Solved I think I have a virus - system is VERY slow

broni · 2013/05/02

Uninstall "First primary IDE Channel" (right click>uninstall), restart computer and it'll be automatically reinstalled.
See if it's in DMA mode now.

Bocagal1 · 2013/05/06

IDE/ATA/ATAPI controllers shows two ATA Storage Contgrollers -27DF and 27Co

and two primary and two secondary IDE channels.

First primary IDE Channel
Current transfer mode = Ultra DMA Mode 5 (device 0) and = Not applicable (Device 1)
Second Primary IDE Channel both Device 0 & Device 1 = Not applicable
Transfer mode = DMA (if available)

First "Secondary IDE Channel "
Current Trans Mode (Device 0) = Ultra DMA Mode 5
Current Trans Mode (Device 1) = Not applicable

Second "Secondary IDE Channel "
Current Trans Mode (Device 0) = Not applicable
Current Trans Mode (Device 1) = Not applicable

broni · 2013/05/06

Now it looks good.
If that PIO mode happens again it may be a sign of a falling hard drive.

How is computer doing now?

Give me fresh Process Explorer log.

Bocagal1 · 2013/05/06

Broni,

Many thanks for your work.

Procexp.txt as requested.

Process PID CPU Private Bytes Working Set Description Company Name Command Line
System Idle Process 0 98.44 0 K 28 K
System 4 0 K 40 K
Interrupts n/a 0.78 0 K 0 K Hardware Interrupts and DPCs
smss.exe 612 152 K 244 K Windows NT Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
csrss.exe 660 2,092 K 4,604 K Client Server Runtime Process Microsoft Corporation C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe 688 8,428 K 3,408 K Windows NT Logon Application Microsoft Corporation winlogon.exe
services.exe 732 1,992 K 2,968 K Services and Controller app Microsoft Corporation C:\WINDOWS\system32\services.exe
svchost.exe 916 3,936 K 2,788 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k DcomLaunch
iexplore.exe 3580 19,524 K 15,236 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -Embedding
ctfmon.exe 3828 4,016 K 1,064 K CTF Loader Microsoft Corporation ctfmon.exe
iexplore.exe 2328 40,872 K 41,668 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:3580 CREDAT:145409
iexplore.exe 5516 43,304 K 46,000 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:3580 CREDAT:79878
iexplore.exe 5652 31,568 K 38,360 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:3580 CREDAT:79879
iexplore.exe 3912 52,192 K 16,740 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -Embedding
iexplore.exe 3980 4,480 K 3,740 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:3912 CREDAT:79873
axlbridge.exe 2152 1,628 K 192 K AXLBridge Module Intuit Inc. "C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe" -Embedding
wlcomm.exe 2428 24,736 K 10,756 K Windows Live Communications Platform Microsoft Corporation "C:\Program Files\Windows Live\Contacts\wlcomm.exe" -Embedding
wmiprvse.exe 5716 2,552 K 5,128 K WMI Microsoft Corporation C:\WINDOWS\system32\wbem\wmiprvse.exe
svchost.exe 984 2,824 K 2,544 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k rpcss
MsMpEng.exe 1080 62,040 K 45,808 K Antimalware Service Executable Microsoft Corporation "C:\Program Files\Microsoft Security Client\MsMpEng.exe "
svchost.exe 1116 29,924 K 37,624 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k netsvcs
wuauclt.exe 5360 2,376 K 4,444 K Windows Update Microsoft Corporation "C:\WINDOWS\system32\wuauclt.exe "
svchost.exe 1156 2,532 K 208 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe 1220 1,988 K 1,756 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k NetworkService
svchost.exe 1388 1,360 K 632 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService
spoolsv.exe 1540 5,832 K 3,788 K Spooler SubSystem App Microsoft Corporation C:\WINDOWS\system32\spoolsv.exe
svchost.exe 232 2,280 K 832 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService
svchost.exe 276 11,376 K 6,960 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k netsvcs
E_S40ST7.EXE 1416 752 K 132 K EPSON Status Monitor 3 SEIKO EPSON CORPORATION "C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE "
E_S40RP7.EXE 1448 544 K 112 K EPSON Status Monitor 3 SEIKO EPSON CORPORATION "C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE "
IntuitUpdateService.exe 1512 48,644 K 2,504 K Intuit Update Service Intuit Inc. "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe "
IntuitUpdateService.exe 1660 70,512 K 10,740 K Intuit Update Service Intuit Inc. "C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe "
nvsvc32.exe 1800 5,244 K 2,304 K NVIDIA Driver Helper Service, Version 307.90 NVIDIA Corporation C:\WINDOWS\system32\nvsvc32.exe
QBCFMonitorService.exe 1812 17,100 K 5,324 K QuickBooks Company File Monitoring Service Intuit "C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe "
QBIDPService.exe 368 12,116 K 452 K QBIDPService Intuit Inc. "C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe "
svchost.exe 532 2,596 K 1,512 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k imgsvc
CarboniteService.exe 2408 0.78 16,120 K 29,828 K Carbonite Secure Backup Engine Carbonite, Inc. (www.carbonite.com) "C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe "
alg.exe 2732 1,320 K 232 K Application Layer Gateway Service Microsoft Corporation C:\WINDOWS\System32\alg.exe
dllhost.exe 3480 3,168 K 3,260 K COM Surrogate Microsoft Corporation C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235}
msdtc.exe 3276 2,016 K 212 K MS DTC console program Microsoft Corporation C:\WINDOWS\system32\msdtc.exe
WPFFontCache_v0400.exe 512 1,472 K 176 K wpffontcache_v0400.exe Microsoft Corporation C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
vssvc.exe 4744 2,484 K 6,708 K Microsoft® Volume Shadow Copy Service Microsoft Corporation C:\WINDOWS\System32\vssvc.exe
dllhost.exe 1704 1,804 K 5,700 K COM Surrogate Microsoft Corporation C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{36422178-2786-4D93-B465-6147274AC729}
lsass.exe 744 6,180 K 4,640 K LSA Shell (Export Version) Microsoft Corporation C:\WINDOWS\system32\lsass.exe
explorer.exe 1988 34,360 K 31,896 K Windows Explorer Microsoft Corporation C:\WINDOWS\Explorer.EXE
CarboniteUI.exe 3284 32,428 K 11,552 K Carbonite User Interface Carbonite, Inc. "C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe"
msseces.exe 3292 6,240 K 7,144 K Microsoft Security Client User Interface Microsoft Corporation "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
rundll32.exe 3372 5,888 K 1,784 K Run a DLL as an App Microsoft Corporation "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Rosemary\Application Data\nscsre.dll ",Display
rundll32.exe 3380 6,232 K 3,696 K Run a DLL as an App Microsoft Corporation "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Rosemary\Application Data\ksgig.dll ",Optimize
msmsgs.exe 3488 1,588 K 1,448 K Windows Messenger Microsoft Corporation "C:\Program Files\Messenger\msmsgs.exe" /background
ctfmon.exe 3512 1,172 K 2,508 K CTF Loader Microsoft Corporation "C:\WINDOWS\system32\ctfmon.exe"
Dropbox.exe 3624 85,000 K 15,164 K Dropbox Dropbox, Inc. "C:\Documents and Settings\Rosemary\Application Data\Dropbox\bin\Dropbox.exe"
iexplore.exe 2260 12,936 K 15,936 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\iexplore.exe"
iexplore.exe 3224 95,856 K 101,312 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2260 CREDAT:79873
WinRAR.exe 2916 9,484 K 14,004 K WinRAR archiver Alexander Roshal "C:\Program Files\WinRAR\WinRAR.exe" "C:\Documents and Settings\Rosemary\Desktop\System Utilities\ProcessExplorer.zip "
procexp.exe 5976 15,832 K 23,756 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\DOCUME~1\Rosemary\LOCALS~1\Temp\Rar$EXa0.311\procexp.exe"
iexplore.exe 6020 107,228 K 120,480 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2260 CREDAT:79903
wlmail.exe 828 60,036 K 27,048 K Windows Live Mail Microsoft Corporation "C:\Program Files\Windows Live\Mail\wlmail.exe"
qw.exe 1760 109,432 K 65,416 K Quicken Launcher Intuit Inc. "C:\Program Files\Quicken\qw.exe"
QBW32.EXE 2772 106,076 K 74,952 K QuickBooks Intuit Inc. "C:\Program Files\Intuit\QuickBooks 2012\qbw32.exe" /Fpro -TickCount=22391656 /NoShowLoadingQBWnd
QBDBMgr.exe 2560 144,484 K 47,692 K Intuit Personal Database Manager Intuit, Inc. C:\PROGRA~1\Intuit\QUICKB~3\QBDBMgr.exe -n QB_data_engine_22 -qs -gd ALL -gk all -gp 4096 -gu all -ch 256M -ti 0 -c 128M -x none -qi -qw -tl 120 -oe "C:\Documents and Settings\All Users\Application Data\Intuit\QuickBooks\DBStartup.log "
dbextclr11.exe 2964 28,980 K 13,424 K iAnywhere.SAClrClassLoader iAnywhere Solutions, Inc. "C:\PROGRA~1\Intuit\QUICKB~3\dbextclr11.exe" "QB_data_engine_22" "6ebbf187a6b0491785d55d0519c7c77d" "PUBLIC" "60830354:470945771:14::2013-05-04 11:01:00.109 "

broni · 2013/05/06

That looks very good.

If things are OK now...

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.

Bocagal1 · 2013/05/07

All processes killed
========== OTL ==========
Error: No service named WDICA was found to stop!
Service\Driver key WDICA not found.
Error: No service named SSPORT was found to stop!
Service\Driver key SSPORT not found.
File C:\WINDOWS\system32\Drivers\SSPORT.sys not found.
Error: No service named PDRFRAME was found to stop!
Service\Driver key PDRFRAME not found.
Error: No service named PDRELI was found to stop!
Service\Driver key PDRELI not found.
Error: No service named PDFRAME was found to stop!
Service\Driver key PDFRAME not found.
Error: No service named PDCOMP was found to stop!
Service\Driver key PDCOMP not found.
Error: No service named PCIDump was found to stop!
Service\Driver key PCIDump not found.
Error: No service named MSICDSetup was found to stop!
Service\Driver key MSICDSetup not found.
File D:\CDriver.sys not found.
Error: No service named lbrtfdc was found to stop!
Service\Driver key lbrtfdc not found.
Error: No service named i2omgmt was found to stop!
Service\Driver key i2omgmt not found.
Error: No service named DgiVecp was found to stop!
Service\Driver key DgiVecp not found.
File C:\WINDOWS\system32\Drivers\DgiVecp.sys not found.
Error: No service named Changer was found to stop!
Service\Driver key Changer not found.
Error: No service named catchme was found to stop!
Service\Driver key catchme not found.
File C:\DOCUME~1\Rosemary\LOCALS~1\Temp\catchme.sys not found.
Error: No service named PEVSystemStart was found to stop!
Service\Driver key PEVSystemStart not found.
File C:\Rosemary11905R\pev.3XE not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5EB1D2B1-45DC-48B3-852D-E575B405B851}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5EB1D2B1-45DC-48B3-852D-E575B405B851}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NvMediaCenter not found.
Registry key HKEY_USERS\S-1-5-21-1993962763-1383384898-1801674531-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ not found.
Registry key HKEY_USERS\S-1-5-21-1993962763-1383384898-1801674531-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ not found.
File Protocol\Handler\linkscanner - No CLSID value found not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Dan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 7871850 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 2344028 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Rosemary
->Temp folder emptied: 2162934 bytes
->Temporary Internet Files folder emptied: 56128067 bytes
->FireFox cache emptied: 947306 bytes
->Flash cache emptied: 1452 bytes

User: System Utilities

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: VALIDATE

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1899376 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1058762 bytes

Total Files Cleaned = 69.00 mb

[EMPTYJAVA]

User: Administrator
->Java cache emptied: 0 bytes

User: All Users

User: Dan

User: Default User

User: LocalService

User: NetworkService

User: Rosemary

User: System Utilities

User: UpdatusUser

User: VALIDATE

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Dan
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

User: Rosemary
->Flash cache emptied: 0 bytes

User: System Utilities

User: UpdatusUser

User: VALIDATE

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 05072013_093057

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Rosemary\Local Settings\Temp\~DF6293.tmp not found!
File\Folder C:\Documents and Settings\Rosemary\Local Settings\Temp\~DF68F3.tmp not found!
File\Folder C:\Documents and Settings\Rosemary\Local Settings\Temp\~DF6AAD.tmp not found!
File\Folder C:\Documents and Settings\Rosemary\Local Settings\Temp\~DF6B4A.tmp not found!
File\Folder C:\Documents and Settings\Rosemary\Local Settings\Temp\~DFAD61.tmp not found!
File\Folder C:\Documents and Settings\Rosemary\Local Settings\Temp\~DFADA5.tmp not found!
File\Folder C:\Documents and Settings\Rosemary\Local Settings\Temp\~DFADCA.tmp not found!
File\Folder C:\Documents and Settings\Rosemary\Local Settings\Temp\~DFAE5A.tmp not found!
File\Folder C:\Documents and Settings\Rosemary\Local Settings\Temp\~DFAE79.tmp not found!
File\Folder C:\Documents and Settings\Rosemary\Local Settings\Temp\~DFB240.tmp not found!
File\Folder C:\Documents and Settings\Rosemary\Local Settings\Temp\~DFB4DD.tmp not found!
File\Folder C:\Documents and Settings\Rosemary\Local Settings\Temp\~DFB61E.tmp not found!
C:\Documents and Settings\Rosemary\Local Settings\Temporary Internet Files\Content.IE5\U13Q3A9C\0[2].htm moved successfully.
C:\Documents and Settings\Rosemary\Local Settings\Temporary Internet Files\Content.IE5\U13Q3A9C\fastbutton[1].htm moved successfully.
C:\Documents and Settings\Rosemary\Local Settings\Temporary Internet Files\Content.IE5\U13Q3A9C\hovercard[1].htm moved successfully.
C:\Documents and Settings\Rosemary\Local Settings\Temporary Internet Files\Content.IE5\U13Q3A9C\windowsbbs_com[1].htm moved successfully.
C:\Documents and Settings\Rosemary\Local Settings\Temporary Internet Files\Content.IE5\U13Q3A9C\xd_arbiter[1].htm moved successfully.
C:\Documents and Settings\Rosemary\Local Settings\Temporary Internet Files\Content.IE5\U13Q3A9C\xd_arbiter[2].htm moved successfully.
C:\Documents and Settings\Rosemary\Local Settings\Temporary Internet Files\Content.IE5\QLYAE1N7\d=1[1].htm moved successfully.
C:\Documents and Settings\Rosemary\Local Settings\Temporary Internet Files\Content.IE5\QLYAE1N7\likeCA1TQW2C.htm moved successfully.
C:\Documents and Settings\Rosemary\Local Settings\Temporary Internet Files\Content.IE5\QLYAE1N7\xd_arbiter[2].htm moved successfully.
C:\Documents and Settings\Rosemary\Local Settings\Temporary Internet Files\Content.IE5\A2E8KCG2\0[2].txt moved successfully.
C:\Documents and Settings\Rosemary\Local Settings\Temporary Internet Files\Content.IE5\A2E8KCG2\likeCAN9B7UD.htm moved successfully.
C:\Documents and Settings\Rosemary\Local Settings\Temporary Internet Files\Content.IE5\9JCQTQP7\105246-active-i-think-i-have-virus-system-very-slow-2[1].html moved successfully.
C:\Documents and Settings\Rosemary\Local Settings\Temporary Internet Files\Content.IE5\9JCQTQP7\xd_arbiter[1].htm moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

broni · 2013/05/07

14. Please, let me know, how your computer is doing.
Click to expand...

.....

Bocagal1 · 2013/05/08

DANG

Started Secunia just now to see what needs to be updates, and got that OLD message
Stop running this srcipt?
A script on this page is cusing IE to run slowly, if it continues.....

broni · 2013/05/08

It happens. It's not your fault but the webpage fault.
Any other issues?

Bocagal1 · 2013/05/09

Nothing else. Do i mark this resolved, or do you.

Thanks for all your help.

broni · 2013/05/09

Way to go!!
Good luck and stay safe

Bocagal1 · 2013/05/10

Thank you VERY much.

broni · 2013/05/10

You're very welcome

Log in or Sign up

Solved I think I have a virus - system is VERY slow

broni Moderator Malware Analyst

Bocagal1 Banned Thread Starter

broni Moderator Malware Analyst

Bocagal1 Banned Thread Starter

broni Moderator Malware Analyst

Bocagal1 Banned Thread Starter

broni Moderator Malware Analyst

Bocagal1 Banned Thread Starter

broni Moderator Malware Analyst

Bocagal1 Banned Thread Starter

broni Moderator Malware Analyst

Bocagal1 Banned Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved I think I have a virus - system is VERY slow

broni Moderator Malware Analyst

Bocagal1 Banned Thread Starter

broni Moderator Malware Analyst

Bocagal1 Banned Thread Starter

broni Moderator Malware Analyst

Bocagal1 Banned Thread Starter

broni Moderator Malware Analyst

Bocagal1 Banned Thread Starter

broni Moderator Malware Analyst

Bocagal1 Banned Thread Starter

broni Moderator Malware Analyst

Bocagal1 Banned Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches