|
|
rhorvath1
regular
Reg'd: Tue
Posts: 48
|
Re: SLOWDOWN
Wed Feb 13 2008 05:26 AM
|
|
|
Bricat,
I'm not sure what to say about the performance.
I tried a long webpage that I've opened frequently, and it took about 30 seconds. That's not bad compared to when it too several minutes, but sometimes it had been better than others. Also, I still haven't enabled my AVG antivirus and antispyware packages, which may account for some speedup.
I tried two operations that I've also done in the past. When I open "My Computer, it takes 2-3 minutes to populate the page with the list of drives. When I select a file from My Documents and click "Send to" (as if to copy the file to another drive), it also takes 2-3 minutes to indicate the drives in the dropdown menu. There was a time when these operations were instant, though more recently times when they would take forever!
When I check the task manager and click on performance, the CPU Usage still indicates 100% (and Processes indicates about 98% is svchost.exe). You've never commented whether this is a concern. Is that indicative of a problem??
In trying to follow your instructions, you said to disable all antispyware, and later recommended to get rid of Spywarebot. I didn't even know I had it, and couldn't find it. I tried to follow the instructios to remove it anyway, which led to the installation of SpywareDoctor.However, during the installation, my conmputer locked up for 40 minutes while I waited for it to complete "initializing." I couldn't open the task manager or even shut down normally, and had to do a hard shutdown. After that, I deleted SpywareDoctor.
I also cleaned up by removing SpywareGuard, SpywareBlaster, AdAware 6, Spybot Search and Destroy, and Eset online Scanner. I don't know whether any of these were functioning and conflicting with the AVG antispyware and Microsoft Defender. These programs were installed in 2005 when I was having various problems of a similar nature.. I also have some Indeo software ans S3(Display, Gamma2. Info2, and Overlay). I don't know what these are. Can I get rid of them?
I'm going to enable the AVG programs and see what happens. I'd appreciate some help with the questions above. Thanks,
Bob
Here are the logs.
ComboFix 08-02-13.1 - Owner 2008-02-12 20:11:14.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.702 [GMT -8:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE
C:\WINDOWS\{62FECF56-0C1E-477B-B3EB-E447AD456F43}.dat
C:\WINDOWS\system32\{73344B64-3E93-4E04-B02F-F81F3EEE592B}.dat
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\{62FECF56-0C1E-477B-B3EB-E447AD456F43}.dat
C:\WINDOWS\system32\{73344B64-3E93-4E04-B02F-F81F3EEE592B}.dat
.
((((((((((((((((((((((((( Files Created from 2008-01-13 to 2008-02-13 )))))))))))))))))))))))))))))))
.
2008-02-12 12:46 . 2008-02-12 12:49 <DIR> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-10 13:43 . 2004-08-04 00:56 388,608 --a------ C:\kmd.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 03:31 --------- d-----w C:\Program Files\Hijackthis2
2008-02-12 19:23 --------- dc----w C:\Documents and Settings\Owner\Application Data\AVG7
2008-01-25 16:52 992 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-01-11 21:53 --------- d-----w C:\Program Files\MSXML 4.0
2007-12-21 22:04 --------- d-----w C:\Program Files\Netflix
2007-09-11 22:00 6,469,352 ----a-w C:\Program Files\avgas-setup-7.5.0.50.exe
2007-09-10 05:52 488,144 ----a-w C:\Program Files\HJTsetup.exe
2006-02-19 10:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2005-01-10 01:01 10,810,909 ----a-w C:\Program Files\avg70free_300a419.exe
2005-01-07 06:27 385,357 ----a-w C:\Program Files\ccsetup116.exe
2004-12-15 18:40 203,264 ----a-w C:\Program Files\HijackThis.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28CAEFF3-0F18-4036-B504-51D73BD81ABC} REG_SZ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [ ]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-22 15:05 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
c:\Program Files\Microsoft Money\System\Activation.exe
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-06-21 09:51]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-05-30 08:32]
S3 2WIREPCP;2Wire USB;C:\WINDOWS\system32\DRIVERS\2WirePCP.sys [2003-04-17 19:48]
S3 ids0004C;ids0004C;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0004C.sys []
S3 ids0005c;ids0005c;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys []
S3 klstm;klstm;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys []
S4 msCMTSrvc;Content Monitoring Tool;C:\WINDOWS\system32\msCMTSrvc.exe []
.
Contents of the 'Scheduled Tasks' folder
"2008-02-13 04:26:02 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-11 11:00:00 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job"
- C:\Program Files\SpywareBot\SpywareBot.ex
- C:\Program Files\SpywareBot
"2008-02-13 04:28:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-12 20:23:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
.
**************************************************************************
.
Completion time: 2008-02-12 20:33:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-13 04:32:31
ComboFix2.txt 2008-02-12 06:10:48
ComboFix3.txt 2007-11-25 22:40:37
.
2008-02-09 17:33:24 --- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 8:36:39 PM, on 2/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hijackthis2\HijackThis.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\458qeupf.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\458qeupf.slt\prefs.js)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
|
|
|
|
2 registered and 22 anonymous users are browsing this forum.
Moderator: putasolutions, greysts, bricat, AndrewC, Joe_London, John_McKenna, Mouse, Hello_There, TheFatControlleR, Nanook, Noviciate
Print Thread
|
Forum Permissions
You cannot start new topics
You cannot reply to topics
HTML is disabled
Mark-up is enabled
|
Rating:
Thread views: 0
|
|
|
Previous
Index
Next
Flat
Edit
Reply
Quote
