Extremely SLOW PC

[Jack&Jill]

Hello gilmore ,

It appears AVSDK5 got removed, although there seems to be some hiccups along the way. Could you confirm it is uninstalled?

Please run DDS again and post both logs.

[gilmore]

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_27
Run by Julie Goodwin at 17:17:09 on 2011-10-29
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
TB: @c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRunOnce: [*ctmn32] "c:\program files\softwaretime\computertime\bin\ctmn32.exe" HKCU-RunOnce
mRun: [*ctmn32] "c:\program files\softwaretime\computertime\bin\ctmn32.exe" HKLM-Run
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "D:\iTunesHelper.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [PCLEUSBTip] c:\program files\pinnacle\shared files\programs\usbtip\USBTip.exe
mRun: [USBToolTip] "c:\program files\pinnacle\shared files\\programs\usbtip\USBTip.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRunOnce: [*ctmn32] "c:\program files\softwaretime\computertime\bin\ctmn32.exe" HKLM-RunOnce
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\windows\system32\STProxy.dll
DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - hxxp://coupons.smartsource.com/download/cscmv5X.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://rescam1.b2science.org/activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3F815C68-606F-4179-9E43-F7E95177B20C} : DhcpNameServer = 192.168.1.254
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\julie goodwin\application data\mozilla\firefox\profiles\07mj6jjm.default\
FF - plugin: c:\documents and settings\julie goodwin\application data\mozilla\firefox\profiles\07mj6jjm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: d:\mozilla plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R? FANTOM;LEGO MINDSTORMS NXT Driver
R? gupdate1c9b9f9fa17bde8;Google Update Service (gupdate1c9b9f9fa17bde8)
R? gupdatem;Google Update Service (gupdatem)
R? MBAMSwissArmy;MBAMSwissArmy
R? MSSQLServerADHelper100;SQL Active Directory Helper Service
R? Revoflt;Revoflt
R? RsFx0102;RsFx0102 Driver
R? SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS)
S? aswFsBlk;aswFsBlk
S? aswSnx;aswSnx
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
S? ComputerTimeServer;ComputerTime Server
S? LBeepKE;Logitech Beep Suppression Driver
S? STProxy;STProxy
S? WsAudio_DeviceS(1);WsAudio_DeviceS(1)
S? WsAudio_DeviceS(2);WsAudio_DeviceS(2)
S? WsAudio_DeviceS(3);WsAudio_DeviceS(3)
S? WsAudio_DeviceS(4);WsAudio_DeviceS(4)
S? WsAudio_DeviceS(5);WsAudio_DeviceS(5)
.
=============== Created Last 30 ================
.
2011-10-26 04:42:08 527208 ------w- c:\windows\system32\HPDiscoPM5412.dll
2011-10-21 03:57:19 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-21 03:56:54 41184 ----a-w- c:\windows\avastSS.scr
2011-10-21 03:56:39 -------- d-----w- c:\program files\AVAST Software
2011-10-21 03:56:39 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-10-14 01:48:22 -------- d-----w- c:\documents and settings\julie goodwin\application data\QuickScan
2011-10-12 13:49:32 -------- d-----w- c:\documents and settings\julie goodwin\local settings\application data\VS Revo Group
2011-10-12 13:49:09 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-10-12 13:49:06 -------- d-----w- c:\program files\VS Revo Group
2011-10-07 03:41:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-07 03:41:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-06 11:30:00 -------- dc----w- C:\_OTM
2011-10-04 04:26:19 -------- d-----w- c:\program files\ESET
.
==================== Find3M ====================
.
2011-10-21 03:28:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 13:38:49 96200 ----a-w- c:\windows\system32\drivers\CDAVFS.sys
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ------w- c:\windows\system32\win32k.sys
2011-08-17 21:32:17 832512 ----a-w- c:\windows\system32\wininet.dll
2011-08-17 21:32:16 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-08-17 21:32:16 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-17 21:32:15 17408 ----a-w- c:\windows\system32\corpol.dll
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-17 12:22:23 389120 ----a-w- c:\windows\system32\html.iec
2006-08-25 23:43:48 11817800 -c----w- c:\program files\GoogleEarth.exe
2002-07-26 22:02:06 153088 -c--a-w- c:\program files\UNWISE.EXE
.
============= FINISH: 17:23:37.40 ===============

[Jack&Jill]

Hello gilmore ,

AVSDK5 has been taken care of. I guess that's it. Lets do some housekeeping before I give you some security recommendations in the next step.

You should always keep your Java updated to the latest version too.

• To set for automatic updates of Java, Go to Start > Control Panel.
• Double click on the Java icon to open the Java Control Panel.
• Click on the Update tab.
• Make sure the option Check for Updates Automatically is ticked.
• You can also update Java manually via the Update Now button, then continue accordingly.
• Click on OK when you are done.

--------------------

Please backup the registry with ERUNT.

Rerun OTM

• Double click OTM.exe to run it.
• Copy and paste the following text into the white box under Paste Instructions for Items to be Moved:
  
  Code:

  :files
  c:\program files\vuze_remote
  c:\windows\system32\drivers\CDAVFS.sys
  C:\Program Files\Common Files\Authentium
  C:\Documents and Settings\Julie Goodwin\Local Settings\Application Data\Vuze_Remote
  
  :reg
  [-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar]
  "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-
  "{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}"=-
  "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=-
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  "MMTray"=-
  
  :commands
  [CREATERESTOREPOINT]
  [emptytemp]

• Click the red MoveIt! button. Everything on the desktop may disappear, this is normal. Please wait until the tool completes its routine.
• Copy everything in the Results window (under the green bar) and paste it in your next reply.
• The results can also be found in C:\_OTM\MovedFiles folder, the log file being named MMDDYYYY_HHMMSS.log, where MMDDYYYY_HHMMSS represent the date and time the fix was performed.

--------------------

Please post back:
1. OTM log

[gilmore]

Hi-
I did the java update. The Erunt. But, when I ran the OTM, I had problems. First, without copying and pasting the instructions, it seemed to run itself before ever giving the "move it" page. Then I got the "move it" page to work. I copied and pasted the instructions. It seemed to run fine, but then I got an error message. The log was not created.

[Jack&Jill]

Hello gilmore ,

Could you explain in more details about the error message? The OTM step is just to clear off some leftovers, so we could either continue troubleshooting or just move on to the security recommendations and close the topic. If you no longer have any problems, I suggest the latter. What do you say?

[gilmore]

There were two error messages. They were small boxes - don't remember exactly what they said. The first had to do with an error in removing something. The second said that the log could not be created.
If you recommend to clean up the left overs, then lets keep troubleshooting. I had run the OTM in the past, so I think I did everything correctly, it's strange that I got those two messages.
Or, if this is normal and you don't think the error messages are a big deal - then lets continue with the security recomendations.

[Jack&Jill]

Hello gilmore ,

We go for the security recommendations.

Please delete these manually:
c:\program files\vuze_remote
c:\windows\system32\drivers\CDAVFS.sys
C:\Program Files\Common Files\Authentium
C:\Documents and Settings\Julie Goodwin\Local Settings\Application Data\Vuze_Remote

--------------------

Congratulations, you are All Clear to go. Glad to hear everything is good and running . If you have any more problems, please let me know.

Now we need to clear out the programs we have been using to clean up your computer. They are not suitable for general malware removal and could cause damage if used inappropriately.

• Run OTM by double clicking on OTM.exe. Click on CleanUp, proceed to reboot if prompted.
• Delete the aswMBR, MiniToolBox, Rootkit Unhooker, GMER, TDSSKiller and SystemLook files on your desktop.
• Delete any logs on the desktop.

Some tips to help you stay clean and safe:

1. Keep your Windows up to date. Enable Automatic Updates for Windows XP to always update the latest security patches from Microsoft, or you can download from the Microsoft website. Otherwise, your computer will be vulnerable to new exploits or malwares.

2. Purge System Restore, for this one time only. A recovery feature will only be useful if it is clean from malwares. See Windows XP System Restore Guide for some detail explanations.

3. Update your Antivirus program regularly, it is a must for constant protection against viruses. Please keep only one AV installed.

4. Install Malwarebytes' Anti-Malware if you haven't and use it occasionally. It is a new and powerful anti-malware tool, totally free but for real-time protection you will have to pay a small one-time fee.

5. Install WinPatrol, a great protection program that helps you monitor for unwanted files or applications.

6. Use a hosts file to block the access of bad sites from your computer. Get yourself a MVPS Hosts for this purpose.

7. Install Web of Trust (WOT). WOT keeps you from dangerous websites with warnings and blockings.

8. Protect your computer from removable or USB drive infections with MCShield, an effective method to prevent malware from spreading.

9. Keep all your softwares updated. Visit Secunia Software Inspector to find out if any updates required.

10. Also look up:
Computer Security - a short guide to staying safer online
PC Safety and Security - What Do I Need? By Glaswegian
How to prevent malware: By miekiemoes
So how did I get infected in the first place? By Tony Klein
Microsoft Online Safety

Stay safe.

Your donation helps in improving Spybot-S&D!

[Jack&Jill]

As your problems appear to have been resolved, this topic is now closed.

We are glad to be of help. If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read :
Your donation helps in improving Spybot-S&D!