PDA

View Full Version : Extremely slow computer - virus?



Stefan Alfredsson
2009-11-30, 23:46
My computer's CPU is constantly working 100%. Everything is so slow that I basically can't use my computer. It seems like nprosec.exe and Zanda.exe are using all CPU.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:07:46, on 2009-11-30
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\iid.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Stefan\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.avanza.se/aza/home/home.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe -chkautorun
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe 1
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Net iD] C:\Windows\system32\iid.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [googletalk] C:\Users\Stefan\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: *.download.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: IviRegMgr - InterVideo - c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Program Files\Norman\Ngs\Bin\Nprosec.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE (file missing)
O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe
O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Program Files\Norman\Npm\Bin\scheduler.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6298 bytes

Shaba
2009-12-03, 17:52
Hi Stefan Alfredsson

Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<< will be maximized) and info.txt (<< will be minimized)

Stefan Alfredsson
2009-12-03, 19:41
Hello Shaba,

First - thanks for answering to my "problem". Or "Kiitos" as I believe you say in Finland:-)

I takes me a long-long time to just go to the website and do what you ask me to... :-)

I got the RSIT icon on my desktop, but when trying to run it I get the following: "C:/Stefan/Desktop/RSIT.exe is not a valid Win32 program" (translated from Swedish), and it won't start.

My computer is a FujitsuSiemens laptop, about 2.5 years old.
When starting the computer I am asked whether to run "C://Windows/System32/s3trayp.exe, which I usually don't since I don't know what it is and since I haven't had any problems when not running it. Apart from that everything has been "normal" until the computer significantly - very significantly - slowed down a few weeks ago.

/Stefan

Shaba
2009-12-03, 21:23
Then please try this instead.

Download at your desktop DDS from one of the links below:

Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://www.forospyware.com/sUBs/dds)

Double click the tool to run it.
A black Screen will open, just read the contents and do nothing.
When the tool finish it will open 2 reports.
Copy/paste both reports back here and remove DDS from your desktop.

Stefan Alfredsson
2009-12-03, 23:06
Thanks for your quick reply - highly appreciated!

Below you find the first report, the other one should be attached as instructed.

Best regards from Malmö, Sweden.

/Stefan


DDS (Ver_09-12-01.01) - NTFSx86
Run by Stefan at 21:26:20,22 on 2009-12-03
Internet Explorer: 7.0.6000.16757
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.46.1053.18.766.195 [GMT 1:00]

AV: Norman Security Suite *On-access scanning enabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
C:\Program Files\Norman\Ngs\Bin\Nprosec.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\iid.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Stefan\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Stefan\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.avanza.se/aza/home/home.jsp
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [googletalk] c:\users\stefan\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [OM_Monitor] c:\program files\olympus\olympus master\Monitor.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [S3Trayp] S3trayp.exe -chkautorun
mRun: [HDAudDeck] c:\program files\via\viaudioi\vistaadeck\HDAudioCPL.exe 1
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Norman ZANDA] "c:\program files\norman\npm\bin\ZLH.EXE" /LOAD /SPLASH
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Net iD] c:\windows\system32\iid.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [OM_Monitor] c:\program files\olympus\olympus master\FirstStart.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xportera till Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: download.com
Trusted Zone: skandiabanken.se\secure
Trusted Zone: telia.com\cve.trust
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

============= SERVICES / DRIVERS ===============

R? nsesvc;Norman Scanner Engine Service
R? nvcfsr;nvcfsr
R? NvcMFlt;NvcMFlt
R? nvcoafl4;nvcoafl4
R? nvcoaft4;nvcoaft4
R? nvcoarc4;nvcoarc4
R? nvcoas;Norman Virus Control on-access component
R? NVCScheduler;Norman Virus Control Scheduler
R? NVOY;Norman Resource Provider
R? Scheduler;Norman Scheduler Service

============== File Associations ===============

vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*

=============== Created Last 30 ================

2009-11-30 21:05:06 0 d-----w- c:\program files\Trend Micro
2009-11-30 19:38:30 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-29 06:25:51 0 d-----w- c:\users\stefan\appdata\roaming\AVG8
2009-11-06 09:05:28 0 d-sh--w- C:\found.001

==================== Find3M ====================

2009-12-03 17:39:28 522548 ----a-w- c:\windows\system32\perfh01D.dat
2009-12-03 17:39:28 102564 ----a-w- c:\windows\system32\perfc01D.dat
2009-11-02 19:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-09 11:06:44 23392 ----a-w- c:\windows\system32\drivers\nvcv32mf.sys
2009-10-09 07:26:04 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-07 12:07:04 214344 ----a-w- c:\windows\system32\nscrnsav.scr
2008-07-10 04:47:26 174 --sha-w- c:\program files\desktop.ini
2008-06-14 13:18:27 86016 ----a-w- c:\windows\inf\infstrng.dat
2008-06-14 13:18:27 86016 ----a-w- c:\windows\inf\infstor.dat
2008-06-14 13:18:27 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-06-14 13:18:27 51200 ----a-w- c:\windows\inf\infpub.dat
2007-10-04 20:26:59 290490 ----a-w- c:\windows\inf\perflib\041d\perfi.dat
2007-10-04 20:26:59 290490 ----a-w- c:\windows\inf\perflib\041d\perfh.dat
2007-02-12 19:41:52 35978 ----a-w- c:\windows\inf\perflib\041d\perfd.dat
2007-02-12 19:41:52 35978 ----a-w- c:\windows\inf\perflib\041d\perfc.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-11-09 15:28:38 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-11-09 15:28:38 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-11-09 15:28:38 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 21:31:34,74 ===============

Shaba
2009-12-04, 15:21
Please copy/paste attach.txt to your next reply :)

Stefan Alfredsson
2009-12-04, 17:57
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 2007-03-08 23:00:54
System Uptime: 2009-12-03 20:42:48 (1 hours ago)

Motherboard: FUJITSU SIEMENS | | AMILO Li1705
Processor: Genuine Intel(R) CPU T2060 @ 1.60GHz | mPGA 479M | 800/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 79 GiB total, 17,915 GiB free.
D: is FIXED (NTFS) - 19 GiB total, 19,27 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== Installed Programs ======================

2007 Microsoft Office system
Adobe Flash Player 10 ActiveX
Adobe Reader 9.2 - Svenska
ALPS Touch Pad Driver
BrettspielWelt
Business Contact Manager för Outlook 2007 SP2
ERUNT 1.1j
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Google Talk (remove only)
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hjälpfiler för installation av Microsoft SQL Server (engelska)
InterVideo WinDVD 8
Java(TM) 6 Update 15
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Microsoft Office 2003 Webbkomponenter
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Swedish) 2007
Microsoft Office Excel 2007 Help Uppdatering (KB963678)
Microsoft Office Excel MUI (Swedish) 2007
Microsoft Office Outlook MUI (Swedish) 2007
Microsoft Office Powerpoint 2007 Help Uppdatering (KB963669)
Microsoft Office PowerPoint MUI (Swedish) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Finnish) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Swedish) 2007
Microsoft Office Proofing (Swedish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Swedish) 2007
Microsoft Office Shared MUI (Swedish) 2007
Microsoft Office Small Business Anslutningsbara komponenter
Microsoft Office Word 2007 Help Uppdatering (KB963665)
Microsoft Office Word MUI (Swedish) 2007
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server VSS-skrivare
Microsoft Works
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Nero 7 Essentials
Net iD 4.8
OGA Notifier 2.0.0048.0
OLYMPUS Master
PIXresizer 2.0.3
Platform
QuickTime
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Skype™ 3.8
Spelling Dictionaries Support For Adobe Reader 9
Svenska Spels Poker
Test_OnlineDiagnostic
TPTEST 5.0.2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Word 2007 (KB974561)
Update for Outlook 2007 Junk Email Filter (kb975960)
VIA Display Vista Driver 7.14.14.0026
VIA Platform Device Manager
VIA Rhine-Family Fast-Ethernet Adapter
Wireless LAN Driver
VLC media player 1.0.2
Vuze

==== End Of File ===========================

Shaba
2009-12-04, 21:46
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

Vuze


I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new DDS scan when finished and post the logs back here.

Stefan Alfredsson
2009-12-05, 01:02
Vuze is now removed - and will remain removed..

First log (DDS):
DDS (Ver_09-12-01.01) - NTFSx86
Run by Stefan at 23:41:46,59 on 2009-12-04
Internet Explorer: 7.0.6000.16757
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.46.1053.18.766.167 [GMT 1:00]

AV: Norman Security Suite *On-access scanning enabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
C:\Program Files\Norman\Ngs\Bin\Nprosec.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.avanza.se/aza/home/home.jsp
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [googletalk] c:\users\stefan\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [OM_Monitor] c:\program files\olympus\olympus master\Monitor.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [S3Trayp] S3trayp.exe -chkautorun
mRun: [HDAudDeck] c:\program files\via\viaudioi\vistaadeck\HDAudioCPL.exe 1
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Norman ZANDA] "c:\program files\norman\npm\bin\ZLH.EXE" /LOAD /SPLASH
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Net iD] c:\windows\system32\iid.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [OM_Monitor] c:\program files\olympus\olympus master\FirstStart.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xportera till Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: download.com
Trusted Zone: skandiabanken.se\secure
Trusted Zone: telia.com\cve.trust
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

============= SERVICES / DRIVERS ===============

R? nsesvc;Norman Scanner Engine Service
R? nvcfsr;nvcfsr
R? NvcMFlt;NvcMFlt
R? nvcoafl4;nvcoafl4
R? nvcoaft4;nvcoaft4
R? nvcoarc4;nvcoarc4
R? nvcoas;Norman Virus Control on-access component
R? NVCScheduler;Norman Virus Control Scheduler
R? NVOY;Norman Resource Provider
R? Scheduler;Norman Scheduler Service

============== File Associations ===============

vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*

=============== Created Last 30 ================

2009-11-30 21:05:06 0 d-----w- c:\program files\Trend Micro
2009-11-30 19:38:30 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-29 06:25:51 0 d-----w- c:\users\stefan\appdata\roaming\AVG8
2009-11-06 09:05:28 0 d-sh--w- C:\found.001

==================== Find3M ====================

2009-12-03 17:39:28 522548 ----a-w- c:\windows\system32\perfh01D.dat
2009-12-03 17:39:28 102564 ----a-w- c:\windows\system32\perfc01D.dat
2009-11-02 19:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-09 11:06:44 23392 ----a-w- c:\windows\system32\drivers\nvcv32mf.sys
2009-10-09 07:26:04 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-07 12:07:04 214344 ----a-w- c:\windows\system32\nscrnsav.scr
2008-07-10 04:47:26 174 --sha-w- c:\program files\desktop.ini
2008-06-14 13:18:27 86016 ----a-w- c:\windows\inf\infstrng.dat
2008-06-14 13:18:27 86016 ----a-w- c:\windows\inf\infstor.dat
2008-06-14 13:18:27 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-06-14 13:18:27 51200 ----a-w- c:\windows\inf\infpub.dat
2007-10-04 20:26:59 290490 ----a-w- c:\windows\inf\perflib\041d\perfi.dat
2007-10-04 20:26:59 290490 ----a-w- c:\windows\inf\perflib\041d\perfh.dat
2007-02-12 19:41:52 35978 ----a-w- c:\windows\inf\perflib\041d\perfd.dat
2007-02-12 19:41:52 35978 ----a-w- c:\windows\inf\perflib\041d\perfc.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-11-09 15:28:38 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-11-09 15:28:38 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-11-09 15:28:38 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 23:47:50,12 ===============



The other log (Attach):

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 2007-03-08 23:00:54
System Uptime: 2009-12-04 23:11:31 (0 hours ago)

Motherboard: FUJITSU SIEMENS | | AMILO Li1705
Processor: Genuine Intel(R) CPU T2060 @ 1.60GHz | mPGA 479M | 800/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 79 GiB total, 17,785 GiB free.
D: is FIXED (NTFS) - 19 GiB total, 19,27 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== Installed Programs ======================

2007 Microsoft Office system
Adobe Flash Player 10 ActiveX
Adobe Reader 9.2 - Svenska
ALPS Touch Pad Driver
BrettspielWelt
Business Contact Manager för Outlook 2007 SP2
ERUNT 1.1j
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Google Talk (remove only)
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hjälpfiler för installation av Microsoft SQL Server (engelska)
InterVideo WinDVD 8
Java(TM) 6 Update 15
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Microsoft Office 2003 Webbkomponenter
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Swedish) 2007
Microsoft Office Excel 2007 Help Uppdatering (KB963678)
Microsoft Office Excel MUI (Swedish) 2007
Microsoft Office Outlook MUI (Swedish) 2007
Microsoft Office Powerpoint 2007 Help Uppdatering (KB963669)
Microsoft Office PowerPoint MUI (Swedish) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Finnish) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Swedish) 2007
Microsoft Office Proofing (Swedish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Swedish) 2007
Microsoft Office Shared MUI (Swedish) 2007
Microsoft Office Small Business Anslutningsbara komponenter
Microsoft Office Word 2007 Help Uppdatering (KB963665)
Microsoft Office Word MUI (Swedish) 2007
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server VSS-skrivare
Microsoft Works
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Nero 7 Essentials
Net iD 4.8
OGA Notifier 2.0.0048.0
OLYMPUS Master
PIXresizer 2.0.3
Platform
QuickTime
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Skype™ 3.8
Spelling Dictionaries Support For Adobe Reader 9
Svenska Spels Poker
Test_OnlineDiagnostic
TPTEST 5.0.2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Word 2007 (KB974561)
Update for Outlook 2007 Junk Email Filter (kb975960)
VIA Display Vista Driver 7.14.14.0026
VIA Platform Device Manager
VIA Rhine-Family Fast-Ethernet Adapter
Wireless LAN Driver
VLC media player 1.0.2

==== End Of File ===========================

Shaba
2009-12-05, 11:36
How much RAM you have?

Stefan Alfredsson
2009-12-05, 12:38
Where do I check that?

Could that be the reason for my computer becoming so slow? If so, why so suddenly?

Sunshine,
Stefan

Shaba
2009-12-05, 15:41
Windows gets slower by age.

This should help:

Start, All Programs, Accessories, System Tools and click on System Information.

Stefan Alfredsson
2009-12-05, 22:45
The technical terminology below is translated from Swedish (did my best).

When clicking on System Information, a window is opened where it says System Overview showing the following:

Processor Genuine Intel(R) CPU....
BIOS version and date...
SMBIOS version...
Total physical memory 765,88MB (is this the RAM?)
Exchange file C:/pagefile.sys

BR,
/Stefan

Shaba
2009-12-06, 13:38
OK so you have very little RAM for Vista.

I'd recommend to have at least 2 gigs.

Stefan Alfredsson
2009-12-06, 14:11
OK, I will have this taken care of and ensure to increase the RAM to at least 2 GB.

I am still confused by the fact that the computer runs very well for more than 2 years and then suddenly becomes ridiculously slow - guess it has to do with Windows updates etc.

I am very thankful for your assistance and wonder if there is any way that I can compensate for your help?

If there still should be problems after installing more memory, should I coninue this thread, or post a new one?

Best regards,
Stefan

Shaba
2009-12-06, 20:51
Not to with windows updates but windows does get slower by age.

Yes you can continue in this thread :)

Stefan Alfredsson
2009-12-10, 11:40
Hello again,

I have now upgraded the RAM to 2 GB (1 GB in each slot, which is maximum for my computer - FujitsuSiemens Amilo Li1705 - according to www.crucial.com) and the computer is still so extremely slow that there is no point in using it.

The System Information shows:
Total physical memory 1789.88 MB
Available physical memory 1.04 GB
Total virtual memory 3.72 GB
Available virtual memory 3.06 GB
Exchange file "space" 2.04 GB

The CPU is still constantly working 100%, and it is the nprosec.exe (Norman Security service) and Zanda.exe (Norman Zanda service) that utilizes 85-90% of the CPU.

Do you have any good advice?

Best regards,
Stefan

Shaba
2009-12-10, 15:08
I recommend that you uninstall/reinstall Norman to see if installation of it was corrupted.

Shaba
2009-12-19, 17:10
Due to the lack of feedback this Topic is closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

Everyone else please begin a New Topic.