WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Computer Runs Very Slow

2 posters

descriptionComputer Runs Very Slow EmptyComputer Runs Very Slow17th November 2011, 2:28 pm

more_horiz
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-10 21:26:33
-----------------------------
21:26:33.632 OS Version: Windows 5.1.2600 Service Pack 3
21:26:33.632 Number of processors: 2 586 0x604
21:26:33.632 ComputerName: GIFTY UserName:
21:26:35.398 Initialize success
21:26:36.539 AVAST engine defs: 11111000
21:26:52.652 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:26:52.668 Disk 0 Vendor: ST320082 3.AA Size: 190782MB BusType: 3
21:26:52.683 Disk 0 MBR read successfully
21:26:52.683 Disk 0 MBR scan
21:26:52.683 Disk 0 unknown MBR code
21:26:52.699 Disk 0 scanning sectors +390700800
21:26:52.777 Disk 0 scanning C:\WINDOWS\system32\drivers
21:27:07.218 Service scanning
21:27:09.922 Modules scanning
21:27:37.867 Disk 0 trace - called modules:
21:27:37.867
21:27:38.398 AVAST engine scan C:\WINDOWS
21:28:02.217 AVAST engine scan C:\WINDOWS\system32
21:30:03.812 AVAST engine scan C:\WINDOWS\system32\drivers
21:30:17.065 AVAST engine scan C:\Documents and Settings\GIFTY FRIMPONG
21:37:53.929 AVAST engine scan C:\Documents and Settings\All Users
21:37:58.149 File: C:\Documents and Settings\All Users\Application Data\Installations\{0D049270-13E8-4CDC-BFCB-89C3871070EE}\Installer\CommonCustomActions\closeapp.exe **INFECTED** Win32:MalOb-EI [Cryp]
21:38:41.533 Scan finished successfully
21:44:13.743 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\GIFTY FRIMPONG\My Documents\Downloads\MBR.dat"
21:44:13.743 The log file has been saved successfully to "C:\Documents and Settings\GIFTY FRIMPONG\My Documents\Downloads\aswMBR.txt"



OTL Extras logfile created on: 10/11/2011 19:22:26 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\GIFTY FRIMPONG\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

501.59 Mb Total Physical Memory | 98.26 Mb Available Physical Memory | 19.59% Memory free
1.19 Gb Paging File | 0.58 Gb Available in Paging File | 48.76% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 181.70 Gb Total Space | 145.50 Gb Free Space | 80.08% Space Free | Partition Type: NTFS
Drive D: | 4.59 Gb Total Space | 2.01 Gb Free Space | 43.68% Space Free | Partition Type: FAT32

Computer Name: GIFTY | User Name: GIFTY FRIMPONG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"88:TCP" = 88:TCP:*:Enabled:BroadWave Audio Streaming Server Web Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
"C:\Program Files\sipgate X-Lite\sipgateXLite.exe" = C:\Program Files\sipgate X-Lite\sipgateXLite.exe:*:Enabled:sipgateXLite -- ()
"E:\Installation\Setupx.exe" = E:\Installation\Setupx.exe:*:Enabled:Nero ProductSetup
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Disabled:Nokia Software Updater
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Disabled:Nokia Service Layer Host Process
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{27ECB379-B140-43C3-BAD5-36C034B5A996}" = Intel(R) Quick Resume Technology Drivers
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3CF99DC3-38FD-46E6-A6B4-9C70074E020C}" = DocumentViewer
"{3D1B20A6-E31D-4BB5-BC5C-DDD3B0D91728}" = Intel Audio Studio 2.0
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{41979C2F-34B8-4F92-8111-B13C5864682D}" = MediaFACE 4.01
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}" = Multimedia Keyboard Driver
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87791AF4-4D4C-43DC-97BF-05EEEE5187F2}" = e-Sword
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA11090-6E99-4655-AAF5-57EB5F677D0C}" = MarketResearch
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D85AB83D-CD2D-44D0-9DA3-E16294DE81D2}" = Intel Audio Studio 2.0
"{DA1CD94B-826A-4bba-AC46-EF352F47BC81}" = InstantShareDevices
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5A1DE9A-A21C-43A1-B06D-5146BAF62033}" = PanoStandAlone
"{E9BC886E-0D8A-4EF5-B793-30DB776C6E2C}" = PC Connectivity Solution
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Internet Security
"BigFix" = BigFix
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows Driver Package - Nokia Modem (03/05/2008 3.7)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX110_TX110 User’s Guide" = Epson Stylus SX110_TX110 Manual
"EPSON SX110 Series" = EPSON SX110 Series Printer Uninstall
"ExpressBurn" = Express Burn
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"gtw_logo" = gtw_logo
"HP Document Viewer" = HP Document Viewer 6.1
"HP Imaging Device Functions" = HP Imaging Device Functions 6.1
"HP Photo & Imaging" = HP Photosmart Premier Software 6.1
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
"HPExtendedCapabilities" = HP Extended Capabilities 6.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{41979C2F-34B8-4F92-8111-B13C5864682D}" = MediaFACE 4.01
"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"Intel® Quick Resume Technology" = Intel(R) Quick Resume Technology Drivers
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSS" = Norton Security Scan
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSet" = Intel(R) PRO Network Connections Drivers
"QuickTime" = QuickTime
"Rapport_msi" = Rapport
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WGA" = Windows Genuine Advantage Validation Tool
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"ZillaTube" = ZillaTube 4.8

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 31/10/2011 11:05:35 | Computer Name = GIFTY | Source = Application Error | ID = 1000
Description = Faulting application zhotkey.exe, version 3.0.0.10, faulting module
zhotkey.exe, version 3.0.0.10, fault address 0x00009b75.

Error - 03/11/2011 09:28:54 | Computer Name = GIFTY | Source = Application Error | ID = 1000
Description = Faulting application zhotkey.exe, version 3.0.0.10, faulting module
zhotkey.exe, version 3.0.0.10, fault address 0x00009b75.

Error - 03/11/2011 09:41:28 | Computer Name = GIFTY | Source = Application Error | ID = 1000
Description = Faulting application zhotkey.exe, version 3.0.0.10, faulting module
zhotkey.exe, version 3.0.0.10, fault address 0x00009b75.

Error - 05/11/2011 07:19:24 | Computer Name = GIFTY | Source = Application Error | ID = 1000
Description = Faulting application zhotkey.exe, version 3.0.0.10, faulting module
zhotkey.exe, version 3.0.0.10, fault address 0x00009b75.

Error - 07/11/2011 04:45:09 | Computer Name = GIFTY | Source = Application Error | ID = 1000
Description = Faulting application zhotkey.exe, version 3.0.0.10, faulting module
zhotkey.exe, version 3.0.0.10, fault address 0x00009b75.

Error - 09/11/2011 16:57:11 | Computer Name = GIFTY | Source = Application Error | ID = 1000
Description = Faulting application zhotkey.exe, version 3.0.0.10, faulting module
zhotkey.exe, version 3.0.0.10, fault address 0x00009b75.

Error - 10/11/2011 06:09:58 | Computer Name = GIFTY | Source = Application Error | ID = 1000
Description = Faulting application zhotkey.exe, version 3.0.0.10, faulting module
zhotkey.exe, version 3.0.0.10, fault address 0x00009b75.

Error - 10/11/2011 09:29:51 | Computer Name = GIFTY | Source = Application Error | ID = 1000
Description = Faulting application zhotkey.exe, version 3.0.0.10, faulting module
zhotkey.exe, version 3.0.0.10, fault address 0x00009b75.

Error - 10/11/2011 14:13:25 | Computer Name = GIFTY | Source = Application Error | ID = 1000
Description = Faulting application zhotkey.exe, version 3.0.0.10, faulting module
zhotkey.exe, version 3.0.0.10, fault address 0x00009b75.

Error - 10/11/2011 15:02:17 | Computer Name = GIFTY | Source = Application Error | ID = 1000
Description = Faulting application zhotkey.exe, version 3.0.0.10, faulting module
zhotkey.exe, version 3.0.0.10, fault address 0x00009b75.

[ OSession Events ]
Error - 22/09/2007 07:19:40 | Computer Name = GIFTY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 363
seconds with 120 seconds of active time. This session ended with a crash.

Error - 22/09/2007 07:20:09 | Computer Name = GIFTY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 30/01/2009 14:09:40 | Computer Name = GIFTY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 17573
seconds with 4500 seconds of active time. This session ended with a crash.

Error - 09/06/2011 06:34:21 | Computer Name = GIFTY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1320
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 03/11/2011 09:33:06 | Computer Name = GIFTY | Source = DCOM | ID = 10010
Description = The server {0228576F-6E6C-4E1A-B175-0E46A316AFE2} did not register
with DCOM within the required timeout.

Error - 03/11/2011 09:40:57 | Computer Name = GIFTY | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000043'
while processing the file 'attrib' on the volume 'HarddiskVolume1'. It has stopped
monitoring the volume.

Error - 03/11/2011 09:42:26 | Computer Name = GIFTY | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 00000000, parameter2 00000002, parameter3
00000001, parameter4 f8314a55.

Error - 03/11/2011 10:25:57 | Computer Name = GIFTY | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service McComponentHostService
with arguments "" in order to run the server: {CC6F4D12-8575-4CFF-9455-CF5774AEB13B}

Error - 03/11/2011 10:26:34 | Computer Name = GIFTY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the McAfee Security Scan
Component Host Service service to connect.

Error - 03/11/2011 10:26:36 | Computer Name = GIFTY | Source = Service Control Manager | ID = 7000
Description = The McAfee Security Scan Component Host Service service failed to
start due to the following error: %%1053

Error - 07/11/2011 04:47:11 | Computer Name = GIFTY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.

Error - 07/11/2011 04:47:12 | Computer Name = GIFTY | Source = Service Control Manager | ID = 7000
Description = The HTTP SSL service failed to start due to the following error: %%1053

Error - 10/11/2011 09:30:58 | Computer Name = GIFTY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 10/11/2011 09:30:58 | Computer Name = GIFTY | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053


< End of report >


descriptionComputer Runs Very Slow EmptyRe: Computer Runs Very Slow17th November 2011, 2:33 pm

