View Full Version : Bad PC, thinking to reformat.
Hi. My PC is driving me nuts! The internet's becoming really slow, and it's taking up alot of CPU Usage. I'm asking for assistance because I can't do it myself. :( If it can't be helped, then I'll reformat. Thanks!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:06:55 PM, on 5/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HotKeyBind\HotKeyBind.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.bellsouth.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8081
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG8\avgssie.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {5d86ddb5-bdf9-441b-9e9e-d4730f4ee499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {62D21B0B-D96F-45F7-968E-7DC16E31FE57} (DazoinControl Class) - http://tcrew.gamengame.com/activex/DazoinActiveXE.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196741856218
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.beta.instantaction.com/download/iaplayer.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 8911 bytes
pskelley
2008-05-24, 03:34
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
I am not seeing any malware in this HJT log. Have you talked to your ISP about the slow internet? Here are a few resources.
http://support.microsoft.com/kb/310590/en-us
http://support.microsoft.com/kb/914440/en-us
http://kadaitcha.cx/index.html
HJT can not see everything, more and more hackers are hiding their junk from it. That is why we ask for the Online Scan, if you wish to look more for malware:
Run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner
Next Click on Launch Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make that the following are selected:
* Scan using the following Anti-Virus database:
* Standard
* Scan Options:
* Scan Archives
* Scan Mail Bases
* Click OK
* Now under select a target to scan:
* Select My Computer
* This will program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
* Now click on the Save as Text button:
* Save the file to your desktop.
Then post it here.
Thanks
Thanks for replying! I appreciate it. And um, I don't think there's anything wrong with my ISP or anything. It works fine on my laptop, just not on this computer. It started becoming slow around 6 days ago. Here's the log you asked for:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, May 24, 2008 8:00:25 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 24/05/2008
Kaspersky Anti-Virus database records: 799502
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan Statistics:
Total number of scanned objects: 136446
Number of viruses found: 4
Number of infected objects: 11
Number of suspicious objects: 0
Duration of the scan process: 02:23:47
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg8\emc\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avglng.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgui.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgwd.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgwdsvc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\65d7a352659b0547cea5ef1b944cc3dd_a7e8d55f-6fa0-45dd-bbf6-061ff43031bd Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\89806886eb2e704a815163b3cd4c2de0_a7e8d55f-6fa0-45dd-bbf6-061ff43031bd Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c10f28867ef6747ab127b06617886c67_a7e8d55f-6fa0-45dd-bbf6-061ff43031bd Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\AOL OCP\AIM\Storage\data\craftasoul\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\History\History.IE5\MSHist012008052320080524\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\~DF2791.tmp Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\~DF289D.tmp Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP10\A0000731.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP10\A0000734.dll Infected: Trojan.Win32.Patched.bb skipped
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP10\A0000735.exe Infected: Trojan-PSW.Win32.Mapler.af skipped
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP14\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\I386\Apps\APP32073\src\CompaqPresario_Spring06.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
D:\I386\Apps\APP32073\src\CompaqPresario_Spring06.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
D:\I386\Apps\APP32073\src\CompaqPresario_Spring06.exe WiseSFX: infected - 2 skipped
D:\I386\Apps\APP32073\src\CompaqPresario_Spring06.exe WiseSFXDropper: infected - 2 skipped
D:\I386\Apps\APP32073\src\HPPavillion_Spring06.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
D:\I386\Apps\APP32073\src\HPPavillion_Spring06.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
D:\I386\Apps\APP32073\src\HPPavillion_Spring06.exe WiseSFX: infected - 2 skipped
D:\I386\Apps\APP32073\src\HPPavillion_Spring06.exe WiseSFXDropper: infected - 2 skipped
Scan process completed.
pskelley
2008-05-25, 01:05
Understand if something changed the settings on one computer, you might have issues with that connection and not another. That's why I suggested you ask your ISP techs to look at the problem. It sure does not look like malware. I would be glad to post scans for you to run if you wish.
Once question I might ask is if this could have occured at the time you updated to AVG 8. Even though I run it myself, I installed only want I wanted and I have been hearing of folks having issues with AVG 8. Even though I don't like to suggest it, try turning it off for a short while to see if things improve.
I will show you what KOS says if adware, and I agree, but as you see the junk was installed by HP (one reason I will never purchase from them)
D:\I386\Apps\APP32073\src\CompaqPresario_Spring06.exe/WISE0015.BIN ------> AdWare.Win32.WeatherBug.a skipped
D:\I386\Apps\APP32073\src\CompaqPresario_Spring06.exe/WISE0016.BIN ------> AdWare.Win32.WeatherBug.a skipped
D:\I386\Apps\APP32073\src\CompaqPresario_Spring06.exe WiseSFX: infected - 2
D:\I386\Apps\APP32073\src\CompaqPresario_Spring06.exe WiseSFXDropper: infected - 2
D:\I386\Apps\APP32073\src\HPPavillion_Spring06.exe/WISE0015.BIN ------> AdWare.Win32.WeatherBug.a skipped
D:\I386\Apps\APP32073\src\HPPavillion_Spring06.exe/WISE0016.BIN ------> AdWare.Win32.WeatherBug.a skipped
D:\I386\Apps\APP32073\src\HPPavillion_Spring06.exe WiseSFX: infected - 2
D:\I386\Apps\APP32073\src\HPPavillion_Spring06.exe WiseSFXDropper: infected - 2
You also have a few infected System Restore files:
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP10\A0000731.exe ------> Client-IRC.Win32.mIRC.617 skipped
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP10\A0000734.dll ------> Trojan.Win32.Patched.bb
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP10\A0000735.exe ------> Trojan-PSW.Win32.Mapler.af
This link will show you how to clean those:
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:06:55 PM, on 5/21/2008
C:\Program Files\Viewpoint\Common\ViewpointService.exe
For your information, Viewpoint is installed by aol probably without your knowledge. I suggest you uninstall this resource waster in Add Remove programs.
http://www.greatis.com/appdata/u/v/viewmgr.exe.htm
http://www.spywareinfo.com/newsletter/archives/2005/nov4.php#viewpoint
http://www.clickz.com/news/article.php/3561546
SUPERAntiSpyware <<< do you own SAS?
Update AVG 8 and run a System Scan, quarantine what it finds.
Give this program a run to make sure KOS missed nothing.
Download Malwarebytes' Anti-Malware to your desktop.
http://www.besttechie.net/tools/mbam-setup.exe
* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post contents of that file in your next reply.
Thanks
Come to think of it.. yes. It did occur around the time when I installed AVG 8. I just uninstalled it, and my internet was fast again. However.. when I rebooted the PC, it came back to being fast for a few minutes, then slow again. :(
Also, I don't know why but when I go to reboot my computer, the screen sticks at "Computer is shutting down..." I would always have to go ahead and hold the button.
No, I do not own SUPERAntiSpyware. I've downloaded it, but I do not own it. :euro:
Malwarebytes' Anti-Malware 1.12
Database version: 722
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 158074
Time elapsed: 30 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Deckard\System Scanner\backup\WINDOWS\temp\7CF28762C38CA0D4.tmp (Trojan.Dropper) -> No action taken.
C:\Deckard\System Scanner\backup\WINDOWS\temp\AE8AB41F91F72503.tmp (Malware.Trace) -> No action taken.
C:\WINDOWS\TEMP\7CF28762C38CA0D4.tmp (Trojan.Dropper) -> No action taken.
C:\WINDOWS\TEMP\AE8AB41F91F72503.tmp (Malware.Trace) -> No action taken.
pskelley
2008-05-25, 16:14
It did occur around the time when I installed AVG 8
Unusual, sure you remove the whole program, there is a load of it with 8. As I said I was selective when installing and I am experiencing no slowdown that I can see. If you wish to try other free AV programs, here are two:
http://www.avast.com/eng/avast_4_home.html
http://www.free-av.com/
I use SAS in removing some folks malware but I have never had it on any of my computers. I believe it is free, but if it is only a trial which expires, consider the resources it is using, that will slow the computer some.
Also, I don't know why but when I go to reboot my computer, the screen sticks at "Computer is shutting down..."
http://www.google.com/search?hl=en&q=Windows+XP+shutdown+troubleshooting&btnG=Google+Search
MBAM locted four infected files and you chose No action taken?
Thanks
Thanks. Okay, I've uninstalled SAS. I saved the logfile before deleting the infections, but I've done it! I then rebooted the PC, and opened up Firefox. It started being fast again... for about a few minutes, then it went back to being slow. Does that make sense? What am I doing wrong? This is so frustrating! =(
pskelley
2008-05-25, 18:40
Makes no sense at all, and sounds very much like something other than malware is at fault.
Why not try the free diagnostic at here: http://www.pcpitstop.com/pcpitstop/
Tutorial: http://www.pcpitstop.com/techexpress/howto1.asp
Help with results: http://pcpitstop.invisionzone.com/index.php?showforum=6
If you post a link to the Test Results, I will look to see if I spot anything. Make sure the link takes me to the test results. You have to register free to send I link if I remember correctly.
I am in no way suggesting you purchase anything, my suggestion is for the FREE diagnostic only.
Thanks
Here it is: http://www.pcpitstop.com/techexpress.asp?id=N0NETW4REVGSWGD9
Thanks
pskelley
2008-05-25, 19:33
Just for your information:
http://www.pcpitstop.com/pcpitstop/Memory.asp
while the computer might run on that much memory, but will it run right?
http://www.crucial.com/support/howmuch.aspx
http://www.pcpitstop.com/pcpitstop/Disk.asp
• Highly Fragmented Files
• Defragment files (Drive C)
http://www.pcpitstop.com/pcpitstop/Internet.asp
• Suboptimal Internet Performance <<< see this
• Auto-filling Forms with Firefox May Present a Security Risk
Update outdated device drivers
all it takes is for one out of date driver to cause performance issues. Here are some free scans:
http://www.google.com/search?hl=en&q=free+driver+scan&btnG=Google+Search
I suggest you click each link in the report and review the free information.
Hope that helps.
My memory's fine. I've defragged my PC. I tried the "Suboptimal Internet Performance" but it came out the same. About the drivers.. I tried some of the scans, but at the end of finding outdated drivers, they asked for money in order for me to be updated. I then rebooted and opened up Firefox. Loaded pages fast, but after 2 minutes or so it's back to normal (being slow). Ugh, this is really a mystery, isn't it? Really sorry for the inconvience.
pskelley
2008-05-25, 23:56
You get absolutely no error messages at all? There are no symptoms other than the slowdown? I am probably to the point where I have done all I can, but I will continue a bit longer. My problem is I have never heard of malware that displays no symptoms with the exception of the one you describe. Let's have a look at a Deckard's System Scanner (DSS) to see if it provides any clues.
Click on this link: http://www.bleepingcomputer.com/forums/topic34773.html
scroll down to : 6 - Download and Run Deckard's System Scanner (DSS)
complete the instructions in that section until you get here:
The first window will be for the main.txt report and will be maximized already. The second report will be called extra.txt and will be in a minimized window. Please do not close these windows as you will need to post the contents of both reports in the next step.
Post both reports in your topic here.
Have a look at this information also, in number 1 - Not all slow computers are caused by Malware.
http://www.bleepingcomputer.com/forums/topic87058.html
Thanks
Deckard's System Scanner v20071014.68
Run by Compaq_Owner on 2008-05-25 16:03:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Total Physical Memory: 447 MiB (512 MiB recommended).
-- HijackThis (run as Compaq_Owner.exe) ----------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:03:55 PM, on 5/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HotKeyBind\HotKeyBind.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\COMPAQ~1.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.bellsouth.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8081
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [PCPitstop Disk MD Registration Reminder] C:\Program Files\PCPitstop\Disk MD\Reminder.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize2 Reminder] C:\Program Files\PCPitstop\Optimize2\Reminder.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {0e5f0222-96b9-11d3-8997-00104bd12d94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {5d86ddb5-bdf9-441b-9e9e-d4730f4ee499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {62D21B0B-D96F-45F7-968E-7DC16E31FE57} (DazoinControl Class) - http://tcrew.gamengame.com/activex/DazoinActiveXE.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196741856218
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {a90a5822-f108-45ad-8482-9bc8b12dd539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
O16 - DPF: {bdbde413-7b1c-4c68-a8ff-c5b2b4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.beta.instantaction.com/download/iaplayer.cab
O16 - DPF: {ffb3a759-98b1-446f-bda9-909c6eb18cc7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
--
End of file - 8068 bytes
-- Files created between 2008-04-25 and 2008-05-25 -----------------------------
2008-05-25 15:05:20 0 d-------- C:\ERDNT
2008-05-25 14:58:21 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
2008-05-25 14:03:48 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
2008-05-25 14:02:59 0 d-------- C:\Program Files\PC Drivers HeadQuarters
2008-05-25 13:59:52 0 d--h----- C:\Documents and Settings\All Users\Application Data\~0
2008-05-25 13:38:59 0 d-------- C:\Documents and Settings\All Users\Application Data\PCPitstop
2008-05-25 12:04:28 0 d-------- C:\Program Files\PCPitstop
2008-05-24 23:08:32 0 d-------- C:\Program Files\Foxit Software
2008-05-24 17:23:52 0 dr-h----- C:\Documents and Settings\Compaq_Owner\Recent
2008-05-24 17:20:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-05-22 13:26:13 0 d-------- C:\Program Files\ClearAllHistory
2008-05-22 08:58:27 0 d-------- C:\fsaua.data
2008-05-20 23:22:54 0 d-------- C:\WINDOWS\BDOSCAN8
2008-05-18 16:24:05 0 d-------- C:\Program Files\Spyware Doctor
2008-05-18 16:22:39 164 --a------ C:\install.dat
2008-05-18 16:16:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-05-18 15:56:37 0 d-------- C:\WINDOWS\system32\GroupPolicy
2008-05-18 15:56:14 0 d-------- C:\Program Files\Hitman Pro
2008-05-18 15:20:24 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-18 15:20:09 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2008-05-18 05:55:12 0 d-------- C:\kav
2008-05-18 05:48:06 0 d-------- C:\VundoFix Backups
2008-05-18 04:42:00 0 d-------- C:\Program Files\AVG
2008-05-18 04:11:49 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-18 04:11:48 68096 --a------ C:\WINDOWS\zip.exe
2008-05-18 04:11:48 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-18 04:11:48 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-18 04:11:48 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-18 04:11:48 98816 --a------ C:\WINDOWS\sed.exe
2008-05-18 04:11:48 80412 --a------ C:\WINDOWS\grep.exe
2008-05-18 04:11:48 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-18 03:49:26 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
2008-05-18 03:49:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-18 03:49:01 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-09 14:17:04 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\acccore
2008-05-09 14:15:04 0 d-------- C:\Program Files\AIM6
2008-05-09 08:10:07 0 d-------- C:\Program Files\AOD
2008-05-09 06:54:50 0 d-------- C:\Program Files\DazoinEng
2008-05-07 07:17:22 0 d-------- C:\Games
2008-05-06 06:02:56 0 d-------- C:\Program Files\WindSlayer
2008-05-05 12:22:56 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\TuneUp Software
2008-05-05 12:22:39 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-05-05 12:22:32 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-05-02 11:12:53 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-05-02 11:11:12 0 d-------- C:\WINDOWS\Internet Logs
2008-05-02 07:56:52 0 d-------- C:\JCEntertainment
2008-04-30 13:13:59 56 -r-hs---- C:\WINDOWS\system32\9BDAA97796.sys
2008-04-30 13:12:14 0 d-------- C:\Program Files\Common Files\Jasc Software Inc
2008-04-30 13:11:55 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Jasc Software Inc
2008-04-30 13:10:20 3350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-30 13:09:17 0 d-------- C:\Program Files\Jasc Software Inc
-- Find3M Report ---------------------------------------------------------------
2008-05-25 14:03:43 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-24 23:04:45 0 d-------- C:\Program Files\Macromedia
2008-05-24 23:04:29 0 d-------- C:\Program Files\Common Files\Macromedia
2008-05-22 11:53:06 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-22 11:33:29 0 d-------- C:\Program Files\mIRC
2008-05-18 14:28:58 0 d--h----- C:\Documents and Settings\Compaq_Owner\Application Data\ijjigame
2008-05-16 18:09:08 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Cool Record Edit Pro
2008-05-12 14:06:42 0 d-------- C:\Program Files\MOBILedit!
2008-05-09 14:15:14 0 d-------- C:\Program Files\Common Files\AOL
2008-05-09 08:10:47 0 d-------- C:\Program Files\AIM
2008-05-07 06:56:46 0 d-------- C:\Program Files\Neffy
2008-05-06 19:33:14 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Aim
2008-05-06 11:06:55 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\OpenOffice.org2
2008-05-05 12:14:10 0 d-------- C:\Program Files\Valve
2008-05-02 14:05:42 0 d-------- C:\Program Files\Google
2008-04-30 13:12:14 0 d-------- C:\Program Files\Common Files
2008-04-29 12:07:58 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\DMCache
2008-04-24 12:18:23 0 d-------- C:\Program Files\NHN USA
2008-04-23 11:10:52 0 d-------- C:\Program Files\Image-Line
2008-04-23 11:10:51 0 d-------- C:\Program Files\VstPlugins
2008-04-23 11:09:19 0 d-------- C:\Program Files\Opera
2008-04-18 14:36:53 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\IGN_DLM
2008-04-14 08:10:20 0 d-------- C:\Program Files\SystemRequirementsLab
2008-04-14 08:10:20 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\SystemRequirementsLab
2008-04-10 23:26:12 0 d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-04-10 22:50:42 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Dev-Cpp
2008-04-10 22:41:01 0 d-------- C:\Program Files\Microsoft Synchronization Services
2008-04-10 22:41:00 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-04-10 22:34:09 0 d-------- C:\Program Files\Microsoft SDKs
2008-04-07 21:38:51 0 d-------- C:\Program Files\VST
2008-04-07 21:37:02 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Adobe
2008-04-07 21:30:48 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-04-04 21:38:45 0 d-------- C:\Program Files\Pixel Mine
2008-04-04 14:28:04 0 d-------- C:\Program Files\Savage 2 - A Tortured Soul
2008-04-04 02:02:37 0 d-------- C:\Program Files\Winamp
2008-04-03 03:48:07 0 d-------- C:\Program Files\GoldWave
2008-04-03 03:47:13 0 d-------- C:\Program Files\Cool Record Edit Pro
2008-03-27 22:34:32 0 d-------- C:\Program Files\Seven Nations
2008-03-26 01:42:54 0 d-------- C:\Program Files\Messenger Plus! Live
2008-02-27 00:47:11 80 --ah---c- C:\WINDOWS\system32\HsInfo.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCPitstop Disk MD Registration Reminder"="C:\Program Files\PCPitstop\Disk MD\Reminder.exe" [01/17/2008 02:07 PM]
"PC Pitstop Optimize2 Reminder"="C:\Program Files\PCPitstop\Optimize2\Reminder.exe" [01/31/2008 01:54 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [03/25/2008 03:21 PM]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [12/03/2007 07:46 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"DriverUpdaterPro"="C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^YouTube Uploader.lnk]
path=C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\YouTube Uploader.lnk
backup=C:\WINDOWS\pss\YouTube Uploader.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\clearallhistory]
C:\Program Files\ClearAllHistory\cah.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
"C:\Program Files\Creative\Shared Files\CamTray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
"C:\Program Files\DAP\DAP.EXE" /STARTUP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
"C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\1.0.97.0\GoogleUpdate.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
"C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
d:\i386\apps\app09372\src\nav\external\norton\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetFxUpdate_v1.1.4322]
"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 1 v1.1.4322 GAC + NI NID
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
"C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" -r
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
"C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
d:\i386\apps\app09372\src\setup\pcontrol\app\urllstck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"iPodService"=3 (0x3)
"idsvc"=3 (0x3)
"SymWSC"=2 (0x2)
"SPBBCSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"SAVScan"=3 (0x3)
"ose"=3 (0x3)
"navapsvc"=2 (0x2)
"MDM"=2 (0x2)
"ISSVC"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"PnkBstrA"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"TuneUp.Defrag"=3 (0x3)
"npkcmsvc"=2 (0x2)
"GoogleDesktopManager-022208-143751"=3 (0x3)
"Adobe LM Service"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" /STARTUP
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
-- End of Deckard's System Scanner: finished at 2008-05-25 16:04:22 ------------
I don't see the extra txt
pskelley
2008-05-26, 00:28
Deckard's System Scanner
You can remove these:
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) <<< damaged, if you use it download it again.
O4 - HKLM\..\Run: [PCPitstop Disk MD Registration Reminder] C:\Program Files\PCPitstop\Disk MD\Reminder.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize2 Reminder] C:\Program Files\PCPitstop\Optimize2\Reminder.exe
(looks like the reminders are set to run all of the time, I would delete them)
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
C:\Program Files\Java\jre1.6.0_03\ <<< undate your Java, see this:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
C:\VundoFix Backups <<< you can delete that folder
C:\WINDOWS\system32\KGyGaAvL.sys <<< I am getting mixed reading on this driver, scan it here:
http://virusscan.jotti.org/ and post the results
Okay, I've removed the things you asked me to.
File: KGyGaAvL.sys
Status:
OK
MD5: deed6acabb61c20f3e6a5c49f5339649
Packers detected:
-
Scanner results
Scan taken on 25 May 2008 21:42:04 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
pskelley
2008-05-26, 01:22
Well, I am about out of ideas. I am beginning to believe this is not malware and I suggest you take the time to review all of the information I posted, especially the links for troubleshooting the issues, and the information here:
http://www.bleepingcomputer.com/forums/topic87058.html
I just hope if you do reformat that it is successful. With no error messages coming from Windows I fear you may have a hardware problem, but that is a gut feeling, I have nothing to base it on.
Thanks
Alright. Thanks pskelley, I appreciate all of your help. I'll be sure to review everything.
pskelley
2008-05-26, 15:12
When you find out what was causing the issue, I would appreciate a PM letting me know if possible. May help me help others if it comes up again.
http://forums.spybot.info/private.php?do=newpm&u=233
Thanks
Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx
Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
http://www.malwarecomplaints.info/
Thanks...pskelley
Safer Networking Forums
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.