Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Poor Performance
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 07-28-2009, 03:20 PM   #1 (permalink)
Registered User
 
Join Date: Sep 2005
Location: Berkshire, England
Posts: 33
OS: Windows XP Home Edition SP2


Poor Performance
Here are my logs as requested (I hope I have these correctly formatted for you)
DDS (Ver_09-06-26.01) - NTFSx86
Run by Steve at 19:53:02.35 on 28/07/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.110 [GMT 1:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Dit.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Search Spider\searchspidersvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\997Y2WD3\dds[1].pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\BackWeb-8876480.exe
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [adobe] c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
mRun: [Lexmark X1100 Series] "c:\program files\lexmark x1100 series\lxbkbmgr.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Zone Labs Client] c:\program files\zone labs\zonealarm\zlclient.exe
mRun: [YeppStudioAgent] c:\program files\samsung\samsung media studio\SamsungMediaStudioAgent.exe
mRun: [SnoopFreeUI] SnoopFreeUI.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [vptray] c:\progra~1\symant~1\\vptray.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [Windows Services 32] shzhost.exe
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [Dit] Dit.exe
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\steve\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117004803140
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 SnoopFree;SnoopFree Driver;c:\windows\system32\drivers\SnopFree.sys [2007-1-8 9472]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-9-17 368256]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-6-9 255096]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-6-9 242808]
R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
R2 SearchSpiderSvc;SearchSpiderSvc;c:\program files\search spider\searchspidersvc.exe [2009-7-15 552960]
R2 SnoopFreeSvc;Snoop Free Service;System32\SnoopFreeSvc.exe --> System32\SnoopFreeSvc.exe [?]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2004-8-2 1267024]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2005-5-24 1287296]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090728.007\naveng.sys [2009-7-28 87888]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090728.007\navex15.sys [2009-7-28 875728]
S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-5-24 945152]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [2005-5-24 17408]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-6-9 87160]
S3 PRISM_A00;CREATIX 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [2005-5-24 380736]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2004-8-2 173392]
S3 UKBFLT;UKBFLT;c:\windows\system32\drivers\UKBFLT.sys [2005-9-4 11672]

=============== Created Last 30 ================

2009-07-25 16:32 54,156 a---h--- c:\windows\QTFont.qfn
2009-07-25 16:32 1,409 a------- c:\windows\QTFont.for
2009-07-17 21:07 473 a------- c:\windows\system32\nodes.txt.tmp
2009-07-15 18:49 <DIR> --d----- c:\program files\Search Spider
2009-07-15 18:49 <DIR> --d----- c:\program files\BestShoppingTipsProgram
2009-07-11 23:19 3,248 a------- c:\windows\system32\wbem\Outlook_01ca0275ae161a56.mof

==================== Find3M ====================

2009-07-28 18:50 17,408 a------- c:\windows\system32\drivers\USBCRFT.SYS
2009-07-25 09:27 12,825 ac------ c:\program files\hijackthis.log
2009-06-16 15:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 15:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-03 20:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-07 16:32 345,600 a------- c:\windows\system32\localspl.dll
2005-09-12 20:50 5,037,072 a------- c:\program files\spybotsd14.exe
2005-09-12 20:02 857,915 a------- c:\program files\vx2cleaner_inst.exe
2005-09-12 19:54 2,855,080 a------- c:\program files\aawsepersonal.exe
2005-09-04 17:10 0 ac------ c:\docume~1\steve\applic~1\wklnhst.dat
2005-02-16 12:06 218,112 a------- c:\program files\HijackThis.exe
2005-05-25 07:53 8 ---shr-- c:\windows\system32\4DE4EA680E.sys
2005-05-25 07:53 4,704 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 19:54:15.59 ===============
Attached Files
File Type: zip ark.zip (747 Bytes, 3 views)
File Type: zip Attach.zip (3.9 KB, 4 views)
UK014907 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 08-03-2009, 02:55 AM   #2 (permalink)
Registered User
 
Join Date: Sep 2005
Location: Berkshire, England
Posts: 33
OS: Windows XP Home Edition SP2


Re: Poor Performance (Bump Please)
Bump Please. If I have any detail wrong, please let me know and I will re-submit.
Thanks
Steve
UK014907 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-03-2009, 10:54 PM   #3 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,941
OS: WinXP and Vista


Re: Poor Performance
Hello Steve and thank you for your patience.

