Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: computer slow...signing in internet is slow and hanging up.  (Read 6404 times)

0 Members and 1 Guest are viewing this topic.

alsuz

    Topic Starter


    Rookie

    computer slow...signing in internet is slow and hanging up.
    « on: February 15, 2010, 11:18:30 PM »
    I had this on a previous post but have not had a chance to put the right log in due to family emergency.  System seems to be slow; when clicking on a site or page it will freeze up but within a few seconds it will unfreeze and go into the site...said there may some files and one time said there was a trojan...Would you check and see if the logs below are correct and see what problem there may be...thanks and yes I am very green to computer stuff.. sorry.

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 02/15/2010 at 09:37 PM

    Application Version : 4.33.1000

    Core Rules Database Version : 4589
    Trace Rules Database Version: 2401

    Scan type       : Complete Scan
    Total Scan Time : 00:20:31

    Memory items scanned      : 649
    Memory threats detected   : 0
    Registry items scanned    : 5150
    Registry threats detected : 0
    File items scanned        : 36907
    File threats detected     : 1

    Adware.Tracking Cookie
       C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt


    Malwarebytes' Anti-Malware 1.44
    Database version: 3744
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    2/15/2010 10:22:23 PM
    mbam-log-2010-02-15 (22-22-23).txt

    Scan type: Quick Scan
    Objects scanned: 110841
    Time elapsed: 3 minute(s), 6 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:02:18 AM, on 2/16/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.21183)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Dorland\Anywhere\DorAny.exe
    C:\Program Files\Common Files\AOL\1251835694\ee\AOLSoftware.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DisCryptor Free\DisCryptor.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\OLYMPUS\DeviceDetector\DeviceDetector4.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\zstatus.exe
    C:\Program Files\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe
    C:\Program Files\Trend Micro\sniper.exe\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
    O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"
    O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"
    O4 - HKLM\..\Run: [Persistence] "C:\WINDOWS\system32\igfxpers.exe"
    O4 - HKLM\..\Run: [RTHDCPL] "RTHDCPL.EXE"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [Dorland Anywhere] "C:\Program Files\Dorland\Anywhere\DorAny.exe"
    O4 - HKLM\..\Run: [hp 1000 firmware] "C:\Program Files\hp LaserJet 1000\fwdl.exe"
    O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1251835694\ee\AOLSoftware.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DisCryptor Free] "C:\Program Files\DisCryptor Free\DisCryptor.exe" -minimized -sysstart
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [PopularScreensaversWallpaper] "rundll32" C:\PROGRA~1\MYWEBS~1\bar\1.bin\F3SCRCTR.DLL,LES
    O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O4 - Global Startup: Device Detector 4.lnk = C:\Program Files\OLYMPUS\DeviceDetector\DeviceDetector4.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
    O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Filter hijack: text/html - {6256d11e-4609-4663-8dbe-5fe2f9b560eb} - (no file)
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: Olympus DVR Service - OLYMPUS IMAGING CORP. - C:\Program Files\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 10926 bytes


    evilfantasy

    • Malware Removal Specialist
    • Moderator


    • Genius
    • Calm like a bomb
    • Thanked: 493
    • Experience: Experienced
    • OS: Windows 11
    Re: computer slow...signing in internet is slow and hanging up.
    « Reply #1 on: February 17, 2010, 10:03:54 AM »
    Open HijackThis and select Do a system scan only

    Place a check mark next to the following entries: (if there)

    • O4 - HKCU\..\Run: [PopularScreensaversWallpaper] \"rundll32\" C:\PROGRA~1\MYWEBS~1\bar\1.bin\F3SCRCTR.DLL,LES
    • O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
    • O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
    • O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
    • O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    • O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    • O18 - Filter hijack: text/html - {6256d11e-4609-4663-8dbe-5fe2f9b560eb} - (no file)
    .
    Important: Close all open windows except for HijackThis and then click Fix checked.

    Once completed, exit HijackThis.

    ----------

    Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

    Do not confuse Windows Messenger with MSN Messenger or Windows Live Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

    Exit out of MessengerDisable then delete the two files that were put on the desktop.

    ----------

    If you already have ComboFix be sure to delete it and download a new copy.

    Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

    Link #1
    Link #2

    **Note:  It is important that it is saved directly to your Desktop

    Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

    Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
     
    Double click combofix.exe & follow the prompts.
    Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
    When finished ComboFix will produce a log for you.
    Post the ComboFix log in your next reply.

    Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

    Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

    If you have problems with ComboFix usage, see How to use ComboFix

    alsuz

      Topic Starter


      Rookie

      Re: computer slow...signing in internet is slow and hanging up.
      « Reply #2 on: February 17, 2010, 03:10:21 PM »
      ok.. evilfantasy maybe i have done this right....i have not restarted spyware real time protection yet.

      ComboFix 10-02-16.03 - Owner 02/17/2010  16:01:40.1.2 - x86
      Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2037.1540 [GMT -6:00]
      Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
      AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
      .

      (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\documents and settings\Owner\Application Data\Desktopicon
      c:\documents and settings\Owner\Application Data\Desktopicon\eBay.ico
      c:\documents and settings\Owner\Application Data\Desktopicon\uninst.exe
      c:\program files\Mozilla Firefox\plc4.dll
      c:\program files\Shared
      c:\windows\system32\reboot.txt

      .
      (((((((((((((((((((((((((   Files Created from 2010-01-17 to 2010-02-17  )))))))))))))))))))))))))))))))
      .

      2010-02-16 04:46 . 2010-02-16 04:46   --------   d-----w-   c:\program files\Common Files\Java
      2010-02-16 04:46 . 2010-02-16 04:46   348160   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-58030aed-n\msvcr71.dll
      2010-02-16 04:46 . 2010-02-16 04:46   503808   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-58030aed-n\msvcp71.dll
      2010-02-16 04:46 . 2010-02-16 04:46   499712   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-58030aed-n\jmc.dll
      2010-02-16 04:45 . 2010-02-16 04:45   61440   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-72c690e5-n\decora-sse.dll
      2010-02-16 04:45 . 2010-02-16 04:45   12800   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-72c690e5-n\decora-d3d.dll
      2010-02-16 04:18 . 2010-01-07 22:07   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
      2010-02-16 04:18 . 2010-02-16 04:18   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
      2010-02-16 04:18 . 2010-01-07 22:07   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
      2010-02-16 03:12 . 2010-02-16 03:12   52224   ----a-w-   c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
      2010-02-16 03:12 . 2010-02-16 03:12   117760   ----a-w-   c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
      2010-02-16 02:46 . 2010-02-16 02:46   --------   d-----w-   c:\program files\CCleaner
      2010-02-14 04:13 . 2010-02-14 04:13   --------   d-----w-   c:\windows\Sun
      2010-02-10 21:09 . 2009-11-27 17:23   17920   -c----w-   c:\windows\system32\dllcache\msyuv.dll
      2010-02-10 21:09 . 2009-11-27 16:07   8704   -c----w-   c:\windows\system32\dllcache\tsbyuv.dll
      2010-02-10 21:09 . 2009-11-27 16:07   48128   -c----w-   c:\windows\system32\dllcache\iyuv_32.dll
      2010-02-10 21:08 . 2009-12-04 17:25   456832   -c----w-   c:\windows\system32\dllcache\mrxsmb.sys
      2010-02-08 01:09 . 2010-02-11 18:42   162512   ----a-w-   c:\windows\system32\drivers\aswSP.sys
      2010-02-08 01:09 . 2010-02-11 18:38   19024   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
      2010-02-08 01:09 . 2010-02-11 18:42   46672   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
      2010-02-08 01:09 . 2010-02-11 18:39   23376   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
      2010-02-08 01:09 . 2010-02-11 18:38   100432   ----a-w-   c:\windows\system32\drivers\aswmon2.sys
      2010-02-08 01:09 . 2010-02-11 18:38   94800   ----a-w-   c:\windows\system32\drivers\aswmon.sys
      2010-02-08 01:09 . 2010-02-11 18:38   28880   ----a-w-   c:\windows\system32\drivers\aavmker4.sys
      2010-02-08 01:09 . 2010-02-11 18:53   38848   ----a-w-   c:\windows\system32\avastSS.scr
      2010-02-08 01:09 . 2010-02-11 18:53   153184   ----a-w-   c:\windows\system32\aswBoot.exe
      2010-02-08 01:09 . 2010-02-08 01:09   --------   d-----w-   c:\documents and settings\All Users\Application Data\Alwil Software
      2010-02-07 23:39 . 2010-02-16 03:11   --------   d-----w-   c:\program files\SUPERAntiSpyware
      2010-02-07 06:00 . 2010-01-14 17:12   181120   ------w-   c:\windows\system32\MpSigStub.exe
      2010-02-07 05:29 . 2010-02-07 05:29   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\Threat Expert
      2010-02-06 19:40 . 2010-02-16 06:01   --------   d-----w-   c:\program files\Trend Micro
      2010-02-06 12:29 . 2010-02-06 20:08   --------   d-----w-   c:\documents and settings\All Users\Application Data\Systweak
      2010-02-06 12:25 . 2010-02-06 20:08   --------   d-----w-   c:\documents and settings\Owner\Application Data\Systweak
      2010-02-06 12:19 . 2010-02-06 19:11   0   ----a-w-   c:\windows\IntIgn0xF28456.dat
      2010-02-02 14:15 . 2009-12-17 06:09   49241   ----a-w-   c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\sb_BunkerHill.dll
      2010-02-02 14:15 . 2009-12-16 13:07   136528   ----a-w-   c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\Vercopy.exe
      2010-02-02 14:15 . 2009-12-15 12:33   120144   ----a-w-   c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\SBFix.exe
      2010-02-02 14:15 . 2009-12-15 12:14   95568   ----a-w-   c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\RunOnce.exe
      2010-02-02 14:15 . 2009-12-15 10:35   106496   ----a-w-   c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\sb_Raga_Refresh.dll
      2010-02-02 14:15 . 2009-12-14 22:00   106496   ----a-w-   c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\sb_Almaak.dll
      2010-02-02 14:15 . 2009-12-14 20:06   106496   ----a-w-   c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\sb_Thailand.dll
      2010-02-02 14:15 . 2009-12-14 20:03   106496   ----a-w-   c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\sb_Strauss.dll
      2010-01-29 12:51 . 2010-01-29 12:51   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\Yahoo
      2010-01-29 12:51 . 2010-01-29 12:51   --------   d-----w-   c:\documents and settings\All Users\Application Data\Yahoo!
      2010-01-26 00:26 . 2010-02-16 02:35   --------   d-----w-   c:\program files\Unlocker

      .
      ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2010-02-17 20:57 . 2009-08-06 06:25   720   ----a-w-   c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
      2010-02-17 09:17 . 2009-06-03 20:59   --------   d-----w-   c:\program files\Defraggler
      2010-02-16 04:45 . 2009-11-19 06:15   --------   d-----w-   c:\program files\Java
      2010-02-16 03:11 . 2009-08-14 03:44   --------   d-----w-   c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
      2010-02-16 03:11 . 2009-12-22 23:15   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
      2010-02-08 01:09 . 2009-06-03 20:58   --------   d-----w-   c:\program files\Alwil Software
      2010-02-07 05:41 . 2009-09-12 18:10   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
      2010-02-04 16:06 . 2009-09-01 20:10   --------   d-----w-   c:\documents and settings\Owner\Application Data\AOL
      2010-02-02 14:15 . 2009-09-01 20:03   --------   d-----w-   c:\documents and settings\All Users\Application Data\AOL Downloads
      2010-01-29 12:51 . 2009-08-15 14:52   --------   d-----w-   c:\documents and settings\Owner\Application Data\Yahoo!
      2010-01-29 12:51 . 2009-08-15 14:52   --------   d-----w-   c:\documents and settings\All Users\Application Data\Yahoo! Companion
      2010-01-29 12:51 . 2009-08-15 14:52   --------   d-----w-   c:\program files\Yahoo!
      2010-01-17 13:12 . 2009-11-19 06:30   --------   d-----w-   c:\program files\Common Files\AVSMedia
      2010-01-17 13:11 . 2009-11-19 06:29   --------   d-----w-   c:\program files\AVS4YOU
      2010-01-17 03:00 . 2009-06-04 14:07   67880   ----a-w-   c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2010-01-17 02:56 . 2010-01-16 02:26   --------   d-----w-   c:\program files\Roxio
      2010-01-17 02:56 . 2010-01-16 02:25   --------   d-----w-   c:\program files\Common Files\Roxio Shared
      2010-01-17 02:55 . 2010-01-16 02:26   --------   d-----w-   c:\documents and settings\All Users\Application Data\Roxio
      2010-01-16 02:37 . 2010-01-16 02:34   --------   d-----w-   c:\documents and settings\Owner\Application Data\Roxio
      2010-01-16 02:35 . 2010-01-16 02:35   --------   d-----w-   c:\documents and settings\LocalService\Application Data\Roxio
      2010-01-16 02:30 . 2010-01-16 02:30   --------   d-----w-   c:\documents and settings\All Users\Application Data\InstallShield
      2010-01-16 02:29 . 2010-01-16 02:29   --------   d-----w-   c:\documents and settings\All Users\Application Data\Sonic
      2010-01-16 02:27 . 2009-06-10 17:29   --------   d-----w-   c:\program files\Common Files\InstallShield
      2010-01-16 02:25 . 2010-01-16 02:25   --------   d-----w-   c:\program files\DivX
      2010-01-15 21:17 . 2010-01-15 21:17   --------   d-----w-   c:\program files\Windows Media Connect 2
      2010-01-13 19:53 . 2010-01-13 19:53   --------   d-----w-   c:\documents and settings\All Users\Application Data\XoftSpySE
      2010-01-12 00:42 . 2010-01-12 00:39   164   ----a-w-   c:\windows\install.dat
      2010-01-05 09:57 . 2008-10-16 19:24   841216   ----a-w-   c:\windows\system32\wininet.dll
      2010-01-05 09:57 . 2007-08-13 15:45   78336   ----a-w-   c:\windows\system32\ieencode.dll
      2010-01-05 09:57 . 2007-01-08 16:01   17408   ----a-w-   c:\windows\system32\corpol.dll
      2010-01-01 07:58 . 2008-09-08 10:37   353792   ----a-w-   c:\windows\system32\drivers\srv.sys
      2009-12-22 23:15 . 2009-12-22 23:12   --------   d-----w-   c:\program files\LeapFrog
      2009-12-22 23:14 . 2009-12-22 23:14   28696928   ----a-w-   c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\UPCInstaller.exe
      2009-12-22 23:13 . 2009-12-22 23:13   4852064   ----a-w-   c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\Leapster2Plugin.exe
      2009-12-22 23:12 . 2009-12-22 23:12   --------   d-----w-   c:\documents and settings\All Users\Application Data\Leapfrog
      2009-12-17 23:14 . 2009-11-19 06:15   411368   ----a-w-   c:\windows\system32\deploytk.dll
      2009-12-16 18:43 . 2009-06-03 20:44   343040   ----a-w-   c:\windows\system32\mspaint.exe
      2009-12-14 07:08 . 2008-04-14 10:41   33280   ----a-w-   c:\windows\system32\csrsrv.dll
      2009-12-08 18:20 . 2008-08-14 09:39   2145280   ----a-w-   c:\windows\system32\ntoskrnl.exe
      2009-12-08 17:40 . 2008-08-14 04:09   2023936   ----a-w-   c:\windows\system32\ntkrnlpa.exe
      2009-12-04 17:25 . 2008-10-24 10:41   456832   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
      2009-11-27 17:23 . 2008-05-07 04:04   1291776   ----a-w-   c:\windows\system32\quartz.dll
      2009-11-27 17:23 . 2008-04-14 05:42   17920   ----a-w-   c:\windows\system32\msyuv.dll
      2009-11-27 16:07 . 2006-02-28 11:00   28672   ----a-w-   c:\windows\system32\msvidc32.dll
      2009-11-27 16:07 . 2001-08-17 22:36   8704   ----a-w-   c:\windows\system32\tsbyuv.dll
      2009-11-27 16:07 . 2008-04-14 10:42   11264   ----a-w-   c:\windows\system32\msrle32.dll
      2009-11-27 16:07 . 2008-04-14 10:41   84992   ----a-w-   c:\windows\system32\avifil32.dll
      2009-11-27 16:07 . 2008-04-14 05:41   48128   ----a-w-   c:\windows\system32\iyuv_32.dll
      2009-11-21 15:51 . 2008-04-14 10:41   471552   ----a-w-   c:\windows\AppPatch\aclayers.dll
      2009-07-11 13:53 . 2009-07-11 13:53   36122624   ----a-w-   c:\program files\ess_nt32_enu.msi
      .

      (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "DisCryptor Free"="c:\program files\DisCryptor Free\DisCryptor.exe" [2009-02-01 1671168]
      "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
      "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 141336]
      "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 173592]
      "Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-12 141336]
      "RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
      "type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608]
      "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
      "Dorland Anywhere"="c:\program files\Dorland\Anywhere\DorAny.exe" [2008-01-23 409600]
      "hp 1000 firmware"="c:\program files\hp LaserJet 1000\fwdl.exe" [2001-12-15 36864]
      "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
      "HostManager"="c:\program files\Common Files\AOL\1251835694\ee\AOLSoftware.exe" [2008-06-24 41824]
      "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
      "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-11-10 443728]
      "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 221184]
      "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 81920]
      "YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
      "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
      "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "ShowDeskFix"="shell32" [X]

      c:\documents and settings\All Users\Start Menu\Programs\Startup\
      Device Detector 4.lnk - c:\program files\OLYMPUS\DeviceDetector\DeviceDetector4.exe [2008-8-5 397312]
      Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "NoResolveTrack"= 1 (0x1)
      "NoSMConfigurePrograms"= 1 (0x1)

      [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
      "ForceClassicControlPanel"= 1 (0x1)
      "NoResolveTrack"= 1 (0x1)
      "NoSMConfigurePrograms"= 1 (0x1)

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
      "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
      2009-09-03 20:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
      BootExecute   REG_MULTI_SZ      autocheck autochk *\0sasnative32

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
      "c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
      "c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
      "c:\\Program Files\\Common Files\\aol\\1251835694\\ee\\aolsoftware.exe"=
      "c:\\Program Files\\AOL 9.1\\waol.exe"=
      "c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
      "c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
      "c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
      "c:\\Program Files\\OLYMPUS\\DSSPlayerStandard\\TranscriptionModule.exe"=

      R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/7/2010 7:09 PM 162512]
      R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
      R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
      R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/7/2010 7:09 PM 19024]
      R3 Olympus DVR Service;Olympus DVR Service;c:\program files\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [8/5/2008 2:58 PM 167936]
      R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
      R4 discryptor;discryptor;c:\program files\DisCryptor Free\discryptor.sys [2/1/2009 3:55 PM 265984]
      S3 ADASPROT;SYSTWEAKASO;\??\c:\program files\Advanced System Optimizer 3\adasprot32.sys --> c:\program files\Advanced System Optimizer 3\adasprot32.sys [?]
      .
      Contents of the 'Scheduled Tasks' folder

      2010-02-17 c:\windows\Tasks\User_Feed_Synchronization-{8E86AB1F-EB25-48A4-AFD3-B0077CB92854}.job
      - c:\windows\system32\msfeedssync.exe [2009-06-03 23:36]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.yahoo.com/
      IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
      IE: &Search
      IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
      IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
      FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\lsimge42.default\
      FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLie7&query=
      FF - prefs.js: browser.search.selectedEngine - AOL Search
      FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
      FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLab&query=
      FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\lsimge42.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
      FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
      FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
      FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
      FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
      FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
      FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
      FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

      ---- FIREFOX POLICIES ----
      FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false.
      .
      ------- File Associations -------
      .
      JSEFile=NOTEPAD.EXE %1
      .
      - - - - ORPHANS REMOVED - - - -

      WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
      HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe
      AddRemove-eBay Icon - c:\documents and settings\Owner\Application Data\Desktopicon\uninst.exe
      AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe



      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2010-02-17 16:03
      Windows 5.1.2600 Service Pack 3 NTFS

      scanning hidden processes ... 

      scanning hidden autostart entries ...

      scanning hidden files ... 

      scan completed successfully
      hidden files: 0

      **************************************************************************
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      - - - - - - - > 'winlogon.exe'(704)
      c:\program files\SUPERAntiSpyware\SASWINLO.dll
      c:\windows\system32\WININET.dll
      .
      Completion time: 2010-02-17  16:04:32
      ComboFix-quarantined-files.txt  2010-02-17 22:04

      Pre-Run: 145,501,380,608 bytes free
      Post-Run: 145,479,634,944 bytes free

      WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
      [boot loader]
      timeout=2
      default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
      [operating systems]
      c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
      multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

      - - End Of File - - A66656F258E6467FF8304D90C5517B98

      evilfantasy

      • Malware Removal Specialist
      • Moderator


      • Genius
      • Calm like a bomb
      • Thanked: 493
      • Experience: Experienced
      • OS: Windows 11
      Re: computer slow...signing in internet is slow and hanging up.
      « Reply #3 on: February 17, 2010, 03:56:31 PM »
      1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
      It must be Notepad, not Wordpad.
      2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

      Code: [Select]
      KillAll::

      Driver::
      ADASPROT

      Registry::
      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "ShowDeskFix"=-


      3. Go to the Notepad window and click Edit > Paste
      4. Then click File > Save
      5. Name the file CFScript.txt - Save the file to your Desktop
      6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



      ComboFix will begin to execute, just follow the prompts.
      After reboot (in case it asks to reboot), it will produce a log for you.
      Post that log (Combofix.txt) in your next reply.

      Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

      ----------

      Please go to Start > Run and copy/paste the following blue text, then press Enter:

      C:\QooBox\Add-Remove Programs.txt

      A text file should open. Please post the contents of that file in your next reply.

      alsuz

        Topic Starter


        Rookie

        Re: computer slow...signing in internet is slow and hanging up.
        « Reply #4 on: February 17, 2010, 04:51:29 PM »
        ComboFix 10-02-16.03 - Owner 02/17/2010  17:39:38.2.2 - x86
        Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2037.1524 [GMT -6:00]
        Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
        Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
        AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
        .

        (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
        .

        .
        (((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
        .

        -------\Legacy_ADASPROT
        -------\Service_ADASPROT


        (((((((((((((((((((((((((   Files Created from 2010-01-17 to 2010-02-17  )))))))))))))))))))))))))))))))
        .

