Solve : computer runs slow at times!!?

1.	Solve : computer runs slow at times!!?
Answer» My computer runs slow at times. Please check my log. thanks Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:37:14 PM, on 5/9/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage VALIDATION Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264617489750 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O20 - AppInit_DLLs: ,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe O23 - Service: Java Quick STARTER (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 5569 bytes Sorry for the delay, we are busy here on the boards. If you are still having issues, please do the following: Please download Malwarebytes Anti-Malware from here. Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, SELECT "Perform Full Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note) Please save the log to a location you will remember. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy and paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.Thank you for the reply. My computer lags sometimes while working I was suspecting it to be infected though Malware results are clean. Malwarebytes log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4085 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 5/10/2010 3:05:05 PM mbam-log-2010-05-10 (15-05-05).txt Scan type: Full scan (A:\\|C:\\|D:\\|E:\\|F:\\|G:\\|) Objects scanned: 138091 Time elapsed: 48 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Please visit this webpage for a tutorial on downloading and running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix See the area: Using ComboFix, and when done, post the log back here.Thank you. Here is my Combofix log file: ComboFix 10-05-10.02 - Administrator 05/11/2010 9:12.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.631.400 [GMT 5.5:30] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: Kaspersky Anti-Virus On-access scanning disabled (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator\Application Data\ezpinst.log c:\windows\system32\VB6KO.DLL c:\windows\YAHELITE.INI . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SSHNAS ((((((((((((((((((((((((( Files Created from 2010-04-11 to 2010-05-11 ))))))))))))))))))))))))))))))) . 2010-05-10 08:36 . 2010-04-29 10:0938224----a-w-c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-10 08:36 . 2010-04-29 10:0920952----a-w-c:\windows\system32\drivers\mbam.sys 2010-05-06 10:30 . 2010-05-06 10:30115004----a-w-c:\documents and settings\Administrator\Application Data\OpenCandy\WeFiSetup_5_142_513Wrapped.exe 2010-05-06 10:30 . 2010-05-06 10:30--------d-----w-c:\documents and settings\Administrator\Application Data\OpenCandy 2010-05-06 04:36 . 2010-05-06 04:3633824----a-w-c:\windows\system32\drivers\oreans32.sys 2010-05-06 02:45 . 2010-05-06 02:46--------d-----w-c:\documents and settings\Administrator\Application Data\GetRightToGo 2010-04-18 02:47 . 2010-04-18 02:47--------d--h--w-c:\windows\PIF 2010-04-17 14:46 . 2010-04-17 14:46--------d-----w-c:\windows\Sun 2010-04-17 14:46 . 2010-04-17 14:46--------d-----w-c:\program files\Common Files\Java 2010-04-17 14:45 . 2010-04-17 14:44411368----a-w-c:\windows\system32\deployJava1.dll 2010-04-17 14:44 . 2010-04-17 14:44--------d-----w-c:\program files\Java 2010-04-17 13:07 . 1998-07-21 18:30102912----a-w-c:\windows\system32\Vb6stkit.dll 2010-04-17 13:05 . 2010-04-17 13:06--------d-----w-c:\documents and settings\Administrator\Application Data\CyberLink 2010-04-17 13:04 . 2010-04-17 13:05--------d-----w-c:\documents and settings\All Users\Application Data\CyberLink 2010-04-17 12:59 . 2007-01-08 16:4727168------w-c:\windows\system32\msxml3a.dll 2010-04-17 12:56 . 2007-01-08 16:47502816------w-c:\windows\system32\msvcp71.dll 2010-04-17 12:56 . 2007-01-08 16:47351264------w-c:\windows\system32\msvcr71.dll 2010-04-17 12:55 . 2010-04-17 12:55--------d-----w-c:\program files\CyberLink 2010-04-17 11:50 . 2010-04-17 11:50--------d-----w-c:\documents and settings\Administrator\Application Data\dvdcss 2010-04-11 16:17 . 2010-04-11 16:1780400----a-w-c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll 2010-04-11 16:17 . 2010-04-11 16:1780400----a-w-c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll 2010-04-11 15:27 . 2010-05-06 02:23113933----a-w-c:\windows\system32\drivers\klin.dat 2010-04-11 15:27 . 2010-05-06 02:2397549----a-w-c:\windows\system32\drivers\klick.dat 2010-04-11 15:24 . 2010-05-11 03:06--------d-----w-c:\documents and settings\All Users\Application Data\Kaspersky Lab 2010-04-11 15:24 . 2010-04-11 15:24--------d-----w-c:\program files\Kaspersky Lab 2010-04-11 15:12 . 2010-04-11 15:12--------d-----w-c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-11 03:53 . 2010-02-12 14:15--------d-----w-c:\documents and settings\Administrator\Application Data\DMCache 2010-05-10 09:30 . 2010-03-06 07:36--------d-----w-c:\documents and settings\Administrator\Application Data\vlc 2010-05-10 08:37 . 2010-01-28 17:08--------d-----w-c:\documents and settings\Administrator\Application Data\uTorrent 2010-04-17 13:14 . 2010-01-30 08:20--------d-----w-c:\documents and settings\Administrator\Application Data\Vso 2010-04-11 15:18 . 2010-01-26 15:30--------d-----w-c:\program files\COMODO 2010-04-01 09:14 . 2010-04-01 09:14503808----a-w-c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e39d902-n\msvcp71.dll 2010-04-01 09:14 . 2010-04-01 09:14499712----a-w-c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e39d902-n\jmc.dll 2010-04-01 09:14 . 2010-04-01 09:14348160----a-w-c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e39d902-n\msvcr71.dll 2010-04-01 09:13 . 2010-04-01 09:1361440----a-w-c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-735418e4-n\decora-sse.dll 2010-04-01 09:13 . 2010-04-01 09:1312800----a-w-c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-735418e4-n\decora-d3d.dll 2010-03-13 13:44 . 2010-02-12 14:15--------d-----w-c:\documents and settings\Administrator\Application Data\IDM 2010-03-13 12:59 . 2010-02-12 14:14--------d-----w-c:\program files\Internet Download Manager 2010-03-13 02:04 . 2010-03-13 01:583153784----a-w-c:\documents and settings\Administrator\Application Data\IDM\idmupdt.exe 2010-03-10 06:15 . 2004-09-01 00:00420352----a-w-c:\windows\system32\vbscript.dll 2010-02-25 06:24 . 2004-09-01 00:00916480----a-w-c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2004-09-01 00:00455680----a-w-c:\windows\system32\drivers\mrxsmb.sys 2010-02-17 03:40 . 2004-09-01 00:002189952----a-w-c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25 . 2004-08-03 22:592066816----a-w-c:\windows\system32\ntkrnlpa.exe 2010-02-13 17:25 . 2010-01-26 16:0969232----a-w-c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-12 14:15 . 2010-02-12 14:15198064----a-w-c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll 2010-02-12 04:33 . 2004-09-01 00:00100864----a-w-c:\windows\system32\6to4svc.dll 2010-02-12 02:11 . 2010-02-06 09:0056816----a-w-c:\windows\system32\drivers\avgntflt.sys 2010-02-11 12:02 . 2004-09-01 00:00226880----a-w-c:\windows\system32\drivers\tcpip6.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-11-11 3171760] "Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-28 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-02-21 28675] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2002-04-24 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2002-04-24 106496] "SoundMan"="SOUNDMAN.EXE" [2002-03-21 46592] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-20 340456] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Documents and Settings\\Administrator\\My Documents\\utorrent.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 klbg;Kaspersky Lab Boot Guard DRIVER;c:\windows\system32\drivers\klbg.sys [10/14/2009 8:18 PM 36880] R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [5/6/2010 10:06 AM 33824] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 1:42 PM 32272] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 6:39 PM 19472] S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?] . Contents of the 'Scheduled Tasks' folder 2010-05-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1060284298-725345543-500Core.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-28 15:14] 2010-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1060284298-725345543-500UA.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-28 15:14] 2010-05-11 c:\windows\Tasks\User_Feed_Synchronization-{207454FA-0C73-4089-962C-1746A52F7C4B}.job - c:\windows\system32\msfeedssync.exe [2009-03-07 23:01] . . ------- Supplementary Scan ------- . IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cq0ekils.default\ FF - component: c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll FF - component: c:\program files\Mozilla Blocked Russian URL\components\KavLinkFilter.dll FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-11 09:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-299502267-1060284298-725345543-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9d,59,2c,03,53,44,8f,4e,a9,aa,5b,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839 E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9d,59,2c,03,53,44,8f,4e,a9,aa,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):e7,9d,60,d9,59,56,fb,bb,99,ea,ea,a7,fb,0c,45,79,94,53,f6,06,a2, 03,76,8d,31,9e,9a,a6,c7,77,73,89,d5,03,69,68,0e,02,39,2d,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{87bf9f6e-1abd-4994-80ac-6f3e63a9ca40}] @Denied: (Full) (Everyone) "Model"=dword:00000063 "Therad"=dword:00000001 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1064) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll c:\program files\Internet Download Manager\idmmkb.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\WgaTray.exe c:\windows\SOUNDMAN.EXE c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\wscntfy.exe c:\program files\Internet Download Manager\IEMonitor.exe c:\windows\system32\logon.scr . ********************************************************************** . Completion time: 2010-05-11 09:29:39 - machine was rebooted ComboFix-quarantined-files.txt 2010-05-11 03:59 Pre-Run: 13,243,813,888 bytes free Post-Run: 13,149,892,608 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - FEF9598E5635430DD2D1F27F0E3973BA Please download Malwarebytes Anti-Malware from Malwarebytes.org. Alternate link: BleepingComputer.com. (Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!) Double Click mbam-setup.exe to install the application. (Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!) Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Full Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer. Please save the log to a location you will remember. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt Copy and paste the entire report in your next reply. Thank you. Here is my latest Malwarebytes log as requested by you. MalwareBytes Log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4092 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 5/12/2010 1:04:43 PM mbam-log-2010-05-12 (13-04-43).txt Scan type: Full scan (A:\\|C:\\|D:\\|E:\\|F:\\|G:\\|) Objects scanned: 138417 Time elapsed: 51 minute(s), 14 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{C53DACDC-1BC0-4E09-A29B-963D41AA372F}\RP57\A0021760.exe (Application.FindKey) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C53DACDC-1BC0-4E09-A29B-963D41AA372F}\RP57\A0021763.exe (Malware.Tool) -> Quarantined and deleted successfully. Please run a free online scan with the ESET Online Scanner Tick the box next to YES, I accept the Terms of Use Click Start When asked, allow the ActiveX control to install Click Start Make sure that the options Remove found threats and the option Scan unwanted applications is checked Click Scan (This scan can take several hours, so please be patient) Once the scan is completed, you may close the window Use Notepad to open the logfile LOCATED at C:\Program Files\EsetOnlineScanner\log.txt Copy and paste that log as a reply to this topic Thank you. Sorry for the delay in the post. This is to acknowledge you that I have reformatted my system from XP to Windows 7 just for the up gradation. Henceforth as a result I guess my problem is pruned. This thread can be closed now. Thank you for your support all the way through, I appreciate it. I brook thyself to consult here for any further glitches. Thanks.Ok. Since this appears to be resolved, this topic is now closed. Glad we could help! =>CLOSED**

Answer»

My computer runs slow at times. Please check my log. thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:37:14 PM, on 5/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage VALIDATION Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264617489750
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: ,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Java Quick STARTER (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 5569 bytes
Sorry for the delay, we are busy here on the boards. If you are still having issues, please do the following:

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, SELECT "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.Thank you for the reply. My computer lags sometimes while working I was suspecting it to be infected though Malware results are clean.

Malwarebytes log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4085

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/10/2010 3:05:05 PM
mbam-log-2010-05-10 (15-05-05).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 138091
Time elapsed: 48 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.Thank you. Here is my Combofix log file:

ComboFix 10-05-10.02 - Administrator 05/11/2010 9:12.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.631.400 [GMT 5.5:30]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\ezpinst.log
c:\windows\system32\VB6KO.DLL
c:\windows\YAHELITE.INI

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS

((((((((((((((((((((((((( Files Created from 2010-04-11 to 2010-05-11 )))))))))))))))))))))))))))))))
.

2010-05-10 08:36 . 2010-04-29 10:0938224----a-w-c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-10 08:36 . 2010-04-29 10:0920952----a-w-c:\windows\system32\drivers\mbam.sys
2010-05-06 10:30 . 2010-05-06 10:30115004----a-w-c:\documents and settings\Administrator\Application Data\OpenCandy\WeFiSetup_5_142_513Wrapped.exe
2010-05-06 10:30 . 2010-05-06 10:30--------d-----w-c:\documents and settings\Administrator\Application Data\OpenCandy
2010-05-06 04:36 . 2010-05-06 04:3633824----a-w-c:\windows\system32\drivers\oreans32.sys
2010-05-06 02:45 . 2010-05-06 02:46--------d-----w-c:\documents and settings\Administrator\Application Data\GetRightToGo
2010-04-18 02:47 . 2010-04-18 02:47--------d--h--w-c:\windows\PIF
2010-04-17 14:46 . 2010-04-17 14:46--------d-----w-c:\windows\Sun
2010-04-17 14:46 . 2010-04-17 14:46--------d-----w-c:\program files\Common Files\Java
2010-04-17 14:45 . 2010-04-17 14:44411368----a-w-c:\windows\system32\deployJava1.dll
2010-04-17 14:44 . 2010-04-17 14:44--------d-----w-c:\program files\Java
2010-04-17 13:07 . 1998-07-21 18:30102912----a-w-c:\windows\system32\Vb6stkit.dll
2010-04-17 13:05 . 2010-04-17 13:06--------d-----w-c:\documents and settings\Administrator\Application Data\CyberLink
2010-04-17 13:04 . 2010-04-17 13:05--------d-----w-c:\documents and settings\All Users\Application Data\CyberLink
2010-04-17 12:59 . 2007-01-08 16:4727168------w-c:\windows\system32\msxml3a.dll
2010-04-17 12:56 . 2007-01-08 16:47502816------w-c:\windows\system32\msvcp71.dll
2010-04-17 12:56 . 2007-01-08 16:47351264------w-c:\windows\system32\msvcr71.dll
2010-04-17 12:55 . 2010-04-17 12:55--------d-----w-c:\program files\CyberLink
2010-04-17 11:50 . 2010-04-17 11:50--------d-----w-c:\documents and settings\Administrator\Application Data\dvdcss
2010-04-11 16:17 . 2010-04-11 16:1780400----a-w-c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-04-11 16:17 . 2010-04-11 16:1780400----a-w-c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-04-11 15:27 . 2010-05-06 02:23113933----a-w-c:\windows\system32\drivers\klin.dat
2010-04-11 15:27 . 2010-05-06 02:2397549----a-w-c:\windows\system32\drivers\klick.dat
2010-04-11 15:24 . 2010-05-11 03:06--------d-----w-c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-04-11 15:24 . 2010-04-11 15:24--------d-----w-c:\program files\Kaspersky Lab
2010-04-11 15:12 . 2010-04-11 15:12--------d-----w-c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-11 03:53 . 2010-02-12 14:15--------d-----w-c:\documents and settings\Administrator\Application Data\DMCache
2010-05-10 09:30 . 2010-03-06 07:36--------d-----w-c:\documents and settings\Administrator\Application Data\vlc
2010-05-10 08:37 . 2010-01-28 17:08--------d-----w-c:\documents and settings\Administrator\Application Data\uTorrent
2010-04-17 13:14 . 2010-01-30 08:20--------d-----w-c:\documents and settings\Administrator\Application Data\Vso
2010-04-11 15:18 . 2010-01-26 15:30--------d-----w-c:\program files\COMODO
2010-04-01 09:14 . 2010-04-01 09:14503808----a-w-c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e39d902-n\msvcp71.dll
2010-04-01 09:14 . 2010-04-01 09:14499712----a-w-c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e39d902-n\jmc.dll
2010-04-01 09:14 . 2010-04-01 09:14348160----a-w-c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e39d902-n\msvcr71.dll
2010-04-01 09:13 . 2010-04-01 09:1361440----a-w-c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-735418e4-n\decora-sse.dll
2010-04-01 09:13 . 2010-04-01 09:1312800----a-w-c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-735418e4-n\decora-d3d.dll
2010-03-13 13:44 . 2010-02-12 14:15--------d-----w-c:\documents and settings\Administrator\Application Data\IDM
2010-03-13 12:59 . 2010-02-12 14:14--------d-----w-c:\program files\Internet Download Manager
2010-03-13 02:04 . 2010-03-13 01:583153784----a-w-c:\documents and settings\Administrator\Application Data\IDM\idmupdt.exe
2010-03-10 06:15 . 2004-09-01 00:00420352----a-w-c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-09-01 00:00916480----a-w-c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-09-01 00:00455680----a-w-c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 03:40 . 2004-09-01 00:002189952----a-w-c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:592066816----a-w-c:\windows\system32\ntkrnlpa.exe
2010-02-13 17:25 . 2010-01-26 16:0969232----a-w-c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-12 14:15 . 2010-02-12 14:15198064----a-w-c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2010-02-12 04:33 . 2004-09-01 00:00100864----a-w-c:\windows\system32\6to4svc.dll
2010-02-12 02:11 . 2010-02-06 09:0056816----a-w-c:\windows\system32\drivers\avgntflt.sys
2010-02-11 12:02 . 2004-09-01 00:00226880----a-w-c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-11-11 3171760]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-28 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-02-21 28675]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2002-04-24 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2002-04-24 106496]
"SoundMan"="SOUNDMAN.EXE" [2002-03-21 46592]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-20 340456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Administrator\\My Documents\\utorrent.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 klbg;Kaspersky Lab Boot Guard DRIVER;c:\windows\system32\drivers\klbg.sys [10/14/2009 8:18 PM 36880]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [5/6/2010 10:06 AM 33824]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 1:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 6:39 PM 19472]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-05-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1060284298-725345543-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-28 15:14]

2010-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1060284298-725345543-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-28 15:14]

2010-05-11 c:\windows\Tasks\User_Feed_Synchronization-{207454FA-0C73-4089-962C-1746A52F7C4B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 23:01]
.
.
------- Supplementary Scan -------
.
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cq0ekils.default\
FF - component: c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\Mozilla *Blocked Russian URL*\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-11 09:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-299502267-1060284298-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9d,59,2c,03,53,44,8f,4e,a9,aa,5b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839 E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9d,59,2c,03,53,44,8f,4e,a9,aa,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):e7,9d,60,d9,59,56,fb,bb,99,ea,ea,a7,fb,0c,45,79,94,53,f6,06,a2,
03,76,8d,31,9e,9a,a6,c7,77,73,89,d5,03,69,68,0e,02,39,2d,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{87bf9f6e-1abd-4994-80ac-6f3e63a9ca40}]
@Denied: (Full) (Everyone)
"Model"=dword:00000063
"Therad"=dword:00000001
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1064)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\program files\Internet Download Manager\idmmkb.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WgaTray.exe
c:\windows\SOUNDMAN.EXE
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\windows\system32\logon.scr
.
**************************************************************************
.
Completion time: 2010-05-11 09:29:39 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-11 03:59

Pre-Run: 13,243,813,888 bytes free
Post-Run: 13,149,892,608 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - FEF9598E5635430DD2D1F27F0E3973BA
Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
Copy and paste the entire report in your next reply.

Thank you. Here is my latest Malwarebytes log as requested by you.

MalwareBytes Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4092

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/12/2010 1:04:43 PM
mbam-log-2010-05-12 (13-04-43).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 138417
Time elapsed: 51 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{C53DACDC-1BC0-4E09-A29B-963D41AA372F}\RP57\A0021760.exe (Application.FindKey) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C53DACDC-1BC0-4E09-A29B-963D41AA372F}\RP57\A0021763.exe (Malware.Tool) -> Quarantined and deleted successfully.
Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile LOCATED at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Thank you. Sorry for the delay in the post. This is to acknowledge you that I have reformatted my system from XP to Windows 7 just for the up gradation. Henceforth as a result I guess my problem is pruned. This thread can be closed now. Thank you for your support all the way through, I appreciate it. I brook thyself to consult here for any further glitches. Thanks.Ok.

Since this appears to be resolved, this topic is now closed. Glad we could help!

=>CLOSED

Solve : computer runs slow at times!!?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment