Laptop running slow.

Hi,

My laptop is running very slow for the past one week. The applications, launching the browser, we pages is so so slow. Yesterday i did a virus scan with Malware bytes and it removed 6 of them.

Still my laptop is slow.
Please help.
-Priya-

Can you post the MBAM report please?

Hi,

do u want me to do a fresh scan or the log file of yesterday's scan?
If it is yesterday, here it goes

Malwarebytes' Anti-Malware 1.36
Database version: 2062
Windows 5.1.2600 Service Pack 3

4/30/2009 3:30:44 PM
mbam-log-2009-04-30 (15-30-44).txt

Scan type: Quick Scan
Objects scanned: 102000
Time elapsed: 26 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 4
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36f53a13-f580-42c5-8080-e4b08cc895f7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{36f53a13-f580-42c5-8080-e4b08cc895f7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bamilabuga (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cc3400b3 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

That explains the slowness, MBAM found vundo.

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  
• Double click DDS.scr to run
  
• When complete, DDS.txt will open.
  
• Save the report to your Desktop.
  
• Copy and paste DDS.txt back here, I don't need to see attach.txt.
  

DDS (Ver_09-03-16.01) - NTFSx86
Run by Saravanan at 14:21:07.96 on Fri 05/01/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.323 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\C4ebreg\c4ebreg.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\C4ebreg\isamtray.exe
C:\Documents and Settings\Saravanan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Saravanan\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Saravanan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Windows Internet Explorer provided by Yahoo!
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride =
uSearchAssistant =
mSearchAssistant =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
uRun: [Google Update] "c:\documents and settings\saravanan\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe
mRun: [TP4EX] tp4ex.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [QCWLICON] c:\program files\thinkpad\connectutilities\QCWLICON.EXE
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [C4EBReg] "c:\program files\c4ebreg\c4ebreg.exe" /q
mRun: [Isamtray] "c:\program files\c4ebreg\isamtray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\ibm\bluetooth software\btsendto_ie_ctx.htm
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} - hxxps://ra.qwest.com/sdccommon/download/tgctlins.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://ra.qwest.com/sdccommon/download/tgctlcm.cab
DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - hxxp://www.kumudam.com/wfplayer/tdserver.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://shop.lenovo.com/SEUILibrary/lenovo-portal/cab/autodetect/acpir.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://img4.orkut.com/activex/10036/photouploader.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {84B93AC6-A7F2-4420-9FED-EE6735EA9C8D} - hxxp://www.bigad.com.au/player/vivid_ocx.jpeg
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9519B2A2-6592-4E41-8290-D0298459270C} - hxxp://w3.ibm.com/bluepages/scripts/lnwebassist.cab
DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} - hxxp://community.webshots.com/html/WSPhotoUploader.CAB
DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} - hxxp://www.ooxtv.com/livetv.ocx
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {C130F0B3-CD97-4DFC-B052-2BD17A7B82F5} - hxxp://activex.microsoft.com/objects/ocget.dll
DPF: {CA8A9780-280D-11CF-A24D-444553540000} - hxxp://activex.microsoft.com/objects/ocget.dll
DPF: {CB97291A-6603-466A-AA11-80C2EB74CB10} - hxxps://install.cox.net/CoxSelfInstall/CoxSelfInstallAx10.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.vjage.com/download/vjocx-en.cab
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: QConGina - QConGina.dll
Notify: tphotkey - tphklock.dll
AppInit_DLLs: c:\windows\system32\geponesu.dll c:\windows\system32\fuliyulo.dll c:\windows\system32\kawitege.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli pwdmon c:\windows\system32\geponesu.dll c:\windows\system32\fuliyulo.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sarava~1\applic~1\mozilla\firefox\profiles\nvhb8pi6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\saravanan\application data\mozilla\firefox\profiles\nvhb8pi6.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\saravanan\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\saravanan\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - HiddenExtension: XUL Cache: {00818160-A769-4E2E-AD8C-64F9A156CFBF} - c:\documents and settings\saravanan\local settings\application data\{00818160-A769-4E2E-AD8C-64F9A156CFBF}

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-10 64160]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [2005-8-25 59776]
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [2005-8-25 14208]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2005-8-25 11520]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.SYS [2005-8-25 2432]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-16 214024]
R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [2005-8-25 4608]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2005-8-25 4442]
R2 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [2004-12-16 63616]
R2 ISAMSvc;IBM Standard Asset Manager Service;c:\program files\c4ebreg\c4ebreg.exe [2007-9-7 364544]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-3-26 79880]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-3-26 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-3-26 40552]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [2005-8-25 6016]
S3 artour;IBM Mobility Interface for Windows;c:\windows\system32\drivers\artndint.sys [2007-7-3 7760]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-3-26 34216]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [2005-8-25 12288]

============== File Associations ===============

inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"

=============== Created Last 30 ================

2009-04-15 07:49 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-15 07:49 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-04-15 07:49 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-15 07:49 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-04-15 07:49 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-15 07:49 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 07:49 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 07:49 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 07:49 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-15 07:49 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-15 07:25 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-15 07:25 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 07:25 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-08 07:22 0 a------- c:\windows\Omicijezoweqoha.bin
2009-04-08 07:22 408 a------- c:\windows\Cxetodefakoro.dat
2009-04-05 19:15 --d----- c:\program files\WinPcap

==================== Find3M ====================

2009-05-01 13:57 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-05-01 13:57 0 a------- c:\windows\system32\drivers\logiflt.iad
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-30 11:07 23,596,840 a------- C:\SkypeSetupFull.exe
2009-03-27 18:33 15,452,536 a------- C:\IE7-WindowsXP-x86-enu.exe
2009-03-27 13:54 2,906,216 a------- C:\mbam-setup.exe
2009-03-27 11:38 1,222,128 a------- C:\DMSetup-Serial.exe
2009-03-27 10:39 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-26 13:38 812,344 a------- c:\program files\HJTInstall.exe
2009-03-26 13:35 438,592 a------- C:\msgr9us.exe
2009-03-25 11:06 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 11:06 214,024 a------- c:\windows\system32\drivers\mfehidk.sys
2009-03-25 11:06 79,880 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 11:06 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-03-25 11:05 34,216 a------- c:\windows\system32\drivers\mferkdk.sys
2009-03-21 07:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-10 22:18 934,792 -------- c:\windows\system32\dllcache\WgaTray.exe
2009-03-10 22:18 239,496 -------- c:\windows\system32\dllcache\wgaLogon.dll
2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-27 21:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 03:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 03:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-19 22:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-02-09 05:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 05:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 05:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 05:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 04:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-07 19:02 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 04:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 04:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 04:08 2,189,056 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 04:06 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 03:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 03:32 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-03 12:59 56,832 a------- c:\windows\system32\secur32.dll
2009-02-03 12:59 56,832 -------- c:\windows\system32\dllcache\secur32.dll

============= FINISH: 14:25:13.31 ===============

Hello.

Please download GooredFix and save it to your Desktop. Please double-click GooredFix.exe on your Desktop to run it. Select 2. Fix Goored by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
  
• Please double-click OTMoveIt3.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :files
  c:\windows\system32\drivers\lvuvc.hs
  C:\msgr9us.exe
  c:\windows\system32\drivers\logiflt.iad
  c:\windows\Omicijezoweqoha.bin
  c:\windows\Cxetodefakoro.dat
  
  :reg
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  "AppInit_DLLs"=-
  "AppInit_DLLs"=""
  [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
  "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
  
  
  
• Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt3
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log and GooredFix log.

GooredFix v1.92 by jpshortstuff
Log created at 14:54 on 01/05/2009 running Option #2 (Saravanan)
Firefox version 3.0.10 (en-US)

=====Goored Deletions=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{00818160-A769-4E2E-AD8C-64F9A156CFBF}"="C:\Documents and Settings\Saravanan\Local Settings\Application Data\{00818160-A769-4E2E-AD8C-64F9A156CFBF}"
->Backing up value... Done.
->Deleting value... Done.

C:\Documents and Settings\Saravanan\Local Settings\Application Data\{00818160-A769-4E2E-AD8C-64F9A156CFBF}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{CAE7BB59-7CF6-4B42-887F-6002DBA05CB5}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor"










========== FILES ==========
c:\windows\system32\drivers\lvuvc.hs moved successfully.
C:\msgr9us.exe moved successfully.
c:\windows\system32\drivers\logiflt.iad moved successfully.
c:\windows\Omicijezoweqoha.bin moved successfully.
c:\windows\Cxetodefakoro.dat moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLs"|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05012009_145740

Hello.

Click Start >> Run and then copy/paste the following into the box and hit Enter:
"%userprofile%\Desktop\GooredFix.exe" /uninstall
note the space between " /
If any of your security programs query a new Registry/AutoStart value being added please allow the changes.

We can remove OTMoveIt now.

• Please double-click OTMoveIt3.exe to run it again.
  
• Press the green CleanUp! button.
  
• Press Yes cleanup process prompt, do the same for the reboot prompt.
  

How is the machine running now?

Thanks Belahzur. I can see the difference.
I suspect this virus to have come from a website called as www.techsatish.net.
I visit that website to see indian serials/soaps.
Do u think that website is a infected one ?

Hard to tell. I'm not disabling NoScript to allow that site, but it looks like a warez site.

I would avoid it if I was you.

The Laptop is working fine now..fast enough ! Thank u so very much!

Ok dear! Thanks for all the help provided! Have a great time!!