Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Slow Performance due to Malware

This is a discussion on Slow Performance due to Malware within the Resolved HJT Threads forums, part of the Tech Support Forum category. I went through the process of working with an analyst probably last year or so. My computer was then out


 
 
Thread Tools Search this Thread
Old 12-14-2008, 01:17 PM   #1
Guest
 
Join Date: Feb 2008
Posts: 31
OS:



I went through the process of working with an analyst probably last year or so. My computer was then out of my possession, being used by multiple users besides myself (loaned it to a friend). When I got the computer back, it was noticeably slower. It takes it a very long time to boot up, it takes a very long time to open programs, and my assumption is it is due to malware. There were not any out of the ordinary programs installed that I noticed, just a free pdf writer and dreamweaver (not sure if it was illegal or not, removed it since I do not need it). I just want to get the computer working better again. I just need it for the Internet and basic work applications (mainly MS Office). Any help will be greatly appreciated.



DDS (Version 1.0.1) - NTFSx86
Run by Jeff at 14:33:56.66 on Sun 12/14/2008
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.146 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Jeff\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.search.msn.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*https://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uCustomizeSearch = hxxp://ie.search.msn.com
uSearchAssistant = hxxp://ie.search.msn.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://www.yahoo.com
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [RealPlayer] "c:\program files\real\realplayer\realplay.exe" /RunUPGToolCommandReBoot
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [YBrowser] c:\program files\yahoo!\browser\ybrwicon.exe
mRun: [Wise-FTP Scheduler]
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\jeff\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\jeff\startm~1\programs\startup\memoni~1.lnk - c:\program files\verizon wireless\v cast music manager\MEMonitor.exe
StartupFolder: c:\docume~1\jeff\startm~1\programs\startup\picaboo.lnk - c:\program files\picaboo\picaboo\PicabooMain.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\2wirew~1.lnk - c:\program files\2wire wireless\client manager\CMTWO.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sonicc~1.lnk - c:\program files\common files\sonic shared\cinetray.exe
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jeff\applic~1\mozilla\firefox\profiles\mtob2kco.default\
FF - prefs.js: browser.startup.homepage - www.gmail.com

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-25 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-2-9 26824]
R1 Cinemsup;Cinemsup;c:\windows\system32\drivers\Cinemsup.sys [2002-7-19 6656]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-4-3 127768]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-2-10 394952]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-5-25 231704]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service []
R3 ati2mtai;ati2mtai;c:\windows\system32\drivers\ati2mtai.sys [2004-4-25 346752]
R3 maestro;ESS Maestro Audio Driver (WDM);c:\windows\system32\drivers\es198xdl.sys [2004-4-25 414400]
R3 wltwo48b;2Wire Wireless PC Card Driver;c:\windows\system32\drivers\wltwo48b.sys [2004-4-25 170496]
S3 atimtai;atimtai;c:\windows\system32\drivers\atimtai.sys [2004-4-25 281600]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.sys [2008-2-8 44928]

=============== Created Last 30 ================

2008-12-14 00:06 <DIR> --d----- c:\program files\Windows Media Connect 2

==================== Find3M ====================

2008-12-14 14:33 29,485,088 a--sh--- c:\windows\system32\drivers\fidbox.dat
2008-12-14 01:58 345,788 a--sh--- c:\windows\system32\drivers\fidbox.idx
2008-06-06 12:16 56,912 a------- c:\documents and settings\jeff\g2mdlhlpx.exe
2006-10-29 18:25 37,864 ac------ c:\docume~1\jeff\applic~1\GDIPFONTCACHEV1.DAT
2004-12-01 00:25 286 ac------ c:\program files\asd.hta
2008-08-26 19:49 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2008-08-26 19:49 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2008-08-26 19:49 49,152 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 14:36:03.50 ===============
Attached Files
File Type: zip Attach.zip (3.0 KB, 14 views)
File Type: zip ark.zip (1.9 KB, 16 views)
jmsims2 is offline  
Sponsored Links
Advertisement
 
Old 12-19-2008, 08:40 AM   #2
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Hello -

Form looking at your logs, I would say that the slowdown is not due to malware, but due to the machine's specs and what you're running on it, namely AVG and ZoneAlarm, both resource hungry.

Quote:
Install Date: 4/25/2004 6:15:37 PM
Quite an older machine at this point.

Quote:
Processor: Intel Pentium III processor | Microprocessor | 798/100mhz
Older processor, and somewhat tired by now.

Quote:
512MB RAM
Bare minimum for Windows XP. 1GB would be better, but I'm not sure if your motherboard supports more.
Quote:
C: is FIXED (NTFS) - 19 GiB total, 1.201 GiB free.
Not enough free space. Windows XP requires 15% of free drive space.

A slow machine is not always a product of infection. I don't see any sign of active infection

Please see this sticky topic:

https://www.techsupportforum.com/f174...ow-247567.html

If nothing there helps...

Disconnected from the internet, try it without ZoneAlarm. Then, try it without AVG. If there's a noticeable difference in boot times and performance after uninstalling one, or both...you have your answer. There are other solutions with lighter resource demands.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 12-23-2008, 10:43 AM   #3
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Since this issue appears to be resolved, this topic will now be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

https://www.techsupportforum.com/secu...oval-help.html
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 12:15 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts