Infected. Slowing computer

========== Files Created - No Company Name ==========

[2011/02/27 10:26:26 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/02/27 00:47:47 | 000,075,264 | ---- | C] () -- C:\Users\Orlando\Desktop\SystemLook.exe
[2011/02/26 20:58:12 | 000,001,416 | ---- | C] () -- C:\Users\Orlando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/02/26 20:57:59 | 000,001,410 | ---- | C] () -- C:\Users\Orlando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/02/26 20:57:59 | 000,001,404 | ---- | C] () -- C:\Users\Orlando\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/26 20:50:14 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/02/26 20:50:14 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/02/25 21:11:24 | 000,000,462 | ---- | C] () -- C:\Windows\tasks\ASOService.job
[2011/02/25 19:11:40 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/02/25 19:11:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/02/25 19:11:40 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/02/25 19:11:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/02/25 19:11:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/25 19:09:00 | 004,274,659 | R--- | C] () -- C:\Users\Orlando\Desktop\ComboFix.exe
[2011/02/24 17:32:42 | 000,296,448 | ---- | C] () -- C:\Users\Orlando\Desktop\gmer.exe
[2011/02/24 17:17:50 | 000,288,107 | ---- | C] () -- C:\Users\Orlando\Desktop\gmer.zip
[2011/02/23 18:41:13 | 000,002,332 | ---- | C] () -- C:\Users\Orlando\Desktop\Google Chrome.lnk
[2011/02/23 18:35:18 | 000,001,930 | ---- | C] () -- C:\Users\Orlando\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/23 18:35:15 | 000,001,906 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/02/23 18:16:55 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1303545217-2589164206-708239540-1000UA.job
[2011/02/23 18:13:57 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1303545217-2589164206-708239540-1000Core.job
[2011/02/21 21:46:56 | 000,129,289 | ---- | C] () -- C:\Users\Orlando\Desktop\12133.png
[2011/02/20 16:21:29 | 001,401,379 | ---- | C] () -- C:\Users\Orlando\Desktop\BlackRock Liquidity.PDF
[2011/02/19 16:21:33 | 000,044,318 | ---- | C] () -- C:\Users\Orlando\Desktop\Macro-Winter2011-Hw3.pdf
[2011/02/19 16:15:44 | 000,055,210 | ---- | C] () -- C:\Users\Orlando\Desktop\Macro-Winter2011-Hw2_Sol.pdf
[2011/02/19 13:00:33 | 000,006,086 | ---- | C] () -- C:\Users\Orlando\Desktop\Attach.zip
[2011/02/19 12:50:54 | 000,624,128 | ---- | C] () -- C:\Users\Orlando\Desktop\dds.scr
[2011/02/19 12:50:17 | 000,001,071 | ---- | C] () -- C:\Users\Orlando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/02/19 12:50:05 | 000,000,872 | ---- | C] () -- C:\Users\Orlando\Desktop\ERUNT.lnk
[2011/02/19 10:42:23 | 001,253,436 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/02/19 10:22:15 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2011/02/19 10:21:47 | 001,252,984 | ---- | C] () -- C:\Users\Orlando\Desktop\Google Updater.exe
[2011/02/17 19:05:56 | 000,071,852 | ---- | C] () -- C:\Users\Orlando\Desktop\iPod Software License.rtf
[2011/02/16 23:09:37 | 005,298,620 | ---- | C] () -- C:\Users\Orlando\Desktop\greenpois0n.exe
[2011/02/16 23:09:37 | 000,002,657 | ---- | C] () -- C:\Users\Orlando\Desktop\README
[2011/02/09 20:22:54 | 000,736,638 | ---- | C] () -- C:\Users\Orlando\Desktop\Winter Term 2010-11 Ethics Assignment.pdf
[2011/01/30 18:36:46 | 000,670,598 | ---- | C] () -- C:\Users\Orlando\Desktop\Food Presentation- Curtis.PDF
[2011/01/30 12:13:58 | 000,091,665 | ---- | C] () -- C:\Users\Orlando\Documents\Orlando_Lam.pdf
[2011/01/14 21:09:16 | 008,673,792 | ---- | C] () -- C:\ProgramData\atscie.msi
[2010/12/14 09:28:26 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2010/11/09 19:35:54 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\pv_c3.exe
[2010/09/26 14:00:13 | 000,000,086 | ---- | C] () -- C:\Users\Orlando\AppData\Roaming\urhtps.dat
[2010/09/26 11:32:53 | 000,051,200 | ---- | C] () -- C:\Users\Orlando\AppData\Roaming\6y6xpuez.default.dat
[2010/09/18 17:52:34 | 000,000,168 | ---- | C] () -- C:\Windows\wininit.ini
[2010/06/19 08:15:58 | 000,007,606 | ---- | C] () -- C:\Users\Orlando\AppData\Local\Resmon.ResmonCfg
[2010/06/03 22:07:34 | 000,000,248 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat
[2010/06/03 22:06:07 | 000,000,305 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat
[2010/06/03 22:05:32 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010/04/11 09:44:22 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2010/04/11 09:44:22 | 000,036,110 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpowerAMP Music Converter.dat
[2010/03/27 00:40:12 | 000,000,686 | ---- | C] () -- C:\Users\Orlando\AppData\Roaming\myMPQ.ini
[2010/03/20 08:12:47 | 000,000,532 | ---- | C] () -- C:\Windows\eReg.dat
[2010/03/10 12:26:26 | 000,006,144 | ---- | C] () -- C:\Users\Orlando\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/23 17:05:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/08 20:34:07 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\ssinstaller.dll
[2009/12/23 15:21:27 | 000,014,094 | ---- | C] () -- C:\Windows\scunin.dat
[2009/12/20 20:42:18 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/12/04 12:20:00 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/12/03 23:32:09 | 000,163,735 | ---- | C] () -- C:\Windows\hpoins36.dat
[2009/12/03 23:32:09 | 000,000,652 | ---- | C] () -- C:\Windows\hpomdl36.dat
[2009/12/03 13:23:46 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2009/12/03 12:57:16 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/12/03 12:57:16 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/12/02 08:40:53 | 000,002,029 | ---- | C] () -- C:\Users\Orlando\AppData\Roaming\install.dat
[2009/08/18 14:45:45 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/29 23:35:03 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
[2009/07/29 23:34:42 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:14:38 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\wuapi.dll
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:09:16 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\WMVSDECD.DLL
[2009/07/13 19:03:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dsdmo.dll
[2009/07/13 18:46:12 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\iscsicpl.exe
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:31:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\WsmSvc.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/11/07 20:08:20 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2008/10/08 22:38:27 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2007/08/06 12:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe
[2002/09/17 23:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe
[2000/01/27 23:00:00 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\wrkgadm.exe
[2000/01/27 23:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\HLINKPRX.DLL