more_horiz
Results of screen317's Security Check version 0.99.25
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Internet Security
Norton 360
McAfee Security Scan Plus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 20
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player ( 10.0.45.2) Flash Player Out of Date!
Mozilla Firefox ((3.6.24)) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 afwServ.exe
Alwil Software Avast5 AvastSvc.exe
ALWILS~1 Avast5 avastUI.exe
``````````End of Log````````````

descriptionComputer Runs Very Slow EmptyRe: Computer Runs Very Slow24th November 2011, 6:16 pm

more_horiz
Hi,


Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

When saving ComboFix rename it to Belahzur.exe to prevent it from being blocked by malware.


Refer to this image:

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click Belahzur.exe to run it.

    You will see the following image:
Computer Runs Very Slow NSIS_disclaimer_ENG

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

Computer Runs Very Slow NSIS_extraction

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Computer Runs Very Slow RcAuto1

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Computer Runs Very Slow Whatnext

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Computer Runs Very Slow DXwU4
Computer Runs Very Slow VvYDg

descriptionComputer Runs Very Slow EmptyRe: Computer Runs Very Slow25th November 2011, 1:53 pm

more_horiz
ComboFix 11-11-25.01 - GIFTY FRIMPONG 25/11/2011 12:39:36.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.502.131 [GMT 0:00]
Running from: c:\documents and settings\GIFTY FRIMPONG\My Documents\Belahzur.exe
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\GIFTY FRIMPONG\g2mdlhlpx.exe
c:\documents and settings\GIFTY FRIMPONG\My Documents\~WRL0005.tmp
c:\documents and settings\GIFTY FRIMPONG\WINDOWS
c:\windows\CSC\d6
c:\windows\kb913800.exe
c:\windows\system32\_003353_.tmp.dll
c:\windows\system32\_003354_.tmp.dll
c:\windows\system32\_003355_.tmp.dll
c:\windows\system32\_003356_.tmp.dll
c:\windows\system32\_003363_.tmp.dll
c:\windows\system32\_003364_.tmp.dll
c:\windows\system32\_003365_.tmp.dll
c:\windows\system32\_003366_.tmp.dll
c:\windows\system32\_003368_.tmp.dll
c:\windows\system32\_003369_.tmp.dll
c:\windows\system32\_003372_.tmp.dll
c:\windows\system32\_003373_.tmp.dll
c:\windows\system32\_003375_.tmp.dll
c:\windows\system32\_003376_.tmp.dll
c:\windows\system32\_003377_.tmp.dll
c:\windows\system32\_003379_.tmp.dll
c:\windows\system32\_003382_.tmp.dll
c:\windows\system32\_003383_.tmp.dll
c:\windows\system32\_003387_.tmp.dll
c:\windows\system32\_003388_.tmp.dll
c:\windows\system32\_003390_.tmp.dll
c:\windows\system32\_003392_.tmp.dll
c:\windows\system32\_003393_.tmp.dll
c:\windows\system32\_003395_.tmp.dll
c:\windows\system32\_003396_.tmp.dll
c:\windows\system32\_003397_.tmp.dll
c:\windows\system32\_003398_.tmp.dll
c:\windows\system32\_003399_.tmp.dll
c:\windows\system32\_003402_.tmp.dll
c:\windows\system32\_003403_.tmp.dll
c:\windows\system32\_003404_.tmp.dll
c:\windows\system32\_003405_.tmp.dll
c:\windows\system32\_003406_.tmp.dll
c:\windows\system32\_003411_.tmp.dll
c:\windows\system32\_003413_.tmp.dll
c:\windows\system32\config\systemprofile\WINDOWS
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-10-25 to 2011-11-25 )))))))))))))))))))))))))))))))
.
.
2011-11-07 21:28 . 2011-11-07 21:28 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2007-07-30 08:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2007-07-30 07:59 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 10:41 . 2008-07-29 18:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41 . 2007-07-30 08:01 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 10:41 . 2007-07-30 08:01 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 20:45 . 2011-06-09 10:28 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2010-02-06 16:28 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-06-09 10:32 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-09-06 20:38 . 2010-03-13 15:17 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2010-02-06 16:28 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:37 . 2011-06-09 10:31 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-09-06 20:36 . 2010-02-06 16:28 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2010-02-06 16:28 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2010-02-06 16:28 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2010-02-06 16:28 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2010-02-06 16:28 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2010-02-06 16:28 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 13:20 . 2008-08-06 22:59 1858944 ----a-w- c:\windows\system32\win32k.sys
2010-08-11 11:00 . 2008-12-28 18:45 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-06 68856]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"BIBLauncher"="c:\program files\Business-in-a-Box\BIBLauncher.exe" [2009-03-11 682712]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-11 30192]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-09 139264]
"CHotkey"="zHotkey.exe" [2004-12-08 550912]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2006-01-15 8744960]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-09-07 98304]
"MediaFace Integration"="c:\program files\Fellowes\MediaFACE 4.0\SetHook.exe" [2004-07-01 53248]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2007-7-30 2168360]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-12-15 73728]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\sipgate X-Lite\\sipgateXLite.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"88:TCP"= 88:TCP:BroadWave Audio Streaming Server Web Server
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [09/06/2011 10:28 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [09/06/2011 10:31 195416]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [07/11/2011 21:28 56208]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [09/06/2011 10:32 111320]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [13/03/2010 15:17 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [06/02/2010 16:28 320856]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [26/02/2010 17:11 390528]