        2010-02-16 04:46 . 2010-02-16 04:46   --------   d-----w-   c:\program files\Common Files\Java
        2010-02-16 04:46 . 2010-02-16 04:46   348160   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-58030aed-n\msvcr71.dll
        2010-02-16 04:46 . 2010-02-16 04:46   503808   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-58030aed-n\msvcp71.dll
        2010-02-16 04:46 . 2010-02-16 04:46   499712   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-58030aed-n\jmc.dll
        2010-02-16 04:45 . 2010-02-16 04:45   61440   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-72c690e5-n\decora-sse.dll
        2010-02-16 04:45 . 2010-02-16 04:45   12800   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-72c690e5-n\decora-d3d.dll
        2010-02-16 04:18 . 2010-01-07 22:07   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
        2010-02-16 04:18 . 2010-02-16 04:18   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
        2010-02-16 04:18 . 2010-01-07 22:07   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
        2010-02-16 03:12 . 2010-02-16 03:12   52224   ----a-w-   c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
        2010-02-16 03:12 . 2010-02-16 03:12   117760   ----a-w-   c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
        2010-02-16 02:46 . 2010-02-16 02:46   --------   d-----w-   c:\program files\CCleaner
        2010-02-14 04:13 . 2010-02-14 04:13   --------   d-----w-   c:\windows\Sun
        2010-02-10 21:09 . 2009-11-27 17:23   17920   -c----w-   c:\windows\system32\dllcache\msyuv.dll
        2010-02-10 21:09 . 2009-11-27 16:07   8704   -c----w-   c:\windows\system32\dllcache\tsbyuv.dll
        2010-02-10 21:09 . 2009-11-27 16:07   48128   -c----w-   c:\windows\system32\dllcache\iyuv_32.dll
        2010-02-10 21:08 . 2009-12-04 17:25   456832   -c----w-   c:\windows\system32\dllcache\mrxsmb.sys
        2010-02-08 01:09 . 2010-02-11 18:42   162512   ----a-w-   c:\windows\system32\drivers\aswSP.sys
        2010-02-08 01:09 . 2010-02-11 18:38   19024   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
        2010-02-08 01:09 . 2010-02-11 18:42   46672   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
        2010-02-08 01:09 . 2010-02-11 18:39   23376   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
        2010-02-08 01:09 . 2010-02-11 18:38   100432   ----a-w-   c:\windows\system32\drivers\aswmon2.sys
        2010-02-08 01:09 . 2010-02-11 18:38   94800   ----a-w-   c:\windows\system32\drivers\aswmon.sys
        2010-02-08 01:09 . 2010-02-11 18:38   28880   ----a-w-   c:\windows\system32\drivers\aavmker4.sys
        2010-02-08 01:09 . 2010-02-11 18:53   38848   ----a-w-   c:\windows\system32\avastSS.scr
        2010-02-08 01:09 . 2010-02-11 18:53   153184   ----a-w-   c:\windows\system32\aswBoot.exe
        2010-02-08 01:09 . 2010-02-08 01:09   --------   d-----w-   c:\documents and settings\All Users\Application Data\Alwil Software
        2010-02-07 23:39 . 2010-02-16 03:11   --------   d-----w-   c:\program files\SUPERAntiSpyware
        2010-02-07 06:00 . 2010-01-14 17:12   181120   ------w-   c:\windows\system32\MpSigStub.exe
        2010-02-07 05:29 . 2010-02-07 05:29   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\Threat Expert
        2010-02-06 19:40 . 2010-02-16 06:01   --------   d-----w-   c:\program files\Trend Micro
        2010-02-06 12:29 . 2010-02-06 20:08   --------   d-----w-   c:\documents and settings\All Users\Application Data\Systweak
        2010-02-06 12:25 . 2010-02-06 20:08   --------   d-----w-   c:\documents and settings\Owner\Application Data\Systweak
        2010-02-06 12:19 . 2010-02-06 19:11   0   ----a-w-   c:\windows\IntIgn0xF28456.dat
        2010-02-02 14:15 . 2009-12-17 06:09   49241   ----a-w-   c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\sb_BunkerHill.dll
        2010-02-02 14:15 . 2009-12-16 13:07   136528   ----a-w-   c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\Vercopy.exe
        2010-02-02 14:15 . 2009-12-15 12:33   120144   ----a-w-   c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\SBFix.exe
        2010-02-02 14:15 . 2009-12-15 12:14   95568   ----a-w-   c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\RunOnce.exe
        2010-02-02 14:15 . 2009-12-15 10:35   106496   ----a-w-   c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\sb_Raga_Refresh.dll
        2010-02-02 14:15 . 2009-12-14 22:00   106496   ----a-w-   c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\sb_Almaak.dll
        2010-02-02 14:15 . 2009-12-14 20:06   106496   ----a-w-   c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\sb_Thailand.dll
        2010-02-02 14:15 . 2009-12-14 20:03   106496   ----a-w-   c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4482\sb_Strauss.dll
        2010-01-29 12:51 . 2010-01-29 12:51   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\Yahoo
        2010-01-29 12:51 . 2010-01-29 12:51   --------   d-----w-   c:\documents and settings\All Users\Application Data\Yahoo!
        2010-01-26 00:26 . 2010-02-16 02:35   --------   d-----w-   c:\program files\Unlocker

        .
        ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2010-02-17 23:43 . 2009-08-06 06:25   720   ----a-w-   c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
        2010-02-17 09:17 . 2009-06-03 20:59   --------   d-----w-   c:\program files\Defraggler
        2010-02-16 04:45 . 2009-11-19 06:15   --------   d-----w-   c:\program files\Java
        2010-02-16 03:11 . 2009-08-14 03:44   --------   d-----w-   c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
        2010-02-16 03:11 . 2009-12-22 23:15   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
        2010-02-08 01:09 . 2009-06-03 20:58   --------   d-----w-   c:\program files\Alwil Software
        2010-02-07 05:41 . 2009-09-12 18:10   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
        2010-02-04 16:06 . 2009-09-01 20:10   --------   d-----w-   c:\documents and settings\Owner\Application Data\AOL
        2010-02-02 14:15 . 2009-09-01 20:03   --------   d-----w-   c:\documents and settings\All Users\Application Data\AOL Downloads
        2010-01-29 12:51 . 2009-08-15 14:52   --------   d-----w-   c:\documents and settings\Owner\Application Data\Yahoo!
        2010-01-29 12:51 . 2009-08-15 14:52   --------   d-----w-   c:\documents and settings\All Users\Application Data\Yahoo! Companion
        2010-01-29 12:51 . 2009-08-15 14:52   --------   d-----w-   c:\program files\Yahoo!
        2010-01-17 13:12 . 2009-11-19 06:30   --------   d-----w-   c:\program files\Common Files\AVSMedia
        2010-01-17 13:11 . 2009-11-19 06:29   --------   d-----w-   c:\program files\AVS4YOU
        2010-01-17 03:00 . 2009-06-04 14:07   67880   ----a-w-   c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
        2010-01-17 02:56 . 2010-01-16 02:26   --------   d-----w-   c:\program files\Roxio
        2010-01-17 02:56 . 2010-01-16 02:25   --------   d-----w-   c:\program files\Common Files\Roxio Shared
        2010-01-17 02:55 . 2010-01-16 02:26   --------   d-----w-   c:\documents and settings\All Users\Application Data\Roxio
        2010-01-16 02:37 . 2010-01-16 02:34   --------   d-----w-   c:\documents and settings\Owner\Application Data\Roxio
        2010-01-16 02:35 . 2010-01-16 02:35   --------   d-----w-   c:\documents and settings\LocalService\Application Data\Roxio
        2010-01-16 02:30 . 2010-01-16 02:30   --------   d-----w-   c:\documents and settings\All Users\Application Data\InstallShield
        2010-01-16 02:29 . 2010-01-16 02:29   --------   d-----w-   c:\documents and settings\All Users\Application Data\Sonic
        2010-01-16 02:27 . 2009-06-10 17:29   --------   d-----w-   c:\program files\Common Files\InstallShield
        2010-01-16 02:25 . 2010-01-16 02:25   --------   d-----w-   c:\program files\DivX
        2010-01-15 21:17 . 2010-01-15 21:17   --------   d-----w-   c:\program files\Windows Media Connect 2
        2010-01-13 19:53 . 2010-01-13 19:53   --------   d-----w-   c:\documents and settings\All Users\Application Data\XoftSpySE
        2010-01-12 00:42 . 2010-01-12 00:39   164   ----a-w-   c:\windows\install.dat
        2010-01-05 09:57 . 2008-10-16 19:24   841216   ------w-   c:\windows\system32\wininet.dll
        2010-01-05 09:57 . 2007-08-13 15:45   78336   ----a-w-   c:\windows\system32\ieencode.dll
        2010-01-05 09:57 . 2007-01-08 16:01   17408   ----a-w-   c:\windows\system32\corpol.dll
        2010-01-01 07:58 . 2008-09-08 10:37   353792   ----a-w-   c:\windows\system32\drivers\srv.sys
        2009-12-22 23:15 . 2009-12-22 23:12   --------   d-----w-   c:\program files\LeapFrog
        2009-12-22 23:14 . 2009-12-22 23:14   28696928   ----a-w-   c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\UPCInstaller.exe
        2009-12-22 23:13 . 2009-12-22 23:13   4852064   ----a-w-   c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\Leapster2Plugin.exe
        2009-12-22 23:12 . 2009-12-22 23:12   --------   d-----w-   c:\documents and settings\All Users\Application Data\Leapfrog
        2009-12-17 23:14 . 2009-11-19 06:15   411368   ----a-w-   c:\windows\system32\deploytk.dll
        2009-12-16 18:43 . 2009-06-03 20:44   343040   ----a-w-   c:\windows\system32\mspaint.exe
        2009-12-14 07:08 . 2008-04-14 10:41   33280   ----a-w-   c:\windows\system32\csrsrv.dll
        2009-12-08 18:20 . 2008-08-14 09:39   2145280   ------w-   c:\windows\system32\ntoskrnl.exe
        2009-12-08 17:40 . 2008-08-14 04:09   2023936   ------w-   c:\windows\system32\ntkrnlpa.exe
        2009-12-04 17:25 . 2008-10-24 10:41   456832   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
        2009-11-27 17:23 . 2008-05-07 04:04   1291776   ----a-w-   c:\windows\system32\quartz.dll
        2009-11-27 17:23 . 2008-04-14 05:42   17920   ----a-w-   c:\windows\system32\msyuv.dll
        2009-11-27 16:07 . 2006-02-28 11:00   28672   ----a-w-   c:\windows\system32\msvidc32.dll
        2009-11-27 16:07 . 2001-08-17 22:36   8704   ----a-w-   c:\windows\system32\tsbyuv.dll
        2009-11-27 16:07 . 2008-04-14 10:42   11264   ----a-w-   c:\windows\system32\msrle32.dll
        2009-11-27 16:07 . 2008-04-14 10:41   84992   ----a-w-   c:\windows\system32\avifil32.dll
        2009-11-27 16:07 . 2008-04-14 05:41   48128   ----a-w-   c:\windows\system32\iyuv_32.dll
        2009-11-21 15:51 . 2008-04-14 10:41   471552   ----a-w-   c:\windows\AppPatch\aclayers.dll
        2009-07-11 13:53 . 2009-07-11 13:53   36122624   ----a-w-   c:\program files\ess_nt32_enu.msi
        .

        (((((((((((((((((((((((((((((   SnapShot@2010-02-17_22.03.45   )))))))))))))))))))))))))))))))))))))))))
        .
        + 2010-02-17 23:43 . 2010-02-17 23:43   16384              c:\windows\temp\Perflib_Perfdata_8d4.dat
        .
        (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        *Note* empty entries & legit default entries are not shown
        REGEDIT4

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "DisCryptor Free"="c:\program files\DisCryptor Free\DisCryptor.exe" [2009-02-01 1671168]
        "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
        "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 141336]
        "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 173592]
        "Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-12 141336]
        "RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
        "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
        "type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608]
        "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
        "Dorland Anywhere"="c:\program files\Dorland\Anywhere\DorAny.exe" [2008-01-23 409600]
        "hp 1000 firmware"="c:\program files\hp LaserJet 1000\fwdl.exe" [2001-12-15 36864]
        "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
        "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
        "HostManager"="c:\program files\Common Files\AOL\1251835694\ee\AOLSoftware.exe" [2008-06-24 41824]
        "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
        "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-11-10 443728]
        "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 221184]
        "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 81920]
        "YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
        "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
        "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]

        c:\documents and settings\All Users\Start Menu\Programs\Startup\
        Device Detector 4.lnk - c:\program files\OLYMPUS\DeviceDetector\DeviceDetector4.exe [2008-8-5 397312]
        Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]

        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
        "NoResolveTrack"= 1 (0x1)
        "NoSMConfigurePrograms"= 1 (0x1)

        [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
        "ForceClassicControlPanel"= 1 (0x1)
        "NoResolveTrack"= 1 (0x1)
        "NoSMConfigurePrograms"= 1 (0x1)

        [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
        "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
        2009-09-03 20:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

        [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
        BootExecute   REG_MULTI_SZ      autocheck autochk *\0sasnative32

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
        "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
        "%windir%\\system32\\sessmgr.exe"=
        "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
        "c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
        "c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
        "c:\\Program Files\\Common Files\\aol\\1251835694\\ee\\aolsoftware.exe"=
        "c:\\Program Files\\AOL 9.1\\waol.exe"=
        "c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
        "c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
        "c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
        "c:\\Program Files\\OLYMPUS\\DSSPlayerStandard\\TranscriptionModule.exe"=

        R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/7/2010 7:09 PM 162512]
        R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
        R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
        R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/7/2010 7:09 PM 19024]
        R3 Olympus DVR Service;Olympus DVR Service;c:\program files\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [8/5/2008 2:58 PM 167936]
        R4 discryptor;discryptor;c:\program files\DisCryptor Free\discryptor.sys [2/1/2009 3:55 PM 265984]
        S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
        .
        Contents of the 'Scheduled Tasks' folder

        2010-02-17 c:\windows\Tasks\User_Feed_Synchronization-{8E86AB1F-EB25-48A4-AFD3-B0077CB92854}.job
        - c:\windows\system32\msfeedssync.exe [2009-06-03 23:36]
        .
        .
        ------- Supplementary Scan -------
        .
        uStart Page = hxxp://www.yahoo.com/
        IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
        IE: &Search
        IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
        IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
        FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\lsimge42.default\
        FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLie7&query=
        FF - prefs.js: browser.search.selectedEngine - AOL Search
        FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
        FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLab&query=
        FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\lsimge42.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
        FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
        FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
        FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
        FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
        FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
        FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
        FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

        ---- FIREFOX POLICIES ----
        FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false.

        **************************************************************************

        catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2010-02-17 17:43
        Windows 5.1.2600 Service Pack 3 NTFS

        scanning hidden processes ... 

        scanning hidden autostart entries ...

        scanning hidden files ... 

        scan completed successfully
        hidden files: 0

        **************************************************************************
        .
        --------------------- DLLs Loaded Under Running Processes ---------------------

        - - - - - - - > 'winlogon.exe'(716)
        c:\program files\SUPERAntiSpyware\SASWINLO.dll
        c:\windows\system32\WININET.dll
        c:\windows\System32\dimsntfy.dll

        - - - - - - - > 'explorer.exe'(1056)
        c:\windows\system32\WININET.dll
        c:\windows\system32\ieframe.dll
        c:\windows\system32\msi.dll
        c:\windows\system32\WPDShServiceObj.dll
        c:\windows\system32\PortableDeviceTypes.dll
        c:\windows\system32\PortableDeviceApi.dll
        .
        ------------------------ Other Running Processes ------------------------
        .
        c:\program files\Alwil Software\Avast5\AvastSvc.exe
        c:\windows\system32\igfxsrvc.exe
        c:\windows\RTHDCPL.EXE
        c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
        c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
        c:\program files\Java\jre6\bin\jqs.exe
        c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
        c:\program files\CDBurnerXP\NMSAccessU.exe
        c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
        c:\windows\system32\zstatus.exe
        .
        **************************************************************************
        .
        Completion time: 2010-02-17  17:45:06 - machine was rebooted
        ComboFix-quarantined-files.txt  2010-02-17 23:45
        ComboFix2.txt  2010-02-17 22:04

        Pre-Run: 145,485,348,864 bytes free
        Post-Run: 145,380,700,160 bytes free

        - - End Of File - - B72B4EEF571518FD2250AD7A3612872D

        7-Zip 4.65
        AC3Filter (remove only)
        Adobe Flash Player 10 ActiveX
        Adobe Flash Player 10 Plugin
        Adobe Reader 8.1.1
        Adobe Shockwave Player
        AOL Toolbar
        AOL Uninstaller (Choose which Products to Remove)
        ArcSoft Print Creations
        ArcSoft Print Creations - Album Page
        ArcSoft Print Creations - Funhouse
        ArcSoft Print Creations - Greeting Card
        ArcSoft Print Creations - Photo Book
        ArcSoft Print Creations - Photo Calendar
        ArcSoft Print Creations - Scrapbook
        ArcSoft Print Creations - Slimline Card
        AutoUpdate
        avast! Free Antivirus
        CCleaner
        CCScore
        CDBurnerXP
        Defraggler
        DisCryptor Free - Encryption Software
        DivX
        Dorland's Electronic Medical Speller
        Download Updater (AOL LLC)
        ESSBrwr
        ESSCDBK
        ESScore
        ESSgui
        ESSini
        ESSPCD
        ESSPDock
        ESSTOOLS
        essvatgt
        fflink
        Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
        Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
        Hotfix for Windows XP (KB954550-v5)
        hp LaserJet 1000
        Intel(R) Graphics Media Accelerator Driver
        Java Auto Updater
        Java(TM) 6 Update 18
        K-Lite Mega Codec Pack 3.8.0
        kgcbaby
        kgchday
        kgchlwn
        kgcinvt
        kgckids
        kgcmove
        kgcvday
        Kodak EasyShare software
        LeapFrog Connect
        LeapFrog Leapster2 Plugin
        Malwarebytes' Anti-Malware
        Microsoft .NET Framework 2.0 Service Pack 2
        Microsoft .NET Framework 3.0 Service Pack 2
        Microsoft .NET Framework 3.5 SP1
        Microsoft Application Error Reporting
        Microsoft Compression Client Pack 1.0 for Windows XP
        Microsoft IntelliPoint 5.3
        Microsoft IntelliType Pro 5.3
        Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
        Microsoft Office Small Business Edition 2003
        Microsoft User-Mode Driver Framework Feature Pack 1.0
        Microsoft VC9 runtime libraries
        Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
        Microsoft Visual C++ 2005 Redistributable
        Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
        Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
        Mozilla Firefox (3.0.5)
        MSXML 4.0 SP2 (KB973688)
        netbrdg
        OfotoXMI
        Olympus DSS Player Standard
        OpenOffice.org 3.0
        QuickTime
        Realtek High Definition Audio Driver
        rjhExtensions
        Security Update for Windows Internet Explorer 7 (KB969897)
        Security Update for Windows Internet Explorer 7 (KB972260)
        Security Update for Windows Internet Explorer 7 (KB974455)
        Security Update for Windows Internet Explorer 7 (KB976325)
        Security Update for Windows Internet Explorer 7 (KB978207)
        Security Update for Windows XP (KB971468)
        Security Update for Windows XP (KB975560)
        Security Update for Windows XP (KB975713)
        Security Update for Windows XP (KB977165)
        Security Update for Windows XP (KB977914)
        Security Update for Windows XP (KB978037)
        Security Update for Windows XP (KB978251)
        Security Update for Windows XP (KB978262)
        Security Update for Windows XP (KB978706)
        SFR
        SHASTA
        skin0001
        SKINXSDK
        staticcr
        SUPERAntiSpyware Free Edition
        Uninstall AOL Emergency Connect Utility 1.0
        Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
        Update for Windows Internet Explorer 7 (KB976749)
        Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
        Viewpoint Media Player
        VPRINTOL
        WebFldrs XP
        Windows Genuine Advantage Validation Tool (KB892130)
        Windows Live OneCare safety scanner
        Windows Media Format 11 runtime
        Windows Media Player 11
        Windows Vista Wallpapers
        WIRELESS
        XML Paper Specification Shared Components Pack 1.0
        Yahoo! BrowserPlus
        Yahoo! Install Manager
        Yahoo! Internet Mail
        Yahoo! Mail Advisor
        Yahoo! Search Protection
        Yahoo! Software Update
        Yahoo! Toolbar

        evilfantasy

        • Malware Removal Specialist
        • Moderator


        • Genius
        • Calm like a bomb
        • Thanked: 493
        • Experience: Experienced
        • OS: Windows 11
        Re: computer slow...signing in internet is slow and hanging up.
        « Reply #5 on: February 17, 2010, 05:25:52 PM »
        Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

        * Viewpoint Media Player

        ----------

        * Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
        * Now type Combofix /Uninstall in the runbox
        * Make sure there's a space between Combofix and /Uninstall
        * Then hit Enter

        * The above procedure will:
        * Delete the following:
        * ComboFix and its associated files and folders.
        * Reset the clock settings.
        * Hide file extensions, if required.
        * Hide System/Hidden files, if required.
        * Set a new, clean Restore Point.

        ----------

        Clean out your temporary internet files and temp files.

        Download TFC by OldTimer to your desktop.

        Double-click TFC.exe to run it.

        Note: If you are running on Vista, right-click on the file and choose Run As Administrator

        TFC will close all programs when run, so make sure you have saved all your work before you begin.

        * Click the Start button to begin the cleaning process.
        * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. 
        * Please let TFC run uninterrupted until it is finished.

        Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

        ----------

        ESET Online Scan

        Scan your computer with the ESET FREE Online Virus Scan

        * Click the ESET Online Scanner button.

        * For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
        * Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
        * Double click on the esetsmartinstaller_enu.exe icon on your desktop.
        * Place a check mark next to YES, I accept the Terms of Use.

        * Click the Start button.
        * Accept any security warnings from your browser.
        * Leave the check mark next to Remove found threats and place a check next to Scan archives.
        * Click the Start button.
        * ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
        * When the scan completes, click List of found threats.
        * Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
        * Click the <<Back button then click Finish.

        In your next reply please include the ESET Online Scan Log

        alsuz

          Topic Starter


          Rookie

          Re: computer slow...signing in internet is slow and hanging up.
          « Reply #6 on: February 18, 2010, 05:13:31 PM »
          First Evilfantasy thank you so much for your help with this and the time you have taken to help me...I'm so glad that we are able to have folks like you to help ones like me,,,who does not really know squat about computers... here is the Eset Online Scan Log results.

          C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP233\A0083431.DLL   Win32/Adware.FunWeb application   cleaned by deleting - quarantined
          C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP255\A0087847.DLL   Win32/Adware.FunWeb application   cleaned by deleting - quarantined
          C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP255\A0087848.DLL   Win32/Adware.FunWeb application   cleaned by deleting - quarantined
          C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP255\A0087849.DLL   Win32/Adware.FunWeb application   cleaned by deleting - quarantined
          C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP255\A0087851.DLL   Win32/Adware.FunWeb application   cleaned by deleting - quarantined
          C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP255\A0087852.DLL   Win32/Adware.FunWeb application   cleaned by deleting - quarantined
          C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP255\A0087853.EXE   Win32/Toolbar.MyWebSearch application   cleaned by deleting - quarantined
          C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP255\A0087858.DLL   Win32/Toolbar.MyWebSearch application   cleaned by deleting - quarantined
          C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP255\A0087859.DLL   Win32/Toolbar.MyWebSearch application   cleaned by deleting - quarantined
          C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP255\A0087860.DLL   Win32/Toolbar.MyWebSearch application   cleaned by deleting - quarantined
          C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP255\A0087861.DLL   Win32/Toolbar.MyWebSearch application   cleaned by deleting - quarantined
          C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP255\A0087863.DLL   Win32/Toolbar.MyWebSearch application   cleaned by deleting - quarantined
          C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP255\A0087864.EXE   Win32/Toolbar.MyWebSearch application   cleaned by deleting - quarantined
          C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP275\A0091335.DLL   Win32/Toolbar.MyWebSearch application   cleaned by deleting - quarantined
          C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP275\A0091336.DLL   Win32/Toolbar.MyWebSearch application   cleaned by deleting - quarantined
          C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP275\A0091338.EXE   Win32/Toolbar.MyWebSearch application   cleaned by deleting - quarantined
          C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP275\A0091340.EXE   Win32/Toolbar.MyWebSearch application   cleaned by deleting - quarantined
          C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP275\A0091341.EXE   Win32/Toolbar.MyWebSearch application   cleaned by deleting - quarantined
          C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP275\A0091342.DLL   Win32/Toolbar.MyWebSearch application   cleaned by deleting - quarantined
          C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP275\A0091343.EXE   Win32/Toolbar.MyWebSearch application   cleaned by deleting - quarantined
          C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP275\A0091348.EXE   Win32/Adware.FunWeb application   cleaned by deleting - quarantined
          C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP275\A0091349.DLL   Win32/Toolbar.MyWebSearch application   cleaned by deleting - quarantined
          C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP275\A0091351.SCR   Win32/Toolbar.MyWebSearch application   cleaned by deleting - quarantined
          C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP275\A0091352.DLL   Win32/Toolbar.MyWebSearch application   cleaned by deleting - quarantined
          C:\System Volume Information\_restore{1F83C1C3-FAD3-4F0D-898A-2860FCC07073}\RP289\A0093131.scr   Win32/Toolbar.MyWebSearch application   cleaned by deleting - quarantined

          evilfantasy

          • Malware Removal Specialist
          • Moderator


          • Genius
          • Calm like a bomb
          • Thanked: 493
          • Experience: Experienced
          • OS: Windows 11
          Re: computer slow...signing in internet is slow and hanging up.
          « Reply #7 on: February 18, 2010, 07:28:49 PM »
          That all is nothing to worry about.

          If there are no more malware issues we can finish up now.

          Use the Secunia Software Inspector to check for out of date software.

          * Click Start Now
          * Check the box next to Enable thorough system inspection.
          * Click Start
          * Allow the scan to finish and scroll down to see if any updates are needed.
          * Update anything listed.

          ----------

          Go to Microsoft Windows Update and get all critical updates.

          ----------

          If you are using or have installed IE6 you are using an outdated and soon to be unsupported version of Internet Explorer and I strongly suggest you update to the latest version directly from Microsoft Internet Explorer 8: Home page.

          ----------

          I recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no realtime protection so will not interfere with each other. They do not use any significant amount of resources (except a little disk space) until you run a scan.

          I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

          SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
          * Using SpywareBlaster to protect your computer from Spyware and Malware
          * If you don't know what ActiveX controls are, see here

          Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

          Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

          Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.