========== LOP Check ==========

[2010/09/26 07:14:04 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\5005
[2011/02/05 13:31:31 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\Acapela Group
[2009/12/03 17:37:34 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\acccore
[2010/09/19 07:34:03 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\Audacity
[2010/06/03 22:07:34 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\BITS
[2010/09/26 07:13:34 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\cock
[2010/03/18 15:05:09 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\DAEMON Tools Lite
[2010/11/30 22:23:20 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\Elluminate
[2010/06/03 22:05:23 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\FlashGet
[2010/06/03 22:05:13 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\FlashGetBHO
[2011/01/15 22:50:23 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\Foxit Software
[2010/12/25 00:08:22 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\HLSW
[2009/12/03 22:59:58 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\Leadertech
[2010/09/25 13:55:58 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\ManyCam
[2010/12/10 13:30:10 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\Opera
[2010/01/22 15:10:58 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\Smartsims
[2009/12/14 00:41:59 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\SystemRequirementsLab
[2010/05/09 23:20:46 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\Systweak
[2010/12/19 21:17:00 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\xmldm
[2011/02/05 13:31:40 | 000,000,000 | ---D | M] -- C:\Users\Orlando\AppData\Roaming\Xtranormal
[2011/02/27 10:26:26 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/02/27 11:00:24 | 000,000,462 | ---- | M] () -- C:\Windows\Tasks\ASOService.job
[2011/02/23 16:42:59 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 171 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >
 
Backup Your Registry with ERUNT:
  • Download erunt.zip to your Desktop from here:
    http://aumha.org/downloads/erunt.zip
  • Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
  • Inside the new folder, double-click ERUNT.exe to start the program
  • OK all the prompts to back up your registry to the default location.
Note: to restore your registry, go to the backup folder and start ERDNT.exe







Open OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code:
    :processes
    killallprocesses
    
    :OTL
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1303545217-2589164206-708239540-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    
    
    :Services
    
    :Reg
    
    :Files
    
    
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top. <--Not run Scan
  • Let the program run unhindered, reboot when it is done
  • Then post the results of the log it produces.
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
 
How are you coming along ? Eventlog is up and running with no problems. Even though OTL can run on 64 bit systems yours may be giving it a go.
 
