APP\Tools\computer\windows-System Internals - Win32 Api Sdk - M Russinovich.zip/System Internals - Mark Russinovich/pskill.zip/PSKILL.EXE Infected: not-a-virus:NetTool.Win32.PsKill.a skipped
D:\download\APP\Tools\computer\windows-System Internals - Win32 Api Sdk - M Russinovich.zip/System Internals - Mark Russinovich/pskill.zip Infected: not-a-virus:NetTool.Win32.PsKill.a skipped
D:\download\APP\Tools\computer\windows-System Internals - Win32 Api Sdk - M Russinovich.zip/System Internals - Mark Russinovich/Pstools.zip/pskill.exe Infected: not-a-virus:NetTool.Win32.PsKill.a skipped
D:\download\APP\Tools\computer\windows-System Internals - Win32 Api Sdk - M Russinovich.zip/System Internals - Mark Russinovich/Pstools.zip Infected: not-a-virus:NetTool.Win32.PsKill.a skipped
D:\download\APP\Tools\computer\windows-System Internals - Win32 Api Sdk - M Russinovich.zip ZIP: infected - 4 skipped
D:\download\APP\Tools\Download_sw\all the greatest p2p progs in 1! (including kazaa gold, imesh, dc++, shareaza, emule and much more!)\BSINSTALL.exe/WISE0024.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
D:\download\APP\Tools\Download_sw\all the greatest p2p progs in 1! (including kazaa gold, imesh, dc++, shareaza, emule and much more!)\BSINSTALL.exe WiseSFX: infected - 1 skipped
D:\download\APP\Tools\Download_sw\all the greatest p2p progs in 1! (including kazaa gold, imesh, dc++, shareaza, emule and much more!)\BSINSTALL.exe WiseSFX Dropper: infected - 1 skipped
D:\download\APP\Tools\Download_sw\all the greatest p2p progs in 1! (including kazaa gold, imesh, dc++, shareaza, emule and much more!)\Overnet 0.50.1 + Upload-Banner Crack (no spyware).zip/Overnet 0.50.1 + Upload-Banner Crack/overnet0.50.1.exe/data0004/fatovernet.exe Infected: not-a-virus:Server-Proxy.Win32.Overnet skipped
D:\download\APP\Tools\Download_sw\all the greatest p2p progs in 1! (including kazaa gold, imesh, dc++, shareaza, emule and much more!)\Overnet 0.50.1 + Upload-Banner Crack (no spyware).zip/Overnet 0.50.1 + Upload-Banner Crack/overnet0.50.1.exe/data0004 Infected: not-a-virus:Server-Proxy.Win32.Overnet skipped
D:\download\APP\Tools\Download_sw\all the greatest p2p progs in 1! (including kazaa gold, imesh, dc++, shareaza, emule and much more!)\Overnet 0.50.1 + Upload-Banner Crack (no spyware).zip/Overnet 0.50.1 + Upload-Banner Crack/overnet0.50.1.exe/data0014/UCMIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
D:\download\APP\Tools\Download_sw\all the greatest p2p progs in 1! (including kazaa gold, imesh, dc++, shareaza, emule and much more!)\Overnet 0.50.1 + Upload-Banner Crack (no spyware).zip/Overnet 0.50.1 + Upload-Banner Crack/overnet0.50.1.exe/data0014/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
D:\download\APP\Tools\Download_sw\all the greatest p2p progs in 1! (including kazaa gold, imesh, dc++, shareaza, emule and much more!)\Overnet 0.50.1 + Upload-Banner Crack (no spyware).zip/Overnet 0.50.1 + Upload-Banner Crack/overnet0.50.1.exe/data0014 Infected: not-a-virus:AdWare.Win32.Ucmore skipped
D:\download\APP\Tools\Download_sw\all the greatest p2p progs in 1! (including kazaa gold, imesh, dc++, shareaza, emule and much more!)\Overnet 0.50.1 + Upload-Banner Crack (no spyware).zip/Overnet 0.50.1 + Upload-Banner Crack/overnet0.50.1.exe Infected: not-a-virus:AdWare.Win32.Ucmore skipped
D:\download\APP\Tools\Download_sw\all the greatest p2p progs in 1! (including kazaa gold, imesh, dc++, shareaza, emule and much more!)\Overnet 0.50.1 + Upload-Banner Crack (no spyware).zip ZIP: infected - 6 skipped
D:\download\APP\Tools\Office\Password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook) it works\AdvPassw\Advanced Rar Password Recovery v1.11\DISTINCT\setup.exe/WISE0039.BIN Infected: not-a-virusSWTool.Win32.OEPass.b skipped
D:\download\APP\Tools\Office\Password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook) it works\AdvPassw\Advanced Rar Password Recovery v1.11\DISTINCT\setup.exe WiseSFX: infected - 1 skipped
D:\download\APP\Tools\Office\Password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook) it works\AdvPassw\Advanced Rar Password Recovery v1.11\DISTINCT.RAR/setup.exe/WISE0039.BIN Infected: not-a-virusSWTool.Win32.OEPass.b skipped
D:\download\APP\Tools\Office\Password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook) it works\AdvPassw\Advanced Rar Password Recovery v1.11\DISTINCT.RAR/setup.exe Infected: not-a-virusSWTool.Win32.OEPass.b skipped
D:\download\APP\Tools\Office\Password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook) it works\AdvPassw\Advanced Rar Password Recovery v1.11\DISTINCT.RAR RAR: infected - 2 skipped
D:\download\APP\Tools\Office\Password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook) it works\Office Cracking Tools (ZIP, Office2000, PDF etc password recovery).rar/Office Cracking Tools/Advanced RAR Password Recovery 1.11/setup.exe/WISE0039.BIN Infected: not-a-virusSWTool.Win32.OEPass.b skipped
D:\download\APP\Tools\Office\Password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook) it works\Office Cracking Tools (ZIP, Office2000, PDF etc password recovery).rar/Office Cracking Tools/Advanced RAR Password Recovery 1.11/setup.exe Infected: not-a-virusSWTool.Win32.OEPass.b skipped
D:\download\APP\Tools\Office\Password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook) it works\Office Cracking Tools (ZIP, Office2000, PDF etc password recovery).rar/Office Cracking Tools/Advanced ZIP Password Recovery 3.53/Crack/LOADER.EXE Infected: HackTool.Win32.Fumn skipped
D:\download\APP\Tools\Office\Password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook) it works\Office Cracking Tools (ZIP, Office2000, PDF etc password recovery).rar/Office Cracking Tools/Advanced ZIP Password Recovery 3.53/Crack/loader2.exe Infected: HackTool.Win32.Fumn skipped
D:\download\APP\Tools\Office\Password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook) it works\Office Cracking Tools (ZIP, Office2000, PDF etc password recovery).rar RAR: infected - 4 skipped
D:\download\APP\Tools\Office\Password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook) it works.rar/AdvPassw/Advanced Rar Password Recovery v1.11/DISTINCT.RAR/setup.exe/WISE0039.BIN Infected: not-a-virusSWTool.Win32.OEPass.b skipped
D:\download\APP\Tools\Office\Password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook) it works.rar/AdvPassw/Advanced Rar Password Recovery v1.11/DISTINCT.RAR/setup.exe Infected: not-a-virusSWTool.Win32.OEPass.b skipped
D:\download\APP\Tools\Office\Password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook) it works.rar/AdvPassw/Advanced Rar Password Recovery v1.11/DISTINCT.RAR Infected: not-a-virusSWTool.Win32.OEPass.b skipped
D:\download\APP\Tools\Office\Password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook) it works.rar/Office Cracking Tools (ZIP, Office2000, PDF etc password recovery).rar/Office Cracking Tools/Advanced RAR Password Recovery 1.11/setup.exe/WISE0039.BIN Infected: not-a-virusSWTool.Win32.OEPass.b skipped
D:\download\APP\Tools\Office\Password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook) it works.rar/Office Cracking Tools (ZIP, Office2000, PDF etc password recovery).rar/Office Cracking Tools/Advanced RAR Password Recovery 1.11/setup.exe Infected: not-a-virusSWTool.Win32.OEPass.b skipped
D:\download\APP\Tools\Office\Password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook) it works.rar/Office Cracking Tools (ZIP, Office2000, PDF etc password recovery).rar/Office Cracking Tools/Advanced ZIP Password Recovery 3.53/Crack/LOADER.EXE Infected: HackTool.Win32.Fumn skipped
D:\download\APP\Tools\Office\Password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook) it works.rar/Office Cracking Tools (ZIP, Office2000, PDF etc password recovery).rar/Office Cracking Tools/Advanced ZIP Password Recovery 3.53/Crack/loader2.exe Infected: HackTool.Win32.Fumn skipped
D:\download\APP\Tools\Office\Password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook) it works.rar/Office Cracking Tools (ZIP, Office2000, PDF etc password recovery).rar Infected: HackTool.Win32.Fumn skipped
D:\download\APP\Tools\Office\Password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook) it works.rar RAR: infected - 8 skipped
D:\download\emule\Ms Press Microsoft Windows Scripting With Wmi Self-Paced Learning Guide Sub100-Sag\View yamaha v max manual with the ultimate player.zip/3wPlayer-1.0.0.3-setup-0312.exe/file8 Infected: Trojan.Win32.Obfuscated.en skipped
D:\download\emule\Ms Press Microsoft Windows Scripting With Wmi Self-Paced Learning Guide Sub100-Sag\View yamaha v max manual with the ultimate player.zip/3wPlayer-1.0.0.3-setup-0312.exe Infected: Trojan.Win32.Obfuscated.en skipped
D:\download\emule\Ms Press Microsoft Windows Scripting With Wmi Self-Paced Learning Guide Sub100-Sag\View yamaha v max manual with the ultimate player.zip ZIP: infected - 2 skipped
D:\download\LimeWire\01 Track 1.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
D:\download\LimeWire\02 Track 2.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
D:\download\LimeWire\03 Track 3.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
D:\download\LimeWire\06 Track 6.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
D:\download\LimeWire\07 Track 7.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
D:\download\LimeWire\funny videos the simpsons funn.wm Infected: Trojan-Downloader.WMA.Wimad.m skipped
D:\download\LimeWire\Rare Recording.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
D:\download\LimeWire\Top of Charts - 2003.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
D:\download\LimeWire\Top of Charts - 2004.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
D:\download\Simulator\Sailing Simulator-4-2I\Sail Simulator 4.2.ISO/Crack/RunCrack.exe Infected: Trojan-Dropper.Win32.Small.as skipped
D:\download\Simulator\Sailing Simulator-4-2I\Sail Simulator 4.2.ISO ISO image: infected - 1 skipped
D:\Mine Dokumenter\Inge\temp\Radmin21_L\Local\Program Files\Radmin\AdmDll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
D:\Mine Dokumenter\Inge\temp\Radmin21_L\Local\Windows\System32\admdll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
D:\Mine Dokumenter\Inge\temp\Radmin21_L\Local\Windows\System32\raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
D:\Mine Dokumenter\Inge\temp\Radmin21_L\Local\Windows\System32\r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
D:\Mine Dokumenter\Inge\temp\tightvnc-1.2.9-setup.exe/data0002 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped
D:\Mine Dokumenter\Inge\temp\tightvnc-1.2.9-setup.exe/data0003 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
D:\Mine Dokumenter\Inge\temp\tightvnc-1.2.9-setup.exe Inno: infected - 2 skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.



Thanks for helping me out with this problem... ray:

 

[LonnyRJ]

Re: Slow PC full of malware - WhenU.SaveNow, TustCleaner...

Hows the PC running ?

Im suprised it is even booting with all the P2p programs and download's to be honest

Manualy delete these
D:\download\APP\Adobe\CS2+++\Adobe Acrobat Reader 7 Crack.rar
D:\download\APP\Kjetil's PC\CobianBackup\D 2007-04-25 08;17;18\My Downloads\01 Track 1 (highschool).wma
D:\download\APP\Kjetil's PC\CobianBackup\D 2007-04-25 08;17;18\My Downloads\02 Track 2 (highschool).wma
D:\download\APP\Kjetil's PC\CobianBackup\D 2007-04-25 08;17;18\My Downloads\06 Track 6 (highschool).wma
D:\download\APP\Kjetil's PC\CobianBackup\D 2007-04-25 08;17;18\My Downloads\07 Track 7 (highschool).wma
D:\download\APP\Tools\all the greatest p2p progs in 1! (including kazaa gold, imesh, dc++, shareaza, emule and much more!)\Overnet 0.50.1 + Upload-Banner Crack (no spyware).zip
D:\download\APP\Tools\Download_sw\all the greatest p2p progs in 1! (including kazaa gold, imesh, dc++, shareaza, emule and much more!)\Overnet 0.50.1 + Upload-Banner Crack (no spyware).zip
D:\download\emule\Ms Press Microsoft Windows Scripting With Wmi Self-Paced Learning Guide Sub100-Sag\View yamaha v max manual with the ultimate player.zip
D:\download\Simulator\Sailing Simulator-4-2I\Sail Simulator 4.2.ISO

 

[jsx9910]

Re: Slow PC full of malware - WhenU.SaveNow, TustCleaner...

They're all deleted. What now? Thanks for replying so fast..

 

[LonnyRJ]

Re: Slow PC full of malware - WhenU.SaveNow, TustCleaner...

Any questions or current problems ?

Tempor your use of p2p or be prepaired to format and install windows
constantly.

 

[jsx9910]

Re: Slow PC full of malware - WhenU.SaveNow, TustCleaner...

Thanks for the help. It seems like everything is working properly now...

 

[LonnyRJ]

Great

Think Prevention: Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Repeat that proccess about once or twice a month


To help avoid reinfection see "So how did I get infected in the first place?"
http://castlecops.com/postlite7736-.html


http://www.techsupportforum.com/f174/pc-safety-and-security-what-do-i-need-115548.html

 

[LonnyRJ]

I forgot one detail

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

Download and run SafeBootKeyRepair
http://www.techsupportforum.com/sectools/sUBs/SafeBootKeyRepair.exe