PC running slow

Original Message

Name: kam
Date: January 27, 2008 at 01:21:40 Pacific
Subject: PC running slow
OS: XP PROF
CPU/Ram: 240MB
Model/Manufacturer: AMD

Comment:

Can u pls help me as I think I have a virus as I keep picking up Vundo Adware. My system is operating slow.I can see in early posts jabuck you have helped other people out. Can you pls help out.
Thank You in advance.

Can nayone pls tell if my computer is infected. Log from Hijackthis as follows
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59:19, on 26/01/2008
Platform: Windows XP SP2 WinNT 5.

Report Offensive Message For Removal

Response Number 1

Name: jabuck
Date: January 27, 2008 at 05:51:31 Pacific
Subject: PC running slow

Reply: (edit)

Please download Atribune's VundoFix.exe from the following site to your desktop:
Vundofix.exe

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files,
click "yes".
Once you click yes, your desktop will go blank as it starts removing
Vundo.
When completed, it will prompt that it will reboot your computer,
click "ok".
Run Vundofix again.
Please download and install the latest version of HijackThis v2.0.2:

Download the "HijackThis" Installer from this link:
Hijack This

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Report Offensive Follow Up For Removal

Response Number 2

Name: kam
Date: January 27, 2008 at 08:00:32 Pacific
Subject: PC running slow

Reply: (edit)

Done as requested.
Thank you jabuck.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:54:17, on 27/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Kamlesh\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: {4291ac27-d9d4-f27a-c274-bcb1448ffd90} - {09dff844-1bcb-472c-a72f-4d9d72ca1924} - C:\WINDOWS\system32\fqvdvtou.dll (file missing)
O2 - BHO: (no name) - {1E018ABF-E6F8-4691-93AD-7BFC1CE8F823} - (no file)
O2 - BHO: (no name) - {4017A114-66F8-0019-F8B8-11A39388AF9D} - (no file)
O2 - BHO: (no name) - {4ACAE0BC-7051-43EA-8C49-C9513640497E} - (no file)
O2 - BHO: (no name) - {7EC48CE0-E341-45AF-9D44-DCE19C9E7F14} - (no file)
O2 - BHO: (no name) - {91801043-D2F4-49CE-A813-1278AD68516A} - (no file)
O2 - BHO: (no name) - {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} - (no file)
O2 - BHO: (no name) - {B5076127-5C81-4E21-B81B-B2CCF2AA6BD9} - (no file)
O2 - BHO: (no name) - {CE574968-AA01-4B04-B49B-FB9F0F00E24C} - C:\WINDOWS\system32\iifgh.dll (file missing)
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [005182ea] rundll32.exe "C:\WINDOWS\system32\enssgklx.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: urqromm - C:\WINDOWS\
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
--
End of file - 2864 bytes

Can nayone pls tell if my computer is infected. Log from Hijackthis as follows
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59:19, on 26/01/2008
Platform: Windows XP SP2 WinNT 5.

Report Offensive Follow Up For Removal

Response Number 3

Name: jabuck
Date: January 27, 2008 at 08:13:37 Pacific
Subject: PC running slow

Reply: (edit)

Go to start> control panel> add/remove programs and uninstall uTorrent at least untill we get you clean.
Run Hijack This, close all windows and browsers except Hijack This, place a check tothe left of the following items and press 'fix checked":
O2 - BHO: {4291ac27-d9d4-f27a-c274-bcb1448ffd90} - {09dff844-1bcb-472c-a72f-4d9d72ca1924} - C:\WINDOWS\system32\fqvdvtou.dll (file missing)
O2 - BHO: (no name) - {1E018ABF-E6F8-4691-93AD-7BFC1CE8F823} - (no file)
O2 - BHO: (no name) - {4017A114-66F8-0019-F8B8-11A39388AF9D} - (no file)
O2 - BHO: (no name) - {4ACAE0BC-7051-43EA-8C49-C9513640497E} - (no file)
O2 - BHO: (no name) - {7EC48CE0-E341-45AF-9D44-DCE19C9E7F14} - (no file)
O2 - BHO: (no name) - {91801043-D2F4-49CE-A813-1278AD68516A} - (no file)
O2 - BHO: (no name) - {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} - (no file)
O2 - BHO: (no name) - {B5076127-5C81-4E21-B81B-B2CCF2AA6BD9} - (no file)
O2 - BHO: (no name) - {CE574968-AA01-4B04-B49B-FB9F0F00E24C} - C:\WINDOWS\system32\iifgh.dll (file missing)
O20 - Winlogon Notify: urqromm - C:\WINDOWS\
Exit Hijaxk This.
Please download ComboFix to the desktop from one of the following links:
Link1
Link 2
Link 3

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.

Report Offensive Follow Up For Removal

Response Number 4

Name: kam
Date: January 27, 2008 at 08:45:01 Pacific
Subject: PC running slow

Reply: (edit)

Log as follows.
ComboFix 08-01-23.1C - Kamlesh 2008-01-27 16:30:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.76 [GMT 0:00]
Running from: C:\Documents and Settings\Kamlesh\Local Settings\Temporary Internet Files\Content.IE5\VT3YT9JN\ComboFix[2].exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\KAM.VIRGIN-47FCE461\Application Data\SMANTE~1
C:\Documents and Settings\KAM.VIRGIN-47FCE461\Start Menu\Programs\Outerinfo
C:\Documents and Settings\KAM.VIRGIN-47FCE461\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Kamlesh\Application Data\SSTEM~1
C:\Documents and Settings\Kamlesh\Application Data\SSTEM~1\s?stem\
C:\Documents and Settings\LocalService.NT AUTHORITY.004\Application Data\NetMon
C:\Documents and Settings\LocalService.NT AUTHORITY.004\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService.NT AUTHORITY.004\Application Data\NetMon\log.txt
C:\Documents and Settings\NetworkService.NT AUTHORITY.004\Application Data\NetMon
C:\Documents and Settings\NetworkService.NT AUTHORITY.004\Application Data\NetMon\domains.txt
C:\Documents and Settings\NetworkService.NT AUTHORITY.004\Application Data\NetMon\log.txt
C:\WINDOWS\mcroso~1.net
C:\WINDOWS\ssembl~1
C:\WINDOWS\ssembl~1\?ssembly\
.
((((((((((((((((((((((((( Files Created from 2007-12-27 to 2008-01-27 )))))))))))))))))))))))))))))))
.
2008-01-27 16:27 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-27 14:41 . 2008-01-27 16:37 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-01-27 01:20 . 2008-01-27 01:20 2,048 --a------ C:\WINDOWS\system32\drivers\827BD257-2591-4D77-AF00-2C050F4F34EF.cxv
2008-01-27 00:32 . 2008-01-27 00:32 294 ---hs---- C:\WINDOWS\system32\pwsktxkw.ini
2008-01-27 00:08 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-01-27 00:00 . 2008-01-27 00:00 1,024 --a------ C:\WINDOWS\system32\drivers\9373A663-0E91-4822-A846-F27B91040828.cxv
2008-01-26 23:54 . 2008-01-26 23:54 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-01-26 20:28 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-01-26 20:28 . 2005-07-06 17:13 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-01-26 20:28 . 2005-07-06 17:13 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-01-26 12:43 . 2008-01-26 12:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-26 12:05 . 2008-01-26 12:05 373 --a------ C:\WINDOWS\wininit.ini
2008-01-26 11:18 . 2008-01-26 11:18 <DIR> d-------- C:\Program Files\Defraggler
2008-01-26 01:00 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-01-25 23:57 . 2008-01-25 23:57 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-01-25 23:54 . 2004-08-04 12:00 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-01-25 23:53 . 2004-08-04 12:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-01-25 23:52 . 2004-08-04 12:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-01-25 23:51 . 2004-08-04 12:00 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-01-25 23:50 . 2004-08-04 12:00 290,816 --a--c--- C:\WINDOWS\system32\dllcache\adsiis51.dll
2008-01-25 23:49 . 2008-01-25 23:49 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-01-25 23:49 . 2008-01-25 23:49 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-01-25 23:49 . 2008-01-25 23:49 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-01-25 23:47 . 2008-01-25 23:47 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-01-25 23:47 . 2008-01-25 23:47 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-01-25 23:47 . 2008-01-25 23:47 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-01-25 23:47 . 2008-01-25 23:47 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-01-25 23:47 . 2008-01-25 23:47 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-01-25 23:47 . 2008-01-25 23:47 749 -rah----- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-01-25 23:47 . 2008-01-25 23:47 488 -rah----- C:\WINDOWS\system32\WindowsLogon.manifest
2008-01-25 23:47 . 2008-01-25 23:47 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-01-25 23:46 . 2004-08-04 12:00 4,399,505 --a--c--- C:\WINDOWS\system32\dllcache\nls302en.lex
2008-01-25 23:46 . 2004-08-04 12:00 99,840 --a--c--- C:\WINDOWS\system32\dllcache\helphost.exe
2008-01-25 23:46 . 2004-08-04 12:00 35,328 --a--c--- C:\WINDOWS\system32\dllcache\notiflag.exe
2008-01-25 23:46 . 2004-08-04 12:00 28,160 --a--c--- C:\WINDOWS\system32\dllcache\msoobe.exe
2008-01-25 23:46 . 2004-08-04 12:00 21,504 --a--c--- C:\WINDOWS\system32\dllcache\brpinfo.dll
2008-01-25 23:46 . 2004-08-04 12:00 11,264 --a--c--- C:\WINDOWS\system32\dllcache\atrace.dll
2008-01-25 23:46 . 2004-08-04 12:00 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2008-01-25 23:46 . 2004-08-04 12:00 6,656 --a--c--- C:\WINDOWS\system32\dllcache\hcappres.dll
2008-01-25 23:44 . 2008-01-25 23:44 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-01-25 23:44 . 2008-01-25 23:44 37 --a------ C:\WINDOWS\vbaddin.ini
2008-01-25 23:44 . 2008-01-25 23:44 36 --a------ C:\WINDOWS\vb.ini
2008-01-25 23:42 . 2004-08-04 12:00 1,352,192 --a--c--- C:\WINDOWS\system32\dllcache\cimwin32.dll
2008-01-25 23:32 . 2004-08-03 22:39 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2008-01-25 23:32 . 2001-08-17 14:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2008-01-25 23:32 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008-01-25 23:32 . 2004-08-03 23:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-01-25 23:32 . 2004-08-03 22:58 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2008-01-25 23:32 . 2004-08-03 23:07 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2008-01-25 23:31 . 2004-08-03 23:07 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2008-01-25 23:31 . 2004-08-03 23:15 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2008-01-25 23:31 . 2004-08-03 23:15 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2008-01-25 23:31 . 2004-08-03 22:58 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2008-01-25 23:31 . 2004-08-03 22:58 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2008-01-25 23:31 . 2001-08-17 13:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-01-25 23:30 . 2001-08-17 14:56 252,032 --a------ C:\WINDOWS\system32\sis300iv.dll
2008-01-25 23:30 . 2001-08-17 12:50 101,760 --a------ C:\WINDOWS\system32\drivers\sis300ip.sys
2008-01-25 23:30 . 2004-08-03 22:59 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-01-25 23:29 . 2001-08-17 12:20 297,728 --a------ C:\WINDOWS\system32\drivers\ac97sis.sys
2008-01-25 23:29 . 2004-08-03 23:15 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-01-25 23:29 . 2004-08-04 00:56 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-01-25 23:29 . 2004-08-03 23:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-01-25 23:29 . 2004-08-03 23:07 41,088 --a------ C:\WINDOWS\system32\drivers\SISAGP.SYS
2008-01-25 23:29 . 2004-08-03 23:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2008-01-25 23:29 . 2004-08-04 00:56 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2008-01-25 23:29 . 2001-08-17 14:00 2,944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys
2008-01-25 23:28 . 2004-08-04 00:56 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2008-01-25 23:28 . 2004-08-03 22:31 32,768 --a------ C:\WINDOWS\system32\drivers\sisnic.sys
2008-01-25 23:24 . 2004-08-04 12:00 2,012,670 --a--c--- C:\WINDOWS\system32\dllcache\NT5.CAT
2008-01-25 23:23 . 2008-01-25 23:56 560 --a------ C:\WINDOWS\system32\$winnt$.inf
2008-01-25 23:03 . 2008-01-25 23:03 <DIR> d-------- C:\Program Files\Dot1XCfg
2008-01-25 22:59 . 2008-01-25 23:14 <DIR> d--hs---- C:\WINDOWS\UmFodWw
2008-01-25 22:58 . 2008-01-25 23:14 <DIR> d-------- C:\WINDOWS\system32\pie2
2008-01-25 22:58 . 2008-01-26 00:58 <DIR> d-------- C:\WINDOWS\system32\nGpxx01
2008-01-25 22:58 . 2008-01-25 23:14 <DIR> d-------- C:\WINDOWS\system32\ecw8
2008-01-23 19:10 . 2008-01-25 19:25 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-20 21:19 . 2008-01-20 21:44 <DIR> d-------- C:\Program Files\Google
2008-01-01 02:11 . 2008-01-24 19:05 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-01 01:49 . 2008-01-01 01:49 <DIR> d-------- C:\WINDOWS\Downloaded Installations
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-26 13:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-25 22:47 --------- d-----w C:\Program Files\Java
2008-01-06 19:06 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-28 20:44 --------- d-----w C:\Program Files\VideoLAN
2007-12-28 19:15 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-12-23 16:53 --------- d-----w C:\Program Files\WordWeb
2007-12-21 08:21 71,176 ----a-w C:\WINDOWS\system32\drivers\epfw.sys
2007-12-21 08:21 53,768 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys
2007-12-21 08:21 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys
2007-12-21 08:20 30,216 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 08:19 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2007-12-16 15:18 --------- d-----w C:\Program Files\Common Files\AVSMedia
2007-12-09 19:46 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-12-09 19:21 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-07 18:06 --------- d-----w C:\Program Files\Lavasoft
2007-12-06 12:45 --------- d-----w C:\Program Files\microsoft frontpage
.
[code]
----a-w            39,792 2008-01-21 23:21:54  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w            84,640 2008-01-23 21:23:19  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w         1,667,584 2008-01-21 23:21:59  C:\Program Files\Messenger\msmsgs .exe
[/code]

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06 1667584]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-27 16:37:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
-> C:\Program Files\WinRAR\rarext.dll
.
Completion time: 2008-01-27 16:40:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-27 16:40:24

Can nayone pls tell if my computer is infected. Log from Hijackthis as follows
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59:19, on 26/01/2008
Platform: Windows XP SP2 WinNT 5.

Report Offensive Follow Up For Removal

Response Number 5

Name: jabuck
Date: January 27, 2008 at 09:55:12 Pacific
Subject: PC running slow

Reply: (edit)

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
RenV::
----a-w 39,792 2008-01-21 23:21:54 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w 84,640 2008-01-23 21:23:19 C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w 1,667,584 2008-01-21 23:21:59 C:\Program Files\Messenger\msmsgs .exe
File::
C:\WINDOWS\system32\fqvdvtou.dll
C:\WINDOWS\system32\iifgh.dll
C:\WINDOWS\system32\enssgklx.dll

Driver::
urqromm
Folder::
C:\WINDOWS\system32\nGpxx01

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Download ATF Cleaner from this link:
ATF Cleaner

Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Post a new Combofix log and a new Hijack This log please.

Report Offensive Follow Up For Removal


PC runs slow after removing Vundo. Laptop runs slow when on LAN running slow, mult. dll's, Trojans Help! My computer is running slow trouble with all programs runs slow	2 anti-virus prog. installed Too much security??? Something slowing my pc...... computer running very slow Red X and POS Tmp files, Runs slow

Response Number 6

Name: kam
Date: January 27, 2008 at 10:45:41 Pacific
Subject: PC running slow

Reply: (edit)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34:22, on 27/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Kamlesh\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
--
End of file - 1897 bytes
Can nayone pls tell if my computer is infected. Log from Hijackthis as follows
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59:19, on 26/01/2008
Platform: Windows XP SP2 WinNT 5.

Report Offensive Follow Up For Removal

Response Number 7

Name: kam
Date: January 27, 2008 at 10:48:14 Pacific
Subject: PC running slow

Reply: (edit)

ComboFix 08-01-23.1C - Kamlesh 2008-01-27 18:35:07.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.87 [GMT 0:00]
Running from: C:\Documents and Settings\Kamlesh\Desktop\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2007-12-27 to 2008-01-27 )))))))))))))))))))))))))))))))
.
2008-01-27 16:27 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-27 14:41 . 2008-01-27 16:37 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-01-27 01:20 . 2008-01-27 01:20 2,048 --a------ C:\WINDOWS\system32\drivers\827BD257-2591-4D77-AF00-2C050F4F34EF.cxv
2008-01-27 00:32 . 2008-01-27 00:32 294 ---hs---- C:\WINDOWS\system32\pwsktxkw.ini
2008-01-27 00:08 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-01-27 00:00 . 2008-01-27 00:00 1,024 --a------ C:\WINDOWS\system32\drivers\9373A663-0E91-4822-A846-F27B91040828.cxv
2008-01-26 23:54 . 2008-01-26 23:54 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-01-26 20:28 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-01-26 20:28 . 2005-07-06 17:13 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-01-26 20:28 . 2005-07-06 17:13 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-01-26 12:43 . 2008-01-26 12:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-26 12:05 . 2008-01-26 12:05 373 --a------ C:\WINDOWS\wininit.ini
2008-01-26 11:18 . 2008-01-26 11:18 <DIR> d-------- C:\Program Files\Defraggler
2008-01-26 01:00 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-01-25 23:57 . 2008-01-25 23:57 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-01-25 23:54 . 2004-08-04 12:00 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-01-25 23:53 . 2004-08-04 12:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-01-25 23:52 . 2004-08-04 12:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-01-25 23:51 . 2004-08-04 12:00 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-01-25 23:50 . 2004-08-04 12:00 290,816 --a--c--- C:\WINDOWS\system32\dllcache\adsiis51.dll
2008-01-25 23:49 . 2008-01-25 23:49 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-01-25 23:49 . 2008-01-25 23:49 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-01-25 23:49 . 2008-01-25 23:49 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-01-25 23:47 . 2008-01-25 23:47 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-01-25 23:47 . 2008-01-25 23:47 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-01-25 23:47 . 2008-01-25 23:47 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-01-25 23:47 . 2008-01-25 23:47 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-01-25 23:47 . 2008-01-25 23:47 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-01-25 23:47 . 2008-01-25 23:47 749 -rah----- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-01-25 23:47 . 2008-01-25 23:47 488 -rah----- C:\WINDOWS\system32\WindowsLogon.manifest
2008-01-25 23:47 . 2008-01-25 23:47 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-01-25 23:46 . 2004-08-04 12:00 4,399,505 --a--c--- C:\WINDOWS\system32\dllcache\nls302en.lex
2008-01-25 23:46 . 2004-08-04 12:00 99,840 --a--c--- C:\WINDOWS\system32\dllcache\helphost.exe
2008-01-25 23:46 . 2004-08-04 12:00 35,328 --a--c--- C:\WINDOWS\system32\dllcache\notiflag.exe
2008-01-25 23:46 . 2004-08-04 12:00 28,160 --a--c--- C:\WINDOWS\system32\dllcache\msoobe.exe
2008-01-25 23:46 . 2004-08-04 12:00 21,504 --a--c--- C:\WINDOWS\system32\dllcache\brpinfo.dll
2008-01-25 23:46 . 2004-08-04 12:00 11,264 --a--c--- C:\WINDOWS\system32\dllcache\atrace.dll
2008-01-25 23:46 . 2004-08-04 12:00 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2008-01-25 23:46 . 2004-08-04 12:00 6,656 --a--c--- C:\WINDOWS\system32\dllcache\hcappres.dll
2008-01-25 23:44 . 2008-01-25 23:44 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-01-25 23:44 . 2008-01-25 23:44 37 --a------ C:\WINDOWS\vbaddin.ini
2008-01-25 23:44 . 2008-01-25 23:44 36 --a------ C:\WINDOWS\vb.ini
2008-01-25 23:42 . 2004-08-04 12:00 1,352,192 --a--c--- C:\WINDOWS\system32\dllcache\cimwin32.dll
2008-01-25 23:32 . 2004-08-03 22:39 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2008-01-25 23:32 . 2001-08-17 14:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2008-01-25 23:32 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008-01-25 23:32 . 2004-08-03 23:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-01-25 23:32 . 2004-08-03 22:58 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2008-01-25 23:32 . 2004-08-03 23:07 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2008-01-25 23:31 . 2004-08-03 23:07 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2008-01-25 23:31 . 2004-08-03 23:15 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2008-01-25 23:31 . 2004-08-03 23:15 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2008-01-25 23:31 . 2004-08-03 22:58 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2008-01-25 23:31 . 2004-08-03 22:58 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2008-01-25 23:31 . 2001-08-17 13:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-01-25 23:30 . 2001-08-17 14:56 252,032 --a------ C:\WINDOWS\system32\sis300iv.dll
2008-01-25 23:30 . 2001-08-17 12:50 101,760 --a------ C:\WINDOWS\system32\drivers\sis300ip.sys
2008-01-25 23:30 . 2004-08-03 22:59 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-01-25 23:29 . 2001-08-17 12:20 297,728 --a------ C:\WINDOWS\system32\drivers\ac97sis.sys
2008-01-25 23:29 . 2004-08-03 23:15 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-01-25 23:29 . 2004-08-04 00:56 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-01-25 23:29 . 2004-08-03 23:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-01-25 23:29 . 2004-08-03 23:07 41,088 --a------ C:\WINDOWS\system32\drivers\SISAGP.SYS
2008-01-25 23:29 . 2004-08-03 23:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2008-01-25 23:29 . 2004-08-04 00:56 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2008-01-25 23:29 . 2001-08-17 14:00 2,944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys
2008-01-25 23:28 . 2004-08-04 00:56 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2008-01-25 23:28 . 2004-08-03 22:31 32,768 --a------ C:\WINDOWS\system32\drivers\sisnic.sys
2008-01-25 23:24 . 2004-08-04 12:00 2,012,670 --a--c--- C:\WINDOWS\system32\dllcache\NT5.CAT
2008-01-25 23:23 . 2008-01-25 23:56 560 --a------ C:\WINDOWS\system32\$winnt$.inf
2008-01-25 23:03 . 2008-01-25 23:03 <DIR> d-------- C:\Program Files\Dot1XCfg
2008-01-25 22:59 . 2008-01-25 23:14 <DIR> d--hs---- C:\WINDOWS\UmFodWw
2008-01-25 22:58 . 2008-01-25 23:14 <DIR> d-------- C:\WINDOWS\system32\pie2
2008-01-25 22:58 . 2008-01-25 23:14 <DIR> d-------- C:\WINDOWS\system32\ecw8
2008-01-23 19:10 . 2008-01-25 19:25 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-20 21:19 . 2008-01-20 21:44 <DIR> d-------- C:\Program Files\Google
2008-01-01 02:11 . 2008-01-27 18:11 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-01 01:49 . 2008-01-01 01:49 <DIR> d-------- C:\WINDOWS\Downloaded Installations
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-26 13:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-25 22:47 --------- d-----w C:\Program Files\Java
2008-01-06 19:06 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-28 20:44 --------- d-----w C:\Program Files\VideoLAN
2007-12-28 19:15 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-12-23 16:53 --------- d-----w C:\Program Files\WordWeb
2007-12-21 08:21 71,176 ----a-w C:\WINDOWS\system32\drivers\epfw.sys
2007-12-21 08:21 53,768 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys
2007-12-21 08:21 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys
2007-12-21 08:20 30,216 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 08:19 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2007-12-16 15:18 --------- d-----w C:\Program Files\Common Files\AVSMedia
2007-12-09 19:46 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-12-09 19:21 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-07 18:06 --------- d-----w C:\Program Files\Lavasoft
2007-12-06 12:45 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((( snapshot@2008-01-27_16.40.07.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-27 16:29:00 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-01-27 18:10:33 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
- 2008-01-27 16:29:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-01-27 18:10:33 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-01-27 16:29:00 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
+ 2008-01-27 18:10:33 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
- 2008-01-27 16:29:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
+ 2008-01-27 18:10:34 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
- 2008-01-27 16:29:01 2,187,264 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
+ 2008-01-27 18:10:34 2,187,264 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
- 2008-01-27 16:29:01 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2008-01-27 18:10:35 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-01-21 23:21 1667584]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-27 18:37:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-27 18:37:49
ComboFix-quarantined-files.txt 2008-01-27 18:37:32
ComboFix2.txt 2008-01-27 18:26:51
ComboFix3.txt 2008-01-27 16:40:27
Can nayone pls tell if my computer is infected. Log from Hijackthis as follows
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59:19, on 26/01/2008
Platform: Windows XP SP2 WinNT 5.

Report Offensive Follow Up For Removal

Response Number 8

Name: kam
Date: January 27, 2008 at 11:51:23 Pacific
Subject: PC running slow

Reply: (edit)

Thank you for all your help jabuck.
Can you please recommand and freeware to stop spyware,adware and trojan.
My PC working perfectly now.
Thank you once again.

Can nayone pls tell if my computer is infected. Log from Hijackthis as follows
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59:19, on 26/01/2008
Platform: Windows XP SP2 WinNT 5.

Report Offensive Follow Up For Removal

Response Number 9

Name: jabuck
Date: January 27, 2008 at 14:32:23 Pacific
Subject: PC running slow

Reply: (edit)

Please go to Virus Total and upload the following file for analysis:
C:\WINDOWS\system32\drivers\827BD257-2591-4D77-AF00-2C050F4F34EF.cxv
C:\WINDOWS\system32\pwsktxkw.ini
C:\WINDOWS\system32\drivers\9373A663-0E91-4822-A846-F27B91040828.cxv

Post the results in your reply.
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Download ATF Cleaner from this link:
ATF Cleaner

Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Please run the BitDefender online scan this link:
Bitdefender Online Scanner

You will need to allow an active x install for the scan to run.
Leave the scanning options at default and press "click here to scan"
When finished scanning, click on "click here to export the scan report"
Save it to your desktop, at "file name" type in "bdscan" then click save.
Post a log in your reply.

Report Offensive Follow Up For Removal

Response Number 10

Name: kam
Date: January 28, 2008 at 11:59:49 Pacific
Subject: PC running slow

Reply: (edit)

File 827BD257-2591-4D77-AF00-2C050F4F3 received on 01.28.2008 20:40:50 (CET)
Current status: finished
Result: 0/32 (0.00%)
Compact Print results
Antivirus Version Last Update Result
AhnLab-V3 2008.1.29.10 2008.01.28 -
AntiVir 7.6.0.56 2008.01.28 -
Authentium 4.93.8 2008.01.26 -
Avast 4.7.1098.0 2008.01.27 -
AVG 7.5.0.516 2008.01.28 -
BitDefender 7.2 2008.01.28 -
CAT-QuickHeal 9.00 2008.01.25 -
ClamAV 0.91.2 2008.01.28 -
DrWeb 4.44.0.09170 2008.01.28 -
eSafe 7.0.15.0 2008.01.28 -
eTrust-Vet 31.3.5486 2008.01.26 -
Ewido 4.0 2008.01.27 -
FileAdvisor 1 2008.01.28 -
Fortinet 3.14.0.0 2008.01.28 -
F-Prot 4.4.2.54 2008.01.27 -
F-Secure 6.70.13260.0 2008.01.28 -
Ikarus T3.1.1.20 2008.01.28 -
Kaspersky 7.0.0.125 2008.01.28 -
McAfee 5216 2008.01.26 -
Microsoft 1.3109 2008.01.28 -
NOD32v2 2828 2008.01.28 -
Norman 5.80.02 2008.01.28 -
Panda 9.0.0.4 2008.01.28 -
Prevx1 V2 2008.01.28 -
Rising 20.29.01.00 2008.01.28 -
Sophos 4.25.0 2008.01.28 -
Sunbelt 2.2.907.0 2008.01.25 -
Symantec 10 2008.01.28 -
TheHacker 6.2.9.200 2008.01.28 -
VBA32 3.12.2.5 2008.01.21 -
VirusBuster 4.3.26:9 2008.01.28 -
Webwasher-Gateway 6.6.2 2008.01.28 -
Additional

Can nayone pls tell if my computer is infected. Log from Hijackthis as follows
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59:19, on 26/01/2008
Platform: Windows XP SP2 WinNT 5.

Report Offensive Follow Up For Removal

Response Number 11

Name: kam
Date: January 28, 2008 at 12:02:23 Pacific
Subject: PC running slow

Reply: (edit)

File pwsktxkw.ini received on 01.28.2008 20:54:00 (CET)
Current status: finished
Result: 0/32 (0.00%)
Compact Print results
Antivirus Version Last Update Result
AhnLab-V3 2008.1.29.10 2008.01.28 -
AntiVir 7.6.0.56 2008.01.28 -
Authentium 4.93.8 2008.01.26 -
Avast 4.7.1098.0 2008.01.27 -
AVG 7.5.0.516 2008.01.28 -
BitDefender 7.2 2008.01.28 -
CAT-QuickHeal 9.00 2008.01.25 -
ClamAV 0.91.2 2008.01.28 -
DrWeb 4.44.0.09170 2008.01.28 -
eSafe 7.0.15.0 2008.01.28 -
eTrust-Vet 31.3.5486 2008.01.26 -
Ewido 4.0 2008.01.27 -
FileAdvisor 1 2008.01.28 -
Fortinet 3.14.0.0 2008.01.28 -
F-Prot 4.4.2.54 2008.01.27 -
F-Secure 6.70.13260.0 2008.01.28 -
Ikarus T3.1.1.20 2008.01.28 -
Kaspersky 7.0.0.125 2008.01.28 -
McAfee 5216 2008.01.26 -
Microsoft 1.3109 2008.01.28 -
NOD32v2 2828 2008.01.28 -
Norman 5.80.02 2008.01.28 -
Panda 9.0.0.4 2008.01.28 -
Prevx1 V2 2008.01.28 -
Rising 20.29.01.00 2008.01.28 -
Sophos 4.25.0 2008.01.28 -
Sunbelt 2.2.907.0 2008.01.25 -
Symantec 10 2008.01.28 -
TheHacker 6.2.9.200 2008.01.28 -
VBA32 3.12.2.5 2008.01.21 -
VirusBuster 4.3.26:9 2008.01.28 -
Webwasher-Gateway 6.6.2 2008.01.28 -
Additional information

Can nayone pls tell if my computer is infected. Log from Hijackthis as follows
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59:19, on 26/01/2008
Platform: Windows XP SP2 WinNT 5.

Report Offensive Follow Up For Removal

Response Number 12

Name: kam
Date: January 28, 2008 at 12:11:19 Pacific
Subject: PC running slow

Reply: (edit)

File 9373A663-0E91-4822-A846-F27B91040 received on 01.28.2008 21:04:10 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 0/32 (0%)
Loading server information...
Your file is queued in position: 10.
Estimated start time is between 66 and 95 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.1.29.10 2008.01.28 -
AntiVir 7.6.0.56 2008.01.28 -
Authentium 4.93.8 2008.01.26 -
Avast 4.7.1098.0 2008.01.27 -
AVG 7.5.0.516 2008.01.28 -
BitDefender 7.2 2008.01.28 -
CAT-QuickHeal 9.00 2008.01.25 -
ClamAV 0.91.2 2008.01.28 -
DrWeb 4.44.0.09170 2008.01.28 -
eSafe 7.0.15.0 2008.01.28 -
eTrust-Vet 31.3.5486 2008.01.26 -
Ewido 4.0 2008.01.27 -
FileAdvisor 1 2008.01.28 -
Fortinet 3.14.0.0 2008.01.28 -
F-Prot 4.4.2.54 2008.01.27 -
F-Secure 6.70.13260.0 2008.01.28 -
Ikarus T3.1.1.20 2008.01.28 -
Kaspersky 7.0.0.125 2008.01.28 -
McAfee 5216 2008.01.26 -
Microsoft 1.3109 2008.01.28 -
NOD32v2 2828 2008.01.28 -
Norman 5.80.02 2008.01.28 -
Panda 9.0.0.4 2008.01.28 -
Prevx1 V2 2008.01.28 -
Rising 20.29.01.00 2008.01.28 -
Sophos 4.25.0 2008.01.28 -
Sunbelt 2.2.907.0 2008.01.25 -
Symantec 10 2008.01.28 -
TheHacker 6.2.9.200 2008.01.28 -
VBA32 3.12.2.5 2008.01.21 -
VirusBuster 4.3.26:9 2008.01.28 -
Webwasher-Gateway 6.6.2 2008.01.28 -
Additional

Can nayone pls tell if my computer is infected. Log from Hijackthis as follows
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59:19, on 26/01/2008
Platform: Windows XP SP2 WinNT 5.

Report Offensive Follow Up For Removal

Response Number 13

Name: kam
Date: January 28, 2008 at 13:38:59 Pacific
Subject: PC running slow

Reply: (edit)

BitDefender Online Scanner

Scan report generated at: Mon, Jan 28, 2008 - 21:29:12

Scan path: A:\;C:\;D:\;E:\;

Statistics

Time
01:08:36

Files
189510

Folders
4370

Boot Sectors
2

Archives
1798

Packed Files
9783

Results

Identified Viruses
3

Infected Files
40

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
40

Engines Info

Virus Definitions
977732

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
16

Archive plugins
41

Unpack plugins
7

E-mail plugins
6

System plugins
5

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\System Volume Information\_restore{3C8CEC1B-FC31-4D58-8F96-2A8DA680AF32}\RP0\A0000006.ini
Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{3C8CEC1B-FC31-4D58-8F96-2A8DA680AF32}\RP0\A0000006.ini
Disinfection failed

C:\System Volume Information\_restore{3C8CEC1B-FC31-4D58-8F96-2A8DA680AF32}\RP0\A0000006.ini
Deleted

C:\System Volume Information\_restore{3C8CEC1B-FC31-4D58-8F96-2A8DA680AF32}\RP1\A0000013.ini
Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{3C8CEC1B-FC31-4D58-8F96-2A8DA680AF32}\RP1\A0000013.ini
Disinfection failed

C:\System Volume Information\_restore{3C8CEC1B-FC31-4D58-8F96-2A8DA680AF32}\RP1\A0000013.ini
Deleted

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP10\A0002568.ini
Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP10\A0002568.ini
Disinfection failed

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP10\A0002568.ini
Deleted

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP10\A0002635.ini
Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP10\A0002635.ini
Disinfection failed

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP10\A0002635.ini
Deleted

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP10\A0003636.ini
Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP10\A0003636.ini
Disinfection failed

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP10\A0003636.ini
Deleted

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP11\A0003664.ini
Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP11\A0003664.ini
Disinfection failed

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP11\A0003664.ini
Deleted

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP11\A0003713.ini
Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP11\A0003713.ini
Disinfection failed

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP11\A0003713.ini
Deleted

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP11\A0003730.ini
Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP11\A0003730.ini
Disinfection failed

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP11\A0003730.ini
Deleted

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP11\A0003785.ini
Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP11\A0003785.ini
Disinfection failed

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP11\A0003785.ini
Deleted

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP11\A0004785.ini
Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP11\A0004785.ini
Disinfection failed

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP11\A0004785.ini
Deleted

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP11\A0005787.ini
Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP11\A0005787.ini
Disinfection failed

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP11\A0005787.ini
Deleted

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP11\A0005850.ini
Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP11\A0005850.ini
Disinfection failed

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP11\A0005850.ini
Deleted

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP12\A0005881.ini
Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP12\A0005881.ini
Disinfection failed

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP12\A0005881.ini
Deleted

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP12\A0005938.ini
Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP12\A0005938.ini
Disinfection failed

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP12\A0005938.ini
Deleted

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP12\A0006040.ini
Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP12\A0006040.ini
Disinfection failed

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP12\A0006040.ini
Deleted

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP12\A0006575.ini
Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP12\A0006575.ini
Disinfection failed

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP12\A0006575.ini
Deleted

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP13\A0006619.ini
Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP13\A0006619.ini
Disinfection failed

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP13\A0006619.ini
Deleted

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP13\A0007618.ini
Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP13\A0007618.ini
Disinfection failed

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP13\A0007618.ini
Deleted

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP13\A0007637.ini
Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP13\A0007637.ini
Disinfection failed

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP13\A0007637.ini
Deleted

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP14\A0007640.ini
Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP14\A0007640.ini
Disinfection failed

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP14\A0007640.ini
Deleted

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP14\A0010617.exe=>(Embedded EXE o)
Infected with: Trojan.Vundo.DWK

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP14\A0010617.exe=>(Embedded EXE o)
Deleted

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP14\A0010617.exe
Update failed

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP5\A0000249.ini
Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP5\A0000249.ini
Disinfection failed

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP5\A0000249.ini
Deleted

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP5\A0001246.ini
Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP5\A0001246.ini
Disinfection failed

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP5\A0001246.ini
Deleted

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP5\A0001265.ini
Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP5\A0001265.ini
Disinfection failed

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP5\A0001265.ini
Deleted

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP6\A0001280.ini
Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP6\A0001280.ini
Disinfection failed

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP6\A0001280.ini
Deleted

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP6\A0001293.ini
Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP6\A0001293.ini
Disinfection failed

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP6\A0001293.ini
Deleted

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP7\A0001306.ini
Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP7\A0001306.ini
Disinfection failed

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP7\A0001306.ini
Deleted

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP7\A0002298.ini
Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP7\A0002298.ini
Disinfection failed

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP7\A0002298.ini
Deleted

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP7\A0002323.ini
Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP7\A0002323.ini
Disinfection failed

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP7\A0002323.ini
Deleted

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP8\A0002343.ini
Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP8\A0002343.ini
Disinfection failed

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP8\A0002343.ini
Deleted

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP8\A0002441.ini
Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP8\A0002441.ini
Disinfection failed

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP8\A0002441.ini
Deleted

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP9\A0002509.ini
Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP9\A0002509.ini
Disinfection failed

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP9\A0002509.ini
Deleted

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP9\A0002519.ini
Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP9\A0002519.ini
Disinfection failed

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP9\A0002519.ini
Deleted

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP9\A0002540.ini
Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP9\A0002540.ini
Disinfection failed

C:\System Volume Information\_restore{8B2764D4-0926-451D-BD23-3E155863AA1D}\RP9\A0002540.ini
Deleted

C:\System Volume Information\_restore{CD056415-6965-4808-88DE-92F966397769}\RP1\A0000084.exe
Infected with: Trojan.Peed.INO

C:\System Volume Information\_restore{CD056415-6965-4808-88DE-92F966397769}\RP1\A0000084.exe
Disinfection failed

C:\System Volume Information\_restore{CD056415-6965-4808-88DE-92F966397769}\RP1\A0000084.exe
Deleted

C:\System Volume Information\_restore{CD056415-6965-4808-88DE-92F966397769}\RP1\A0000087.exe
Infected with: Trojan.Peed.INO

C:\System Volume Information\_restore{CD056415-6965-4808-88DE-92F966397769}\RP1\A0000087.exe
Disinfection failed

C:\System Volume Information\_restore{CD056415-6965-4808-88DE-92F966397769}\RP1\A0000087.exe
Deleted

C:\System Volume Information\_restore{CD056415-6965-4808-88DE-92F966397769}\RP1\A0000092.exe
Infected with: Trojan.Peed.INO

C:\System Volume Information\_restore{CD056415-6965-4808-88DE-92F966397769}\RP1\A0000092.exe
Disinfection failed

C:\System Volume Information\_restore{CD056415-6965-4808-88DE-92F966397769}\RP1\A0000092.exe
Deleted

C:\System Volume Information\_restore{CD056415-6965-4808-88DE-92F966397769}\RP1\A0000093.exe
Infected with: Trojan.Peed.INO

C:\System Volume Information\_restore{CD056415-6965-4808-88DE-92F966397769}\RP1\A0000093.exe
Disinfection failed

C:\System Volume Information\_restore{CD056415-6965-4808-88DE-92F966397769}\RP1\A0000093.exe
Deleted

C:\System Volume Information\_restore{CD056415-6965-4808-88DE-92F966397769}\RP1\A0000097.exe
Infected with: Trojan.Peed.INO

C:\System Volume Information\_restore{CD056415-6965-4808-88DE-92F966397769}\RP1\A0000097.exe
Disinfection failed

C:\System Volume Information\_restore{CD056415-6965-4808-88DE-92F966397769}\RP1\A0000097.exe
Deleted

C:\System Volume Information\_restore{CD056415-6965-4808-88DE-92F966397769}\RP4\A0000276.ini
Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{CD056415-6965-4808-88DE-92F966397769}\RP4\A0000276.ini
Disinfection failed

C:\System Volume Information\_restore{CD056415-6965-4808-88DE-92F966397769}\RP4\A0000276.ini
Deleted

Can nayone pls tell if my computer is infected. Log from Hijackthis as follows
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59:19, on 26/01/2008
Platform: Windows XP SP2 WinNT 5.

Report Offensive Follow Up For Removal

Response Number 14

Name: jabuck
Date: January 28, 2008 at 14:21:23 Pacific
Subject: PC running slow

Reply: (edit)

Looks good.
Your drive icon is for local disk
c: is not a red X is it? Go to start> my computer (or ever how you get to your "my computer folder) and check it.
Make sure you empty the restore folder as suggested in response #9.

Report Offensive Follow Up For Removal

Response Number 15

Name: kam
Date: January 28, 2008 at 14:37:29 Pacific
Subject: PC running slow

Reply: (edit)

jabuck There is no red X on c drive. I would like to thank you for really helping me out. The PC is operating really well now. Can u pls recommend any antivirus to prevent this sort of problem again.
Thank you once again for your help and time.

Can nayone pls tell if my computer is infected. Log from Hijackthis as follows
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59:19, on 26/01/2008
Platform: Windows XP SP2 WinNT 5.

Report Offensive Follow Up For Removal

Response Number 16

Name: jabuck
Date: January 28, 2008 at 15:34:00 Pacific
Subject: PC running slow

Reply: (edit)

I use AVG free as an antivirus,Zonealarm free for a firewall and spywareblaster free for an antispyware.
I didn't notice java running.
Download the latest version of java from this link Java
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
You can download AVG Free at this link:
AVG Free Antivirus
Spywareblaster this link Spywareblaster
Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.
Google for Zonealarm free.
Glad we could help.

Report Offensive Follow Up For Removal