R1 RapportCerberus_32301;RapportCerberus_32301;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys [07/11/2011 21:30 227312]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [07/11/2011 21:28 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [07/11/2011 21:28 164112]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06/02/2010 16:28 20568]
R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [09/06/2011 10:28 127192]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [07/11/2011 21:28 931640]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 11:31 92008]
R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [12/08/2011 11:08 21520]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [01/02/2010 00:03 135664]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [30/07/2007 01:32 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [01/02/2010 00:03 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 12:49 227232]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RAPPORTIASO
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 00:03]
.
2011-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 00:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\GIFTY FRIMPONG\Application Data\Mozilla\Firefox\Profiles\t7ic9gb8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.ghanaweb.com/GhanaHomePage/NewsArchive/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
HKLM-Run-SigmatelSysTrayApp - sttray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-25 13:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(8252)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\SigmaTel\C-Major Audio\WDM\Stacsv.exe
c:\windows\system32\UAService7.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
c:\windows\system32\dllhost.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2011-11-25 13:21:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-25 13:20
.
Pre-Run: 154,237,218,816 bytes free
Post-Run: 156,217,311,232 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 33E02D184A72AFBCFFDEF6140A939CA9

descriptionComputer Runs Very Slow EmptyRe: Computer Runs Very Slow1st December 2011, 12:50 am

more_horiz
Hi,


Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

When saving ComboFix rename it to Belahzur.exe to prevent it from being blocked by malware.


Refer to this image:

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click Belahzur.exe to run it.

    You will see the following image:
Computer Runs Very Slow NSIS_disclaimer_ENG

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

Computer Runs Very Slow NSIS_extraction

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Computer Runs Very Slow RcAuto1

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Computer Runs Very Slow Whatnext

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Computer Runs Very Slow DXwU4
Computer Runs Very Slow VvYDg

descriptionComputer Runs Very Slow EmptyRe: Computer Runs Very Slow2nd December 2011, 4:51 pm

more_horiz
ComboFix 11-12-02.01 - GIFTY FRIMPONG 02/12/2011 14:28:28.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.502.109 [GMT 0:00]
Running from: c:\documents and settings\GIFTY FRIMPONG\My Documents\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-11-02 to 2011-12-02 )))))))))))))))))))))))))))))))
.
.
2011-11-07 21:28 . 2011-11-07 21:28 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2007-07-30 08:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2007-07-30 07:59 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 10:41 . 2008-07-29 18:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41 . 2007-07-30 08:01 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 10:41 . 2007-07-30 08:01 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 20:45 . 2011-06-09 10:28 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2010-02-06 16:28 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-06-09 10:32 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-09-06 20:38 . 2010-03-13 15:17 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2010-02-06 16:28 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:37 . 2011-06-09 10:31 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-09-06 20:36 . 2010-02-06 16:28 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2010-02-06 16:28 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2010-02-06 16:28 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2010-02-06 16:28 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2010-02-06 16:28 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2010-02-06 16:28 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 13:20 . 2008-08-06 22:59 1858944 ----a-w- c:\windows\system32\win32k.sys
2010-08-11 11:00 . 2008-12-28 18:45 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-25_13.10.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-02 13:33 . 2011-12-02 13:33 16384 c:\windows\Temp\Perflib_Perfdata_770.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"BIBLauncher"="c:\program files\Business-in-a-Box\BIBLauncher.exe" [2009-03-11 682712]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-11 30192]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-09 139264]
"CHotkey"="zHotkey.exe" [2004-12-08 550912]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2006-01-15 8744960]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-09-07 98304]
"MediaFace Integration"="c:\program files\Fellowes\MediaFACE 4.0\SetHook.exe" [2004-07-01 53248]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2007-7-30 2168360]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-12-15 73728]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\sipgate X-Lite\\sipgateXLite.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"88:TCP"= 88:TCP:BroadWave Audio Streaming Server Web Server
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [09/06/2011 10:28 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [09/06/2011 10:31 195416]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [07/11/2011 21:28 56208]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [09/06/2011 10:32 111320]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [13/03/2010 15:17 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [06/02/2010 16:28 320856]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [26/02/2010 17:11 390528]
R1 RapportCerberus_32301;RapportCerberus_32301;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys [07/11/2011 21:30 227312]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [07/11/2011 21:28 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [07/11/2011 21:28 164112]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06/02/2010 16:28 20568]
R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [09/06/2011 10:28 127192]
R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [12/08/2011 11:08 21520]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [01/02/2010 00:03 135664]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [30/07/2007 01:32 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [01/02/2010 00:03 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 12:49 227232]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RAPPORTIASO
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 00:03]
.
2011-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 00:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\GIFTY FRIMPONG\Application Data\Mozilla\Firefox\Profiles\t7ic9gb8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.ghanaweb.com/GhanaHomePage/NewsArchive/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-02 15:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(16920)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-12-02 16:00:42
ComboFix-quarantined-files.txt 2011-12-02 16:00
ComboFix2.txt 2011-11-25 13:21
.
Pre-Run: 157,186,293,760 bytes free
Post-Run: 157,168,521,216 bytes free
.
- - End Of File - - 36B2546E0E7C5D4AC251818502E0CDE5

descriptionComputer Runs Very Slow EmptyRe: Computer Runs Very Slow5th December 2011, 6:01 pm

more_horiz
Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Computer Runs Very Slow DXwU4
Computer Runs Very Slow VvYDg

descriptionComputer Runs Very Slow EmptyRe: Computer Runs Very Slow6th December 2011, 3:57 pm

more_horiz
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17103 (vista_gdr.110816-1000)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=091fbdad3e23504a8cf815097be542aa
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-06 02:31:17
# local_time=2011-12-06 02:31:17 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=770 16774141 100 100 7239638 259456985 0 0
# compatibility_mode=8192 67108863 100 0 179 179 0 0
# scanned=244785
# found=2
# cleaned=2
# scan_time=6044
C:\My Backup -- 07-07-30 0112AM\Program Files\Starware368\Starware368Uninstall.exe probably a variant of Win32/Agent.FSRWMPM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C5F4720D-C49C-4992-B306-4B61FC2D2738}\RP582\A0334737.exe probably a variant of Win32/Agent.FSRWMPM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

descriptionComputer Runs Very Slow EmptyRe: Computer Runs Very Slow17th January 2012, 5:54 am

more_horiz
Hi Belahzur and the GeekPolice Team,
Thank you for the great support that many of us do receive from you.
It’s been over a month now since you asked me to scan my computer and send you the details. Since then I’ve been waiting for further instructions from you but since I haven’t received anything from you, I thought you may also be waiting to hear the update from me that’s why you haven’t sent me anything yet, so here is the update of my computer.
My computer was extremely slow prior to contacting you but I have seen some changes after following your instructions and also deleting some programmes to free up memory. The speed has increased a little bit but not up to the standard where it was some time back.

It still takes longer to start and load all the icons on the desk top, and also takes longer to search for information on the internet. There is some improvement but it is still slow.

Thanks.

Jacob.

descriptionComputer Runs Very Slow EmptyRe: Computer Runs Very Slow25th January 2012, 6:39 pm

more_horiz
Looks like I missed this :\

Congratulations!! Your PC is all clean! ;D

To uninstall ComboFix



  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall


Computer Runs Very Slow Combofix_uninstall_image

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)



  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

=========



Please run OTL.exe.


  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Commands
    [emptytemp]
    [emptyflash]
    [clearallrestorepoints]
    [reboot]

    Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe


If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

======

Remove OTL:

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.


  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.


Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
=======

Download [URL="http://screen317.changelog.fr/SecurityCheck.exe"]Security Check[/URL] by screen317 and save it to your Desktop.

  • Double-click Security Check.exe to start the application
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Note: if a security program requests permission from dig.exe to access the Internet, allow it to do so.
=======

There are many things you can do to keep this from happening again. You can think of a computer like a car. It requires basic maintenance to keep in tip top shape and ready to go. Would you drive your car 100,000 miles without changing the oil? The same principle applies here.

For some helpful tips regarding why you were infected in the first place, what you can do to keep this from happening again, and routine basic maintenance you should be performing on your PC to keep it running, you may wish to review the following threads:

[URL="http://www.pchelpforum.com/fixed-hijackthis-logs/64964-so-you-want-prevent-happening.html"]So, you want to keep this from happening again?[/URL]
[URL="http://www.pchelpforum.com/fixed-hijackthis-logs/57400-how-did-i-get-infected.html"]How Did I Get Infected?[/URL]
[URL="http://www.pchelpforum.com/fixed-hijackthis-logs/59327-now-you-all-clean-afterwork.html"]Computer Runs Very Slow Pchf_afterwork[/URL]

In your next reply:

Please confirm removal of the tools
Post the SecurityCheck log

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Computer Runs Very Slow DXwU4
Computer Runs Very Slow VvYDg

descriptionComputer Runs Very Slow EmptyRe: Computer Runs Very Slow

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum