Scan's / Log's clean..CPU SLOW!! Just re-loaded vista..its slow like a trojan

RedJako · 06-05-2009, 04:36 PM

Hiya,

I had my cpu crash: of which two other threads give a background:
http://www.techsupportforum.com/micr...sing-data.html
http://www.techsupportforum.com/micr...pre-vista.html

I ended up just re-loading vista, losing all of my c: data. I re-loaded all my other programs, my backup data, and it seemed fine. My installation of MS Office went poorly, as I forgot to first remove the "trial" edition, and overlapped installed the Licensed edition..I was unable to remove the trial edition after this, and tried a few manual removes to free up some space.

I mention this only because its the only thing I can think of which is slowing down my cpu, to a Crawl. Load / starting up takes ~10 minutes before I can actively search or use a program, sometimes (even now doing the scan's / logs) everything slows to a crawl.

My c: has ~40 gig free out of 110 gig, it is defragged every month.
MOST of my problems also seem to have started when I switched over from Kaspersky (paid), to Comodo (latest). I uninstalled Kaspersky first of course, but maybe Comodo is just a huge resource hog?

Also running spybot (safesurf only, spybot S & D is only used for a scan every now and then, not actively in the background), SAS (scan only, non-real time), CCleaner.

Windows security alerts are always on, saying I don't have user-control activated..though it detects my spyware / Comodo firewall (it didn't for a few weeks).

All my scans, including comodo, spybot, SAS only find "tracking cookies," no trojan's apparently...

Procexp.exe seems to catch svchost.exe taking up monster amounts of resources, and strange tcp/ip connections which I kill through Comodo.

Vista 32 bit, 2gig ram laptop.

Logs are below, much appreciated, I have begun editing movies, trying to transcript things (this is my work computer) and it has never run so slow...and its just coming off of a fresh restore!

Thanks.

Note: attaching ark, attach logs, posting dds.txt, AND ark scan for my d (partition, which survived the restore), and external drive h in case anything undue is evident.

DDS:

DDS (Ver_09-05-14.01) - NTFSx86
Run by XL at 15:52:02.64 on Fri 06/05/2009
Internet Explorer: 7.0.6000.16830 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2046.943 [GMT -6:00]

AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Toshiba\IVP\ISM\ivpsvmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\XL\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [COMODO SafeSurf] "c:\program files\comodo\safesurf\cssurf.exe" -s
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /install
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [1A:Stardock TrayMonitor]
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRunServices: [1A:Stardock TrayMonitor]
mPolicies-system: EnableLUA = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\windows\system32\cssdll32.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\xl\appdata\roaming\mozilla\firefox\profiles\mcupcdim.default\
FF - component: c:\users\xl\appdata\roaming\mozilla\firefox\profiles\mcupcdim.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\users\xl\appdata\roaming\mozilla\firefox\profiles\mcupcdim.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

============= SERVICES / DRIVERS ===============

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-2-22 130080]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-2-22 28704]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-2-22 1153368]
S2 Apache2.2;Apache2.2;"d:\bloggin\xampp\apache\bin\apache.exe" -k runservice --> d:\bloggin\xampp\apache\bin\apache.exe [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]

=============== Created Last 30 ================

2009-06-04 16:26 272 a------- c:\windows\system32\drivers\sfi.dat
2009-06-04 15:33 <DIR> --d----- C:\Hijackthis
2009-05-28 15:07 <DIR> --d----- c:\program files\IrfanView
2009-05-26 08:44 <DIR> --d----- c:\users\xl\appdata\roaming\Windows Live Writer
2009-05-26 08:33 <DIR> --d----- c:\program files\Microsoft
2009-05-26 08:32 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-05-26 08:30 <DIR> --d----- c:\program files\common files\Windows Live
2009-05-20 00:04 <DIR> --d----- c:\windows\pss
2009-05-19 02:52 517 a------- c:\windows\my.ini
2009-05-18 23:36 376,832 a------- c:\windows\system32\winhttp.dll
2009-05-18 23:34 72,704 a------- c:\windows\system32\secur32.dll
2009-05-18 23:34 1,233,408 a------- c:\windows\system32\lsasrv.dll
2009-05-18 23:34 7,680 a------- c:\windows\system32\lsass.exe
2009-05-18 23:34 25,600 a------- c:\windows\system32\amxread.dll
2009-05-18 23:34 14,848 a------- c:\windows\system32\apilogen.dll
2009-05-12 02:17 <DIR> --d----- c:\users\xl\appdata\roaming\Intel

==================== Find3M ====================

2009-06-04 16:35 105,938 a------- c:\programdata\nvModes.dat
2009-06-04 16:35 105,938 a------- c:\progra~2\nvModes.dat
2009-06-04 15:30 168,208 a------- c:\windows\system32\guard32.dll
2009-06-04 15:30 28,704 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-06-04 15:30 130,080 a------- c:\windows\system32\drivers\cmdguard.sys
2009-06-04 05:12 22,328 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-04 05:12 107,832 a------- c:\windows\system32\PnkBstrB.exe
2009-05-30 09:16 86,016 a------- c:\windows\inf\infstrng.dat
2009-05-30 09:16 86,016 a------- c:\windows\inf\infstor.dat
2009-05-30 09:16 51,200 a------- c:\windows\inf\infpub.dat
2009-05-18 23:34 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-05-18 23:29 72,704 a------- c:\windows\system32\admparse.dll
2009-05-18 23:29 826,368 a------- c:\windows\system32\wininet.dll
2009-05-18 23:29 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-05-18 23:28 78,336 a------- c:\windows\system32\ieencode.dll
2009-05-18 23:28 48,128 a------- c:\windows\system32\mshtmler.dll
2009-05-18 23:28 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-05-18 23:28 56,320 a------- c:\windows\system32\iesetup.dll
2009-03-12 01:45 8,147,968 a------- c:\windows\system32\wmploc.DLL
2009-03-12 01:45 7,680 a------- c:\windows\system32\spwmp.dll
2009-03-12 01:45 4,096 a------- c:\windows\system32\dxmasf.dll
2009-03-12 01:45 269,824 a------- c:\windows\system32\schannel.dll
2009-03-12 01:44 2,028,032 a------- c:\windows\system32\win32k.sys
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-03 04:31 22,328 a------- c:\users\xl\appdata\roaming\PnkBstrK.sys
2009-02-23 04:02 665,600 a------- c:\windows\inf\drvindex.dat
2009-02-22 19:27 174 a--sh--- c:\program files\desktop.ini
2009-02-22 19:03 41,954 a------- c:\users\xl\appdata\roaming\nvModes.dat
2007-05-30 22:40 262,144 a------- c:\progra~2\ntuser.dat
2006-11-02 06:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 06:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 06:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 06:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 03:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 03:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 03:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 03:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 15:55:11.18 ===============

ARK for partition D, External drive H

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-05 16:21:26
Windows 6.0.6000

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x8DA1B0FA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x8DA1C0A8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcCreatePort [0x8DA1B2E0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x8DA1A472]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x8DA1ACB6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0x8DA1A150]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x8DA1AB0C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x8DA1BD7E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x8DA19D16]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0x8DA19A78]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x8DA1BA00]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x8DA1A6F6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x8DA1AEEE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0x8DA197A8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x8DA1A986]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0x8DA19920]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x8DA1A26E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0x8DA1B79C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x8DA1BBAE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x8DA1A690]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x8DA1A87A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0x8DA1A01A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x8DA19EE8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x8DA1B3EC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateUserProcess [0x8DA1C338]

INT 0x51 ? 863E2BF8
INT 0x52 ? 863E2BF8
INT 0x62 ? 863E2BF8
INT 0x72 ? 85215BF8
INT 0x82 ? 85215BF8
INT 0x92 ? 85215BF8
INT 0x92 ? 85215BF8
INT 0x92 ? 85215BF8
INT 0x92 ? 863E2BF8
INT 0x92 ? 85215BF8
INT 0xA2 ? 863E2BF8
INT 0xA2 ? 863E2BF8
INT 0xA2 ? 863E2BF8

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8521B1F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 852171F8
Device \Driver\usbuhci \Device\USBPDO-0 862D31F8
Device \Driver\usbuhci \Device\USBPDO-1 862D31F8
Device \Driver\usbehci \Device\USBPDO-2 862D2500
Device \Driver\usbuhci \Device\USBPDO-3 862D31F8
Device \Driver\usbuhci \Device\USBPDO-4 862D31F8

AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

Device \Driver\usbuhci \Device\USBPDO-5 862D31F8
Device \Driver\usbehci \Device\USBPDO-6 862D2500
Device \Driver\volmgr \Device\HarddiskVolume1 852171F8
Device \Driver\volmgr \Device\HarddiskVolume2 852171F8
Device \Driver\cdrom \Device\CdRom0 863081F8
Device \Driver\sptd \Device\2304111459 spjj.sys
Device \Driver\volmgr \Device\HarddiskVolume3 852171F8
Device \Driver\cdrom \Device\CdRom1 863081F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 852191F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 852191F8
Device \Driver\atapi \Device\Ide\IdePort0 852191F8
Device \Driver\atapi \Device\Ide\IdePort1 852191F8
Device \Driver\atapi \Device\Ide\IdePort2 852191F8
Device \Driver\atapi \Device\Ide\IdePort3 852191F8
Device \Driver\atapi \Device\Ide\IdePort4 852191F8
Device \Driver\msahci \Device\Ide\PciIde1Channel0 8521A1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel1 8521A1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel2 8521A1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-6 852191F8
Device \Driver\volmgr \Device\HarddiskVolume4 852171F8
Device \Driver\USBSTOR \Device\00000075 8EADF500
Device \Driver\netbt \Device\NetBT_Tcpip_{8DB76D22-5AA3-4E78-AD66-13D22A442E49} 8E076500
Device \Driver\netbt \Device\NetBT_Tcpip_{2834E2BC-F460-4B8E-A197-F60CF653B3D4} 8E076500
Device \Driver\USBSTOR \Device\00000077 8EADF500
Device \Driver\netbt \Device\NetBt_Wins_Export 8E076500
Device \Driver\Smb \Device\NetbiosSmb 8E2021F8
Device \Driver\PCI_PNP3441 \Device\0000004c spjj.sys
Device \Driver\iScsiPrt \Device\RaidPort0 8637B1F8

AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

Device \Driver\usbuhci \Device\USBFDO-0 862D31F8
Device \Driver\usbuhci \Device\USBFDO-1 862D31F8
Device \Driver\usbehci \Device\USBFDO-2 862D2500
Device \Driver\usbuhci \Device\USBFDO-3 862D31F8
Device \Driver\usbuhci \Device\USBFDO-4 862D31F8
Device \Driver\usbuhci \Device\USBFDO-5 862D31F8
Device \Driver\usbehci \Device\USBFDO-6 862D2500
Device \Driver\aexoq9yn \Device\Scsi\aexoq9yn1 8637F1F8
Device \Driver\aexoq9yn \Device\Scsi\aexoq9yn1Port6Path0Target0Lun0 8637F1F8
Device \FileSystem\cdfs \Cdfs 9EA5C1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x79 0xD4 0x68 0x0F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6E 0x9D 0xEA 0x91 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5A 0x76 0x79 0xA0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x79 0xD4 0x68 0x0F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6E 0x9D 0xEA 0x91 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5A 0x76 0x79 0xA0 ...

---- EOF - GMER 1.0.15 ----

More examples:

Recycling 200k of items, will sometimes "hang" for up to 2 minutes, freezing the system.

Loading two program's at once crashes one of the programs (doesn't crash Explorer though, no blue screen).

FREQUENTLY on shutting it down, or restarting, the system will hang for over TEN (longest was 15 min) minutes on "Windows is shutting down." I then manually hold down the power button to shut it off: note, no windows updates were updated on these shut downs.

Firefox freezes, then sits in the background of the processes, but cannot be reloaded unless I manually close the process.

This happens frequently to many programs.

Ever since the restore, its been slow, but has gotten progressively Slower.

Ried · 06-08-2009, 09:18 AM

Hello RedJako,

I'm not seeing any malware here. You'd be better served discussing this with the folks in our Windows XP Support section

RedJako · 06-09-2009, 06:51 AM

Thank you for the reply :)

Ried · 06-09-2009, 02:09 PM

You're welcome, RedJako. Good luck.

06-08-2009, 09:18 AM	#2 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,925 OS: WinXP and Vista	Re: Scan's / Log's clean..CPU SLOW!! Just re-loaded vista..its slow like a trojan Hello RedJako, I'm not seeing any malware here. You'd be better served discussing this with the folks in our Windows XP Support section __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

06-09-2009, 06:51 AM	#3 (permalink)
RedJako Registered User Join Date: Aug 2006 Posts: 23 OS: winXP SRVC PK 2	Re: Scan's / Log's clean..CPU SLOW!! Just re-loaded vista..its slow like a trojan Thank you for the reply :)

06-09-2009, 02:09 PM	#4 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,925 OS: WinXP and Vista	Re: Scan's / Log's clean..CPU SLOW!! Just re-loaded vista..its slow like a trojan You're welcome, RedJako. Good luck. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."