| rhorvath1 |
| (regular) |
| Sun Feb 10 2008 10:07 PM |
SLOWDOWN
|
My computer is operating very slowly again, especially downloading webpages, opening certain windows (e.g., My Computer), and getting locked up on simple functions like trying to close a window. There are also some weird new messages upon startup such as "Data Execution Prevention-To help protect your computer, Windows has closed this program--Name: Generic Host Program for Win 32 Services" (several repeated similar messages). Also, when I check the Task Manager, the CPU Usage is essentailly always at 100%, even though we increased the RAM to 1 GB not long ago. It's like something else is taking over my computer. I went through this several months ago, using scans like COMBOFIX, but the relief was temporary.
Here is the HJT log. Help will be MUCH appreciated!
Bob
Logfile of HijackThis v1.99.1
Scan saved at 1:47:56 PM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\ps2.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis2\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://netservices.verizon.net/portal/si...295c48&nv=A
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\458qeupf.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\458qeupf.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://safety.live.com
O16 - DPF: Yahoo! Backgammon - http://download2.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: {34A62D17-75E0-198F-E198-6EAB771A2467} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124245204843
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - https://www.verizon.net/WhatsNext/CheckMyPc/MotivePreQual.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A381CF24-E876-4F0C-8384-C73DE00349F7}: NameServer = 151.164.1.8,206.13.28.12
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
| bricat |
| (HijackThis Helper) |
| Mon Feb 11 2008 04:42 PM |
|
Re: SLOWDOWN
|
Please download ComboFix from either of these two locations
BleepingComputerComboFix
geeks to go combofix
* Double click combofix.exe & follow the prompts.
* When finished, it shall produce a log for you. Post that log in your next reply
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Post back with the log from ComboFix and a new HJT log please.
| rhorvath1 |
| (regular) |
| Tue Feb 12 2008 06:22 AM |
Re: SLOWDOWN
|
Bricat,
Here are the ComboFix and HJT logs, hope it worked.
Bob
ComboFix 08-02-12.1 - Owner 2008-02-11 21:57:20.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.541 [GMT -8:00]
Running from: C:\Documents and Settings\Owner\My Documents\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Fonts\acrsecB.fon
.
((((((((((((((((((((((((( Files Created from 2008-01-12 to 2008-02-12 )))))))))))))))))))))))))))))))
.
2008-02-10 13:43 . 2004-08-04 00:56 388,608 --a------ C:\kmd.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 05:35 --------- dc----w C:\Documents and Settings\Owner\Application Data\AVG7
2008-02-10 21:47 --------- d-----w C:\Program Files\Hijackthis2
2008-01-25 16:52 992 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-01-11 21:53 --------- d-----w C:\Program Files\MSXML 4.0
2007-12-21 22:04 --------- d-----w C:\Program Files\Netflix
2007-09-11 22:00 6,469,352 ----a-w C:\Program Files\avgas-setup-7.5.0.50.exe
2007-09-10 05:52 488,144 ----a-w C:\Program Files\HJTsetup.exe
2006-02-19 10:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2005-01-10 01:01 10,810,909 ----a-w C:\Program Files\avg70free_300a419.exe
2005-01-08 23:38 2,062,665 ----a-w C:\Program Files\spywareguardsetup.exe
2005-01-08 01:30 2,247,855 ----a-w C:\Program Files\spywareblastersetup.exe
2005-01-08 01:06 4,354,084 ----a-w C:\Program Files\spybotsd13.exe
2005-01-07 06:27 385,357 ----a-w C:\Program Files\ccsetup116.exe
2004-12-15 18:40 203,264 ----a-w C:\Program Files\HijackThis.exe
2003-02-23 02:57 32 --sha-w C:\WINDOWS\{62FECF56-0C1E-477B-B3EB-E447AD456F43}.dat
2003-02-23 02:57 32 --sha-w C:\WINDOWS\system32\{73344B64-3E93-4E04-B02F-F81F3EEE592B}.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28CAEFF3-0F18-4036-B504-51D73BD81ABC} REG_SZ ]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 13:18 443968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2002-02-20 19:40 143360]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 08:01 155648]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 21:42 212992]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 20:28 81920]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-09-09 07:05 114688]
"BlockTracker"="c:\hp\bin\BlockTracker.exe" [ ]
"SpywareBot"="C:\Program Files\SpywareBot\SpywareBot.exe" [ ]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"MsgCenterExe"="C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [ ]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-03-11 13:37 936960]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41 49152]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-10-22 14:33 6731312]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-20 09:55 579072]
"S3TRAY2"="S3tray2.exe" [2003-02-25 04:33 69632 C:\WINDOWS\system32\S3tray2.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [ ]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-22 15:05 219136]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22 288472]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 06:56:20 73728]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 12:05:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
c:\Program Files\Microsoft Money\System\Activation.exe
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-06-21 09:51]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-05-30 08:32]
S3 2WIREPCP;2Wire USB;C:\WINDOWS\system32\DRIVERS\2WirePCP.sys [2003-04-17 19:48]
S3 ids0004C;ids0004C;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0004C.sys []
S3 ids0005c;ids0005c;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys []
S3 klstm;klstm;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys []
S4 msCMTSrvc;Content Monitoring Tool;C:\WINDOWS\system32\msCMTSrvc.exe []
.
Contents of the 'Scheduled Tasks' folder
"2008-02-12 05:35:12 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-11 11:00:00 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job"
- C:\Program Files\SpywareBot\SpywareBot.ex
- C:\Program Files\SpywareBot
"2008-02-12 06:08:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 22:06:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2008-02-11 22:10:44
ComboFix-quarantined-files.txt 2008-02-12 06:09:34
ComboFix2.txt 2007-11-25 22:40:37
.
2008-02-09 17:33:24 --- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 10:20:35 PM, on 2/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\ps2.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis2\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://netservices.verizon.net/portal/si...295c48&nv=A
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\458qeupf.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\458qeupf.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://safety.live.com
O16 - DPF: Yahoo! Backgammon - http://download2.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: {34A62D17-75E0-198F-E198-6EAB771A2467} - http://67.19.178.86/1/rdgUS1742.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124245204843
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - https://www.verizon.net/WhatsNext/CheckMyPc/MotivePreQual.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A381CF24-E876-4F0C-8384-C73DE00349F7}: NameServer = 151.164.1.8,206.13.28.12
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
| bricat |
| (HijackThis Helper) |
| Tue Feb 12 2008 09:23 AM |
|
|
|
Re: SLOWDOWN
|
Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:
Quote:
Killall::
File::
C:\WINDOWS\system32\{73344B64-3E93-4E04-B02F-F81F3EEE592B}.dat
C:\WINDOWS\{62FECF56-0C1E-477B-B3EB-E447AD456F43}.dat
Registry::
[-HKEY_LOCAL_MACHINE\~\BrowserHelperObjects\{28CAEFF3-0F18-4036-B504-51D73BD81ABC}REG_SZ]
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.
Refering to the picture above, drag CFScript.txt into ComboFix.exe
Restart your computer.
When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please and
let me know how it is running.
P.S i suggest you uninstall SpywareBot CLICK HERE
| rhorvath1 |
| (regular) |
| Wed Feb 13 2008 05:26 AM |
Re: SLOWDOWN
|
Bricat,
I'm not sure what to say about the performance.
I tried a long webpage that I've opened frequently, and it took about 30 seconds. That's not bad compared to when it too several minutes, but sometimes it had been better than others. Also, I still haven't enabled my AVG antivirus and antispyware packages, which may account for some speedup.
I tried two operations that I've also done in the past. When I open "My Computer, it takes 2-3 minutes to populate the page with the list of drives. When I select a file from My Documents and click "Send to" (as if to copy the file to another drive), it also takes 2-3 minutes to indicate the drives in the dropdown menu. There was a time when these operations were instant, though more recently times when they would take forever!
When I check the task manager and click on performance, the CPU Usage still indicates 100% (and Processes indicates about 98% is svchost.exe). You've never commented whether this is a concern. Is that indicative of a problem??
In trying to follow your instructions, you said to disable all antispyware, and later recommended to get rid of Spywarebot. I didn't even know I had it, and couldn't find it. I tried to follow the instructios to remove it anyway, which led to the installation of SpywareDoctor.However, during the installation, my conmputer locked up for 40 minutes while I waited for it to complete "initializing." I couldn't open the task manager or even shut down normally, and had to do a hard shutdown. After that, I deleted SpywareDoctor.
I also cleaned up by removing SpywareGuard, SpywareBlaster, AdAware 6, Spybot Search and Destroy, and Eset online Scanner. I don't know whether any of these were functioning and conflicting with the AVG antispyware and Microsoft Defender. These programs were installed in 2005 when I was having various problems of a similar nature.. I also have some Indeo software ans S3(Display, Gamma2. Info2, and Overlay). I don't know what these are. Can I get rid of them?
I'm going to enable the AVG programs and see what happens. I'd appreciate some help with the questions above. Thanks,
Bob
Here are the logs.
ComboFix 08-02-13.1 - Owner 2008-02-12 20:11:14.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.702 [GMT -8:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE
C:\WINDOWS\{62FECF56-0C1E-477B-B3EB-E447AD456F43}.dat
C:\WINDOWS\system32\{73344B64-3E93-4E04-B02F-F81F3EEE592B}.dat
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\{62FECF56-0C1E-477B-B3EB-E447AD456F43}.dat
C:\WINDOWS\system32\{73344B64-3E93-4E04-B02F-F81F3EEE592B}.dat
.
((((((((((((((((((((((((( Files Created from 2008-01-13 to 2008-02-13 )))))))))))))))))))))))))))))))
.
2008-02-12 12:46 . 2008-02-12 12:49 <DIR> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-10 13:43 . 2004-08-04 00:56 388,608 --a------ C:\kmd.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 03:31 --------- d-----w C:\Program Files\Hijackthis2
2008-02-12 19:23 --------- dc----w C:\Documents and Settings\Owner\Application Data\AVG7
2008-01-25 16:52 992 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-01-11 21:53 --------- d-----w C:\Program Files\MSXML 4.0
2007-12-21 22:04 --------- d-----w C:\Program Files\Netflix
2007-09-11 22:00 6,469,352 ----a-w C:\Program Files\avgas-setup-7.5.0.50.exe
2007-09-10 05:52 488,144 ----a-w C:\Program Files\HJTsetup.exe
2006-02-19 10:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2005-01-10 01:01 10,810,909 ----a-w C:\Program Files\avg70free_300a419.exe
2005-01-07 06:27 385,357 ----a-w C:\Program Files\ccsetup116.exe
2004-12-15 18:40 203,264 ----a-w C:\Program Files\HijackThis.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28CAEFF3-0F18-4036-B504-51D73BD81ABC} REG_SZ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [ ]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-22 15:05 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
c:\Program Files\Microsoft Money\System\Activation.exe
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-06-21 09:51]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-05-30 08:32]
S3 2WIREPCP;2Wire USB;C:\WINDOWS\system32\DRIVERS\2WirePCP.sys [2003-04-17 19:48]
S3 ids0004C;ids0004C;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0004C.sys []
S3 ids0005c;ids0005c;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys []
S3 klstm;klstm;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys []
S4 msCMTSrvc;Content Monitoring Tool;C:\WINDOWS\system32\msCMTSrvc.exe []
.
Contents of the 'Scheduled Tasks' folder
"2008-02-13 04:26:02 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-11 11:00:00 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job"
- C:\Program Files\SpywareBot\SpywareBot.ex
- C:\Program Files\SpywareBot
"2008-02-13 04:28:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-12 20:23:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
.
**************************************************************************
.
Completion time: 2008-02-12 20:33:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-13 04:32:31
ComboFix2.txt 2008-02-12 06:10:48
ComboFix3.txt 2007-11-25 22:40:37
.
2008-02-09 17:33:24 --- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 8:36:39 PM, on 2/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hijackthis2\HijackThis.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\458qeupf.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\458qeupf.slt\prefs.js)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
| bricat |
| (HijackThis Helper) |
| Wed Feb 13 2008 09:31 AM |
|
|
|
Re: SLOWDOWN
|
usually when svchost is running 98% of CPU it is because of a conflict with another program, firewall , anti virus etc.
try removing or disabling programs one at a time to see if you can pinpoint the culprit.
if removeing anti virus and firewall make sure you are disconnected from the internet.
Indeo software :- is video playback software, i would remove his for the time being, it can always be reinstalled later if reqd.
there is a BHO in your scan which indicates elitebar adware.
Download Elite Toolbar remover.
Unzip it
Boot into Safe Mode
Run the program and click Kill EliteToolbar. It will scan your PC.
A command prompt Window will popup sometime during the process, hit Y and press enter.
reboot and see how it is running at let us know any developements.
| rhorvath1 |
| (regular) |
| Sun Feb 17 2008 04:57 AM |
|
Re: SLOWDOWN
|
Bricat,
I've been experimenting, but this is too WEIRD for me to figure out.
I used the Elite Toolbar remover and rebooted. For ten minutes, everything was GREAT!: webpages were loading fast, and the Task Manager showed svchost.exe at zero. So I tried opening MY COMPUTER as a test--it took 2-3 minutes to search and finally list the drives and two document folders. Checking Task Manager again, svchost.exe went to 99%. I shut down MY COMPUTER window, but svchost.exe stayed at 99%! Webpages were again slow.
I have repeatedly shut down and restarted, and checked Task Manager. There are four to six svchost.exe's when I start (e.g. one LOCAL SERVICE, two NETWORK SERVICE, two SYSTEM). Sometimes when I start up, they are zero usage, and system idle is about 99%; other times, one of the svchost.exe's is at 99% (either SYSTEM or no username). If it's at zero, I can trigger it to 99% by hitting MY COMPUTER or perhaps opening Google.
I tried disabling programs. I first shut down and rebooted, and svchost.exe was still 99% (username SYSTEM). I sequentially disabled and re-enabled Kerio Personal Firewall, AVG Anti-Spyware and AVG Anti-virus while checking the CPU USAGE; nothing made any difference, i.e., the svchost.exe stayed at 99% after I disabled each program. Are there others I should try this with? (I also tried to uninstall Indeo, which triggered an Uninstall Shield, but got a message about Unable to locate the installation logfile-uninstallation will not continue).
When I startup after a longer shutdown, I still get the message: To help protect your computer, Windows has closed this program--Name:Generic Host Process for Win 32 Services, and after closing the message, Generic Host Process for Win 32 Services encountered a problem and had to close--I get more info about the Error Signature and Technical Info if I click further. Does this mean anything with regard to the other issues?
In summary, something seems to trigger 99% CPU usage by svchost.exe, and I can do it by opening MY COMPUTER, but other things also seem to trigger it. It slows down my other operations. Sometimes shutting down works to relieve it, other times not.
I see there are free downloads such as RegCure Svchost Repair; Should I try this? (they also offer a Registry Cleaner)
What would happen if I used Task Manager to simply end the process which is using 99% of the CPU?
Am I giving you the right information? I'm not sure if there's any logic here.
I'll end with another HJT log. Thanks for your help.
Bob
Logfile of HijackThis v1.99.1
Scan saved at 8:59:00 PM, on 2/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Hijackthis2\HijackThis.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
| bricat |
| (HijackThis Helper) |
| Sun Feb 17 2008 09:46 AM |
|
|
|
Re: SLOWDOWN
|
nothing showing in your log.
Please download and run the KASPERSKY ONLINE SCAN
save the log file and post it back here.
| rhorvath1 |
| (regular) |
| Mon Feb 18 2008 01:34 AM |
|
Re: SLOWDOWN
|
ran kaspersky download and scan, which found 2 viruses and 8 suspicious and one infected files but was unable to save the scan. Tried right clicking, looking for file save, tools, but in the end I cannot find where the log file was saved if it was. Tried using Explore to find where in my system, Kaspersky is stored fromt he download. What am I doing wrong?
| bricat |
| (HijackThis Helper) |
| Mon Feb 18 2008 08:47 AM |
|
|
|
Re: SLOWDOWN
|
not sure where the log is put, i thought it should be on the desktop.
this scan is better, it will remove anything it finds.
Using Internet Explorer, click here to use the Eset Online Scanner.
- Accept the terms of use and click the Start button.
- When prompted to install an ActiveX Control, click the yellow notification bar and select Install ActiveX Control..
- Click the Install button on the Security Warning window which appears.
- Once the ActiveX installs click the Start button to download the signature database when prompted.
- On the "Computer Scan" options window select Remove found threats ONLY, then click Scan.
- A log file of the results can be found at C:/Program Files/EsetOnlineScanner/log.txt
- Post the results in your next reply please.
| rhorvath1 |
| (regular) |
| Mon Feb 18 2008 08:57 PM |
|
Re: SLOWDOWN
|
Hello again,
Here is the Eset log, but it said it found no threats, whereas Kaspersky supposedly found two viruses, although it didn't indicate whether it removed them.
Bob
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2883 (20080218)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=3e264a6dc458b04296f166aa5dd34440
# end=finished
# remove_checked=true
# unwanted_checked=false
# utc_time=2008-02-18 08:12:02
# local_time=2008-02-18 12:12:02 (-0800, Pacific Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=351513
# found=0
# scan_time=3804
| bricat |
| (HijackThis Helper) |
| Mon Feb 18 2008 11:10 PM |
|
|
|
Re: SLOWDOWN
|
the eset scan is pretty thorough, but if you want to run the kaspersky scan again, at the end it gives you the option to manually "save As" the log. You have to select the location as well.
try running sfc \scannow
to see if any system files are missing.
put your XP disc in the drive.
click on START\RUN and type CMD into the address bar and click OK.
At the DOS PROMPT type SFC /SCANNOW. note the space between SFC and /SCANNOW. hit enter.
| rhorvath1 |
| (regular) |
| Thu Feb 21 2008 08:54 PM |
|
Re: SLOWDOWN
|
We decided to try Geek Squad to fix things. $129 to fix or your money back. They spent the better part of two days running scans repeatedly and removing things (Spysweeper, for example got 4 Trojans, and various programs kept rooting out adware), but after all was said and done, we had to back up our files, wipe out our hard drive to get rid of whatever virus was attached to something, and are starting over. Apparently, our virus and malware (AVG, etc.) protection was inadequate. We're going to try something else. I see Norton 360 is on sale, maybe that will be our next attempt to protect ourselves. Any recommendations on what's best ?
Bob
| bricat |
| (HijackThis Helper) |
| Thu Feb 21 2008 10:21 PM |
|
|
|
Re: SLOWDOWN
|
did you get your money back off "geek squad" ?
I use NOD32.