Not as terrible as before. Still noticeable, especially if I right click something or open files/programs, the loading circle comes up and stays up, programs may not respond for a bit. Not getting random disconnects from wireless. Still can't open Firefox or Chrome.

I've been getting this message on start-up.
Checking file system on C:
This type of file system is NTFS.
Volume label is Vista64.

One of your disks needs to be checked for consistency. You may cancel the disk check, but it is strongly recommended that you continue.
To skip disk checking, press any key within 10 seconds.

When I let it go, it goes right to normal start-up.

Also I keep getting this Warning! message pop-up.
Error saving file C:\Windows\ERDNT\AutoBackup\2-28-2011/BCD ! Continue with next file? [ RegCreateKeyEx: 5 - Access is denied ]" and Yes/No option. I click No, it goes away. If I click Yes, pretty much same message except with \system instead of BCD, click Yes and it's \software, then \default, then \security, then \sam, then \components, then \Users\00000001\ntuser.dat, and then \Users\00000002\UsrClass.dat

All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-1303545217-2589164206-708239540-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Orlando
->Temp folder emptied: 172323 bytes
->Temporary Internet Files folder emptied: 50084933 bytes
->Java cache emptied: 1519085 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 819568 bytes
->Opera cache emptied: 6536254 bytes
->Flash cache emptied: 38835 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1636099 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 577158 bytes

Total Files Cleaned = 59.00 mb


OTL by OldTimer - Version 3.2.22.2 log created on 02282011_194414

Files\Folders moved on Reboot...
C:\Users\Orlando\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\TMP000005C3B915E868BF21A6CA not found!

Registry entries deleted on Reboot...
 
It's telling me the type of file system is NTFS. Cannot lock current drive. Then chosen cannot run be wise the volume is in use by another process. Asked me to schedule on next restart. Same thing happens on restart. Counts down to 0 and freeze.
 
Hi,

Do you have your windows CD or the recovery CD that came with your computer. I think with all the problems your having I would do a repair install of windows, what this would do is reinstall windows over the current copy and it will repair as it installs.

You can post in this windows forum for help with that
http://forums.whatthetech.com/index.php?showforum=119

Let me know how it went
 
Just posting so thread doesn't get locked. Going to pick up an external to back up data.

If I am still experiencing lag after a repair install, what would be the next option?
 
Hi,

I would back up all your data, documents , pictures. Costco has some nice external hard drives for around $50, it would be to your benefit to do this anyway so you can save your stuff for future disasters

Let me ask you, is it just your browsers are slow or does your whole system have problems ?

Do you use a router ?
 
When I start up everything is ok except my browser which doesn't respond every 10 seconds. It goes away after about 20 minutes. If I try to open certain programs (iTunes or chrome) everything lags and windows explorer doesn't respond. There is no lag in safe mode. But I'm still not able to access my main browsers (firefox and chrome)

I use a cisco linksys router.
 
Why dont you try resetting your router. There is a small pin hole on the back that you can use a small object like a paper clip or ball point pen, you need to hold it in for 10 seconds or so and it will reset it back to the day you bought it. Then your going to have to use the disc that came with it and reinstall it.

Let me know how it went
 
Hi,

I have been so busy looking for malware on your system that I overlooked this. You have 3 Antivirus programs running, more than one is overkill and can severely hamper system performance.

AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}


I would uninstall two of them, your call but Avast is the one I would keep, uninstall two and see if things improve
 
The only reason I had Spyware Doctor was because Avast would not turn on when the problems started. I get the Unsecured system message and that Avast has been stopped. I click the Fix Now button and it still doesn't turn back on.
 
Back
Top