I'm not seeing any malware in your logs. Could you be a bit more specific in regard to 'poor performance'?
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-04-2009, 02:54 AM   #4 (permalink)
Registered User
 
Join Date: Sep 2005
Location: Berkshire, England
Posts: 33
OS: Windows XP Home Edition SP2


Re: Poor Performance
Hi Ried,
It is difficult to be specific as the performance degredation is sporadic, but at times it takes nearly 20 minutes to get up and running and at other times programs just dump for no apparent reason. I run all the anti-virus checks, malware and spyware checks on a regular basis to keep clean. I also run CCLEANER and CleanuP on a regular basis but again, everything seems to take longer and longer to run.

Just a thought, but are the svchost.exe legitimate?

Another thought is that perhaps we have got too many processes running? Soem of them, I do not recognise.

Thanks for your help

Steve
UK014907 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-04-2009, 10:44 AM   #5 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,941
OS: WinXP and Vista


Re: Poor Performance
Hi Steve,

My apologies, looking over the logs again, I see that I missed a glaring malware entry.

Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.


***************************************************


First, you have 2 undesirable programs that should be uninstalled. Uninstall the following via the Add/Remove Panel (Start->Control Panel->Add or Remove Programs)

BestShoppingTipsProgram http://www.systemlookup.com/search.p...ingTipsProgram
SearchSpider http://www.systemlookup.com/search.p...h=SearchSpider

Do not reboot yet.

============================================


Download Combofix from any of the links below, and save it to your desktop.


Link 1
Link 2


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you are unsure how to do this, please see this link http://www.bleepingcomputer.com/forums/topic114351.html

====================================================


Double click on combofix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-08-2009, 08:24 AM   #6 (permalink)
Registered User
 
Join Date: Sep 2005
Location: Berkshire, England
Posts: 33
OS: Windows XP Home Edition SP2


Re: Poor Performance
Hi Ried, here is the requested Combofix log as requested. I hope this helps you.
Thanks for your patience and support.
Steve

ComboFix 09-08-07.09 - Steve 08/08/2009 14:47.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.188 [GMT 1:00]
Running from: c:\documents and settings\Steve\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Steve\LOCALS~1\Temp\IadHide4.dll
c:\documents and settings\All Users\Start Menu\Programs\Windows Live Messenger .lnk
c:\documents and settings\Charlotte\Application Data\alot
c:\documents and settings\Lynda.COMPUTER\Application Data\alot
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Button_0\Button_0.xml
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Button_0\Button_0.xml.backup
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Button_1\Button_1.xml
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Button_1\Button_1.xml.backup
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Button_2\Button_2.xml
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Button_2\Button_2.xml.backup
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Button_3\Button_3.xml
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Button_3\Button_3.xml.backup
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Button_4\Button_4.xml
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Button_4\Button_4.xml.backup
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Button_5\Button_5.xml
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Button_5\Button_5.xml.backup
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Button_6\Button_6.xml
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Button_6\Button_6.xml.backup
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Button_7\Button_7.xml
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Button_7\Button_7.xml.backup
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Button_8\Button_8.xml
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Button_8\Button_8.xml.backup
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\configurator\configurator.xml
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\configurator\configurator.xml.backup
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\contextMenu\contextMenu.xml
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\contextMenu\contextMenu.xml.backup
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\postInstallLayout\postInstallLayout.xml
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\products\products.xml
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\products\products.xml.backup
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Resources\BrowserSearch\images\favicon.ico
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Resources\Button_0\images\alot_logo_button.png
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Resources\Button_1\images\alot_search_button.png
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Resources\Button_2\images\default_1238_alot_rec_recipesearch.bmp
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Resources\Button_2\images\default_1238_alot_rec_recipesearch.png
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Resources\Button_3\images\default_1007_alot_weather_widget.bmp
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Resources\Button_3\images\default_1007_alot_weather_widget.png
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Resources\Button_4\images\default_1244_alot_rec_recipenews.bmp
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Resources\Button_4\images\default_1244_alot_rec_recipenews.png
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Resources\Button_5\images\default_1248_alot_rec_cupboard.bmp
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Resources\Button_5\images\default_1248_alot_rec_cupboard.png
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Resources\Button_6\images\default_1105_alot_recipe_videos.bmp
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Resources\Button_6\images\default_1105_alot_recipe_videos.png
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Resources\Button_7\images\default_2009_health.com_button.bmp
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Resources\Button_7\images\default_2009_health.com_button.png
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Resources\Button_8\images\default_1795_alot_configure.bmp
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Resources\Button_8\images\default_1795_alot_configure.png
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Resources\contextMenu\images\alot_icon.bmp
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Resources\contextMenu\images\alot_icon.png
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Resources\Shared\domains.dat
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Resources\Shared\images\alot_brand.png
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Resources\Shared\images\alot_splitter.png
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Resources\Shared\images\spinner.bmp
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Resources\Shared\images\widget_caption.bmp
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Resources\Shared\images\widget_error_close.bmp
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\TimerManager\TimerManager.xml
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\TimerManager\TimerManager.xml.backup
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\toolbar.xml
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\toolbar.xml.backup
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Updater\Updater.xml
c:\documents and settings\Lynda.COMPUTER\Application Data\alot\Updater\Updater.xml.backup
c:\documents and settings\Lynda.COMPUTER\Start Menu\Programs\PlayMP3z
c:\documents and settings\Lynda.COMPUTER\Start Menu\Programs\PlayMP3z\Run PlayMP3z.pif
c:\documents and settings\Steve\Local Settings\Temp\IadHide4.dll
c:\program files\alot
c:\program files\alot\alotUninst.exe
c:\program files\alot\bin\alot.dll
C:\restore
c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\lusrsh.exe
c:\windows\fxstaller.exe
c:\windows\Installer\733d09.msp
c:\windows\Installer\d02edc.msp
c:\windows\Installer\WinRMSrv.msi
c:\windows\system32\dumphive.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((( Files Created from 2009-07-08 to 2009-08-08 )))))))))))))))))))))))))))))))
.

2009-07-31 20:20 . 2005-02-14 09:57 32768 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\Sony Ericsson PC Suite\LiveUpdate\Temp\CleanBuild.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-08 14:13 . 2005-09-12 07:03 -------- d-----w- c:\program files\Symantec AntiVirus
2009-08-08 14:10 . 2008-06-04 12:06 -------- d-----w- c:\documents and settings\Steve\Application Data\Skype
2009-08-08 14:04 . 2005-05-24 14:27 17408 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS
2009-08-08 13:20 . 2008-06-04 12:08 -------- d-----w- c:\documents and settings\Steve\Application Data\skypePM
2009-08-08 13:19 . 2009-07-17 20:07 68 ----a-w- c:\windows\system32\nodes.txt.tmp
2009-08-08 13:15 . 2009-08-08 13:15 35546 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2009_08_07_18_55_29_small.dmp.zip
2009-08-07 10:40 . 2009-06-30 19:18 -------- d-----w- c:\documents and settings\Lynda.COMPUTER\Application Data\LimeWire
2009-08-07 10:34 . 2009-08-07 10:34 35887 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2009_08_07_11_32_19_small.dmp.zip
2009-08-06 18:29 . 2009-08-06 18:29 36210 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2009_08_06_19_27_39_small.dmp.zip
2009-08-06 18:27 . 2009-08-06 18:27 34339 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2009_08_06_18_42_42_small.dmp.zip
2009-08-06 17:42 . 2009-08-06 17:42 34211 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2009_08_06_11_54_22_small.dmp.zip
2009-08-06 10:52 . 2009-08-06 10:52 11127596 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2009_08_06_10_59_32_full.dmp.zip
2009-08-05 20:31 . 2009-08-05 20:31 35308 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2009_08_05_21_29_17_small.dmp.zip
2009-08-04 14:28 . 2009-08-04 14:28 37134 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2009_08_04_15_28_02_small.dmp.zip
2009-08-04 14:26 . 2009-08-04 14:26 35763 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2009_08_03_18_26_10_small.dmp.zip
2009-08-04 14:26 . 2009-08-04 14:26 37968 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2009_08_03_18_25_43_small.dmp.zip
2009-07-30 19:38 . 2009-07-31 20:17 3033600 ----a-w- c:\windows\Internet Logs\xDB1E.tmp
2009-07-30 19:00 . 2008-03-06 17:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-30 18:59 . 2005-09-18 11:33 -------- d-----w- c:\program files\SpywareBlaster
2009-07-30 18:55 . 2005-09-12 19:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-30 18:14 . 2007-01-05 22:05 -------- d-----w- c:\program files\CleanUp!
2009-07-25 08:27 . 2007-05-31 19:30 12825 -c--a-w- c:\program files\hijackthis.log
2009-07-16 10:53 . 2007-10-07 12:28 -------- d-----w- c:\documents and settings\Charlotte\Application Data\Skype
2009-07-11 19:35 . 2007-05-07 11:32 -------- d-----w- c:\documents and settings\Steve\Application Data\LimeWire
2009-06-30 19:18 . 2007-05-07 11:31 -------- d-----w- c:\program files\LimeWire
2009-06-26 18:17 . 2005-09-04 15:55 -------- d-----w- c:\program files\Lexmark X1100 Series
2009-06-26 16:50 . 2004-08-04 12:00 666624 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-23 19:51 . 2009-06-24 18:25 3068928 ----a-w- c:\windows\Internet Logs\xDB1D.tmp
2009-06-20 10:03 . 2009-06-20 10:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-06-19 19:48 . 2009-06-19 19:48 -------- d-----w- c:\program files\Messenger Plus! Live
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-08 19:05 . 2006-11-26 16:41 24605534 -c--a-w- c:\windows\Internet Logs\tvDebug.zip
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-31 13:09 . 2005-10-17 18:37 66360 ----a-w- c:\documents and settings\Charlotte\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-09-12 19:50 . 2005-09-12 19:50 5037072 ----a-w- c:\program files\spybotsd14.exe
2005-09-12 19:02 . 2005-09-12 19:02 857915 ----a-w- c:\program files\vx2cleaner_inst.exe
2005-09-12 18:54 . 2005-09-12 18:54 2855080 ----a-w- c:\program files\aawsepersonal.exe
2005-02-16 11:06 . 2007-01-05 18:50 218112 ----a-w- c:\program files\HijackThis.exe
2005-05-25 06:53 . 2005-05-25 06:53 8 --sh--r- c:\windows\system32\4DE4EA680E.sys
2005-05-25 06:53 . 2005-05-25 06:53 4704 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2009-01-27 20480]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-24 344064]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-06-09 66680]
"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-08-29 980736]
"YeppStudioAgent"="c:\program files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2005-09-12 40960]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-11-14 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-11-15 267048]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-05-27 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-10-10 53248]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-17 136600]
"vptray"="c:\progra~1\SYMANT~1\\vptray.exe" [2004-08-02 124232]
"SnoopFreeUI"="SnoopFreeUI.exe" - c:\windows\SnoopFreeUI.exe [2007-01-08 221184]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952]
"Dit"="Dit.exe" - c:\windows\Dit.exe [2004-07-20 90112]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-03-08 88203]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\Steve\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-1-27 450560]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\NetMeeting\\Conf.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Documents and Settings\\Charlotte\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [24/05/2005 14:01 1287296]
S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [24/05/2005 15:26 945152]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [24/05/2005 15:27 17408]
S3 PRISM_A00;CREATIX 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [24/05/2005 14:01 380736]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [02/08/2004 19:36 173392]
S3 UKBFLT;UKBFLT;c:\windows\system32\drivers\UKBFLT.sys [04/09/2005 11:30 11672]
.
Contents of the 'Scheduled Tasks' folder

2009-08-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2009-08-08 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2009-08-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Windows Services 32 - shzhost.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-08 15:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(548)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3120)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\SnoopFreeSvc.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Lexmark X1100 Series\lxbkbmon.exe
c:\windows\system32\rundll32.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\SpywareGuard\sgbhp.exe
c:\program files\Symantec AntiVirus\VPTray.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2009-08-08 15:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-08 14:18

Pre-Run: 92,826,923,008 bytes free
Post-Run: 93,468,848,128 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
302 --- E O F --- 2009-08-07 18:02
UK014907 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-08-2009, 08:45 AM   #7 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,941
OS: WinXP and Vista


Re: Poor Performance
You're welcome. The 'glaring' entry I saw was orphaned, so nothing to be too concerned about there. Is there any improvement since uninstalling those programs and running ComboFix?
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-31-2009, 10:05 AM   #8 (permalink)
Registered User
 
Join Date: Sep 2005
Location: Berkshire, England
Posts: 33
OS: Windows XP Home Edition SP2


Re: Poor Performance
Hi Ried, sorry for the delay in responding, we have been away. Since returning, though, I can't really see any improvement in responses.
Is there anything else I should do?

ps My daughter is hassling me as Limewire is not working, I assume this is something that Combofix has done. Right?

Best Wishes

Steve
UK014907 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-01-2009, 10:06 PM   #9 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,941
OS: WinXP and Vista


Re: Poor Performance
Hi Steve,

No, ComboFix did not do anything to Limewire and forgive me, but if she using it for music and video file sharing, I'm not too concerned about getting it working for her. It's likely the source of all the troubles here.

Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.


We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections.

Have her take a look at our sticky topic Perils of P2P file sharing


That being said, since it has been so long, I'll need to see a new dds.txt. Please run a scan with dds.scr and post a fresh log.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-06-2009, 05:39 AM   #10 (permalink)
Registered User
 
Join Date: Sep 2005
Location: Berkshire, England
Posts: 33
OS: Windows XP Home Edition SP2


Re: Poor Performance
Hi Ried, Daughters have their own agenda I am afraid and they are not normally responsible for sorting computer issues out. They see themsleves as users only.

Anyway, here is the DDS test with the ZIP file following:-
DDS (Ver_09-07-30.01) - NTFSx86
Run by Steve at 12:29:43.37 on 06/09/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.72 [GMT 1:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\STQJG52Z\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\BackWeb-8876480.exe
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Lexmark X1100 Series] "c:\program files\lexmark x1100 series\lxbkbmgr.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Zone Labs Client] c:\program files\zone labs\zonealarm\zlclient.exe
mRun: [YeppStudioAgent] c:\program files\samsung\samsung media studio\SamsungMediaStudioAgent.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [Dit] Dit.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [vptray] c:\progra~1\symant~1\\vptray.exe
mRun: [SnoopFreeUI] SnoopFreeUI.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\steve\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117004803140
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 SnoopFree;SnoopFree Driver;c:\windows\system32\drivers\SnopFree.sys [2009-8-8 9472]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-9-17 368256]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-6-9 255096]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-6-9 242808]
R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
R2 SnoopFreeSvc;SnoopFree Service;System32\SnoopFreeSvc.exe --> System32\SnoopFreeSvc.exe [?]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2004-8-2 1267024]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2005-5-24 1287296]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090905.004\naveng.sys [2009-9-6 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090905.004\navex15.sys [2009-9-6 1323568]
S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-5-24 945152]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [2005-5-24 17408]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-6-9 87160]
S3 PRISM_A00;CREATIX 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [2005-5-24 380736]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2004-8-2 173392]
S3 UKBFLT;UKBFLT;c:\windows\system32\drivers\UKBFLT.sys [2005-9-4 11672]

=============== Created Last 30 ================

2009-08-29 17:41 <DIR> --d----- c:\program files\YouTube Downloader
2009-08-16 10:33 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-08-16 10:29 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
2009-08-08 16:22 <DIR> --d----- c:\docume~1\steve\applic~1\IObit
2009-08-08 16:22 <DIR> --d----- c:\program files\IObit
2009-08-08 15:54 221,184 a------- c:\windows\SnoopFreeUI.exe
2009-08-08 15:54 90,112 a------- c:\windows\system32\SnoopFreeSvc.exe
2009-08-08 15:54 45,056 a------- c:\windows\SnoopFreeDll.dll
2009-08-08 15:54 9,472 a------- c:\windows\system32\drivers\SnopFree.sys
2009-08-08 15:16 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-08-08 14:44 <DIR> a-dshr-- C:\cmdcons
2009-08-08 14:41 216,064 a------- c:\windows\PEV.exe
2009-08-08 14:41 161,792 a------- c:\windows\SWREG.exe
2009-08-08 14:41 98,816 a------- c:\windows\sed.exe

==================== Find3M ====================

2009-09-06 12:15 17,408 a------- c:\windows\system32\drivers\USBCRFT.SYS
2009-08-05 10:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-25 09:27 12,825 ac------ c:\program files\hijackthis.log
2009-07-17 20:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-06-26 17:50 666,624 a------- c:\windows\system32\wininet.dll
2009-06-26 17:50 81,920 a------- c:\windows\system32\ieencode.dll
2009-06-25 09:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 09:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 09:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 09:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 09:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 09:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-16 15:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 15:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-12 13:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 15:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 07:14 132,096 a------- c:\windows\system32\wkssvc.dll
2005-09-12 20:50 5,037,072 a------- c:\program files\spybotsd14.exe
2005-09-12 20:02 857,915 a------- c:\program files\vx2cleaner_inst.exe
2005-09-12 19:54 2,855,080 a------- c:\program files\aawsepersonal.exe
2005-09-04 17:10 0 ac------ c:\docume~1\steve\applic~1\wklnhst.dat
2005-02-16 12:06 218,112 a------- c:\program files\HijackThis.exe
2005-05-25 07:53 8 ---shr-- c:\windows\system32\4DE4EA680E.sys
2005-05-25 07:53 4,704 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 12:30:34.95 ===============
Attached Files
File Type: zip Attach.zip (3.7 KB, 1 views)
UK014907 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-07-2009, 10:12 PM   #11 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,941
OS: WinXP and Vista


Re: Poor Performance
Hi Steve,


Quote:
Hi Ried, Daughters have their own agenda I am afraid and they are not normally responsible for sorting computer issues out. They see themsleves as users only.
Being a parent I do understand that, but also as a parent, I want to ensure you understand the consequences if they continue sharing music files or videos via LimeWire. It is illegal. In the topic I showed you earlier, take a moment to read these 2 links from that post:

Student Ordered to Pay $675,000 for Illegal Downloads

Woman Fined $222,000 for Music Sharing

======================================

I'm still not seeing any malware here. ZoneAlarm has been known to cause OS issues in the past. Uninstall it via the Control Panel>Add or Remove programs panel, and reboot.

If your poor performance issues persist, you would be better served discussing these issues with the folks in the Windows XP Support section of this forum.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-08-2009, 02:30 AM   #12 (permalink)
Registered User
 
Join Date: Sep 2005
Location: Berkshire, England
Posts: 33
OS: Windows XP Home Edition SP2


Re: Poor Performance
OK Thanks Ried.

I appreciate your support.

Best Wishes

Steve
UK014907 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 09:34 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85