Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

SLOW OR SO SLOW...

This is a discussion on SLOW OR SO SLOW... within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Mother-in-law's laptop slowing to a crawl... Win 7,64 bit 3Gb RAM, 40Gb free disk space Kaspersky AV Ran CCLeaner and


Reply
 
Thread Tools Search this Thread
Old 01-15-2012, 02:42 PM   #1
Registered Member
 
Join Date: Oct 2010
Posts: 17
OS: XP



Mother-in-law's laptop slowing to a crawl...

Win 7,64 bit
3Gb RAM, 40Gb free disk space
Kaspersky AV

Ran CCLeaner and Purag Defrag, removed pretty much everything from the start up - some marginal improvement but still very very slow

here's the DDS, the other file is attached. Not including GMER as the instructions call for 32 bit only...

thanks so much in advance

Dmitri

-----------------------

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Ludmila at 16:51:37 on 2012-01-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2048.910 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=e627&r=273602100835l0374z1k5r48523258
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=e627&r=273602100835l0374z1k5r48523258
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: DealPly: {a6174f27-1fff-e1d6-a93f-ba48ad5dd448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Facetheme: {de4e75d3-60aa-4f02-a0e4-c8a40576574c} - C:\Program Files (x86)\Object\bho_project.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7A8C263C-2926-4381-8379-B74C134AC46E} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7A8C263C-2926-4381-8379-B74C134AC46E}\4514020534255405149425 : DhcpNameServer = 68.237.161.12 71.250.0.12
TCP: Interfaces\{7EA15B26-1C81-4787-8908-863F775EAAAF} : DhcpNameServer = 68.237.161.12 71.250.0.12
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~2\sbhook.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO-X64: StartNow Toolbar Helper - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: DealPly: {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Facetheme: {de4e75d3-60aa-4f02-a0e4-c8a40576574c} - C:\Program Files (x86)\Object\bho_project.dll
BHO-X64: BHO Project - No File
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
BHO-X64: link filter bho - No File
BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~2\sbhook.dll
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -r --> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -r [?]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [2009-8-21 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-6-4 1150496]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-2-6 173344]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-17 144640]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2011-7-27 267488]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-8-21 240160]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-2 135664]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-2 135664]
S3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
S3 LVcKap64;Logitech AEC Driver;C:\Windows\system32\DRIVERS\LVcKap64.sys --> C:\Windows\system32\DRIVERS\LVcKap64.sys [?]
S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;QuickCam for Notebooks Deluxe(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-17 50432]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 PuranDefrag;PuranDefrag;"C:\Windows\system32\PuranDefragS.exe" --> C:\Windows\system32\PuranDefragS.exe [?]
.
=============== Created Last 30 ================
.
2012-01-15 16:11:11 270336 ----a-w- C:\Windows\System32\PuranDefrag.dll
2012-01-15 16:11:10 275968 ----a-w- C:\Windows\System32\PuranDC.exe
2012-01-15 16:11:10 130048 ----a-w- C:\Windows\System32\PuranDefragBT.exe
2012-01-15 16:11:09 290816 ----a-w- C:\Windows\System32\PuranDefragS.exe
2012-01-15 16:11:08 1417216 ----a-w- C:\Windows\System32\PuranFD.exe
2012-01-15 16:11:07 -------- d-----w- C:\Program Files\Puran Defrag
2012-01-15 16:01:03 -------- d-----w- C:\Program Files\CCleaner
2012-01-13 14:42:16 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{38FAFAD5-F997-4D96-82F8-C7C13EC2FC8C}\offreg.dll
2012-01-13 14:42:11 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{38FAFAD5-F997-4D96-82F8-C7C13EC2FC8C}\mpengine.dll
2012-01-11 15:11:52 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-11 15:11:51 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-11 15:11:49 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-11 15:11:46 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-11 15:11:14 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-11 15:11:13 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-11 15:09:27 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-11 15:09:27 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-08 02:38:28 -------- d-----w- C:\Users\Ludmila\AppData\Local\{75C9402D-F46D-4A63-AF78-8FD9621BD4D5}
2012-01-08 02:37:57 -------- d-----w- C:\Users\Ludmila\AppData\Local\{538B0E2F-6A96-41AB-92C6-CF55E9029F35}
2012-01-08 02:34:40 -------- d-----w- C:\Users\Ludmila\AppData\Local\{421BAE49-4131-4B5F-9EF6-15C453847D06}
2012-01-08 02:34:23 -------- d-----w- C:\Users\Ludmila\AppData\Local\{B6640D59-18B0-409D-A6A1-EC41F78AAB1C}
2012-01-01 18:18:10 -------- d-----w- C:\Users\Ludmila\AppData\Local\{527E5CDE-BA5F-4E94-880E-BE32D4423F12}
2012-01-01 18:17:36 -------- d-----w- C:\Users\Ludmila\AppData\Local\{B436BC88-9D76-4648-8AE0-BF0F22D1C8CC}
2012-01-01 18:15:47 -------- d-----w- C:\Users\Ludmila\AppData\Local\{35412319-407C-46E7-AB31-0DD67FC9CCBF}
2012-01-01 18:15:32 -------- d-----w- C:\Users\Ludmila\AppData\Local\{6F822FCC-8835-4D44-A666-783AA3F3298E}
2011-12-29 15:26:21 -------- d-----w- C:\Users\Ludmila\AppData\Local\{6AEE4A4D-E4DC-43D0-87E6-885E29C7BE2C}
.
==================== Find3M ====================
.
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-21 17:00:44 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-26 05:21:20 43520 ----a-w- C:\Windows\System32\csrsrv.dll
.
============= FINISH: 17:00:40.53 ===============
Attached Files
File Type: zip Attach.zip (2.4 KB, 4 views)

__________________
dmitriny1 is offline   Reply With Quote
Old 01-23-2012, 04:23 PM   #2
Registered Member
 
Join Date: Oct 2010
Posts: 17
OS: XP



Hi - follwing up on this thread - it's been open for almost a week now... Can anyone help?

thanks

__________________
dmitriny1 is offline   Reply With Quote
Old 01-23-2012, 04:59 PM   #3
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,309
OS: WinXP Home, Vista, Windows 7 64bit



Hello dmitriny1,

Can you tell me a bit more as to why you suspect malware as the cause? Did Kaspersky detect or alert you to anything?

I do see an undesireable program installed that can account for some of the slowness. Click Start>Control Panel>Programs and Features. Uninstall Startnow Toolbar and reboot.

Also, could you provide more detail on what is slow? Everything from boot up to opening programs, or just browsing the web...?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Old 01-23-2012, 05:47 PM   #4
Registered Member
 
Join Date: Oct 2010
Posts: 17
OS: XP



Reid - I am suspecting malware mostly by association - i had very similar symptoms on my computer a year ago, and the cause was determined to be Malware. Additionally, - mother-in-law (it's her laptop) clicks on all kinds of links and downloads everything and she said her Skype started acting weird - running ads, making calls, etc.

specifically - CPU running at 100% most of the time, takes forever to navigate in windows - open programs or files, etc. Internet is very slow - Spedtest.org measures 505 ms latency ping / 4.8 Mbps download vs 5 ms / 16 Mbps that my computer that runs on the same network registers when i run the test side by side .

Startnow is gone along with Skype
__________________
dmitriny1 is offline   Reply With Quote
Old 01-23-2012, 05:56 PM   #5
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,309
OS: WinXP Home, Vista, Windows 7 64bit



Thanks. :)

Download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Save it to your desktop.
Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Old 01-23-2012, 08:26 PM   #6
Registered Member
 
Join Date: Oct 2010
Posts: 17
OS: XP



here you go...
--------

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org
Database version: v2012.01.24.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ludmila :: LUDMILA-PC [administrator]
1/23/2012 9:17:59 PM
mbam-log-2012-01-23 (21-17-59).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203839
Time elapsed: 7 minute(s), 6 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 1
C:\Program Files (x86)\Object (PUP.FCTPlugin) -> Quarantined and deleted successfully.
Files Detected: 4
C:\Program Files (x86)\Object\status.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\config.ini (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\enable.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Object\status2.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
(end)
__________________
dmitriny1 is offline   Reply With Quote
Old 01-23-2012, 08:33 PM   #7
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,309
OS: WinXP Home, Vista, Windows 7 64bit



That's not quite serious enough to cause system wide problems. Are you experiencing any redirects when you Google with Internet Explorer?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Old 01-24-2012, 05:30 AM   #8
Registered Member
 
Join Date: Oct 2010
Posts: 17
OS: XP



no redirects. are you thinking this could be something else that is not related to malware?
__________________
dmitriny1 is offline   Reply With Quote
Old 01-24-2012, 02:26 PM   #9
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,309
OS: WinXP Home, Vista, Windows 7 64bit



If redirects were occurring, then we'd need to take a closer look at the mbr. No redirects, then mbr is not involved.

StartNow Toolbar has been associated with some other types of malware. Typically though, it's bundled with a 'legit' download that you have to pay close attention to when installing and 'uncheck' that installation.

Due to the above, I'm going to have you run ComboFix. Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

How is the machine behaving now? Any improvement?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Old 01-25-2012, 05:25 AM   #10
Registered Member
 
Join Date: Oct 2010
Posts: 17
OS: XP



I ran Combofix (took about 2 hours to finish last night), but I guess it was also downloading Windows updates in the background while it was running it. At the end - after the laptop was rebooted, it gave me this message on Windows login screen -
"Failure configuring Windows updates. Reverting changes. Do not turn off your computer". I left it overnight and this morning it still shows the same message. I re-started it and it went back to the same message about failure to configure and reverting changes.

I am sure there is a way to deal with it (go in in a Safe Mode or do System Restore), - i just need instructions on how to do it. I am running off to work now, but i'll be able to work on it this evening

thanks in advance, Dmitri
__________________
dmitriny1 is offline   Reply With Quote
Old 01-25-2012, 01:53 PM   #11
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,309
OS: WinXP Home, Vista, Windows 7 64bit



The simplest way to deal with this is to tap F8 (same as you would to get to Safe Mode) but instead, select Repair your computer.

Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight System Restore and press Enter.

Select the restore point created just before the Windows Updates began. If this takes it back to the restore point that ComboFix created, then turn off Windows Updates and run ComboFix again. :)
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Old 01-26-2012, 05:53 AM   #12
Registered Member
 
Join Date: Oct 2010
Posts: 17
OS: XP



Ok - i re-run ComboFix after System restore and I am attaching logs for both pre- and post- restore scans (0124 is pre, 0125 is post)

The performance is noticeably better, but from time to time I am seeing strange behavior, - for example today I couldn’t do anything in Windows Explorer (open file, etc.) – it was giving me an error message something about missing Registry Entry. I re-started the laptop and everything seems to be working again

Let me know if you see anything in the logs, - I am going to test it thoroughly tonight to see how it works and will post if I see anything strange.

Thanks again for your help
Attached Files
File Type: txt ComboFix_0124.txt (13.8 KB, 3 views)
File Type: txt ComboFix_0125.txt (13.8 KB, 3 views)
__________________
dmitriny1 is offline   Reply With Quote
Old 01-26-2012, 06:34 PM   #13
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,309
OS: WinXP Home, Vista, Windows 7 64bit



Quote:
it was giving me an error message something about missing Registry Entry. I re-started the laptop and everything seems to be working again
If that message was more along the lines of 'registry key is marked for deletion...' that sometimes happens on Vista/Win7 machines after running ComboFix. It's nothing to worry about - a reboot resolves that issue.

The logs look good. Let me know how the machine is after you've had a chance to really use it.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Old 01-26-2012, 08:14 PM   #14
Registered Member
 
Join Date: Oct 2010
Posts: 17
OS: XP



thanks - so far so good... If I won't post any updates in the next 24 hours - Ok to close the thread and moved it into "resolved"

thanks again for all your help
__________________
dmitriny1 is offline   Reply With Quote
Old 01-26-2012, 08:35 PM   #15
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,309
OS: WinXP Home, Vista, Windows 7 64bit



Sounds good to me, and you're welcome.

If all turns out well, you'll need to do some final cleanup. Please do not skip this step as it will implement important cleanup procedures, as well as reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point for you.


Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /uninstall

--------------------------------------------------------------------

Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.


To help protect Mom's computer in the future I would recommend installing
WOT, Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns her about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
WOT has an addon available for both Firefox and IE.



Scan here Secunia - The Leading Provider of Vulnerability Management and Vulnerability Intelligence Solutions for out of date & vulnerable common applications on your computer


BACKING UP YOUR REGISTRY
ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders System Restore unavailable by simple means. With ERUNT, you're able to restore the damaged Registry.

Vista/Windows 7 users - see this link for proper setup of Erunt Automatically Backup your Windows Vista Registry daily using ERUNT - The Winhelponline Blog[/list]

__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Web browsing is REALLY slow, but downloads are fine
This is my first post here, so please bear with me... I was originally going to post this in the "malware" forum, but I am not convinced that linked to anything malicious and wanted to get peoples thoughts first. I have 2-3MB/S DSL and a desktop PC connected to the router with a cable. Its...
jweaver Windows XP Support 12 12-14-2011 07:42 PM
Slow computer, internet... possible virus
Hi, my computer has been very very slow and with a very very slow internet for the last week. I have to refresh pages several times for them to load and even when they do start loading then they take minutes. The computer is very slow too (opening files, programs etc.) Specs: Windows 7 ultimate...
Relaelus Inactive Malware Help Topics 0 11-09-2011 12:20 PM
Slow, catastrophic failure, format and reinstall, now fails to boot.
Alright, these are two posts that I made on a different Windows 7 forum. Just trying to spread my effort to get the most replies possible. The first one was posted about a week ago after a few days of various issues leading up to catastrophic failure of the PC. The second post that I post as a...
TheNilvarg BSOD, App Crashes And Hangs 2 08-29-2011 01:52 AM
Frustrated - Slow load at "Starting windows"
Hi guys, I am facing a very frustrating issue that I went google for almost a month. Need you guys to tell me what is next step i should take to test my system or guide me with bios settings. -- My home PC's build: Biostar H61 Intel i3 3.1GHz 4gb kingston Ram x 1 piece
eladarea Windows 7 Support, Windows Vista Support 1 07-27-2011 11:37 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 01:29 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts