User Tag List

Computer slow at times

This is a discussion on Computer slow at times within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. Hi. My computer runs slowly from time to time. In fact it all but locks up. I cannot access anything


 
 
Thread Tools Search this Thread
Old 01-31-2009, 05:31 PM   #1
Guest
 
Join Date: Jan 2009
Posts: 1
OS:


Idea

Hi. My computer runs slowly from time to time. In fact it all but locks up. I cannot access anything until whatever is happening finishes. This is random and I have not related it to anything in particular except that it seems to happen when I first log in and a reboot seems to solve it.

I have chased out various suspicious programs with CA Security Center (AV and Anti-spyware) and Spy-Bot SD. It's only recently that things have started slowing down and I started wondering about rootkits and thereby ran across this site. Below is my DDS log. The zip is attached.

Is there anything that looks suspicious in these files?


DDS (Ver_09-01-18.01) - NTFSx86
Run by RDC at 17:40:28.73 on Sat 01/31/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1558 [GMT -6:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated)
FW: Sygate Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Sygate\SPF\smc.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.DesktopManagement.Host.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\RDC\Desktop\MY PC's CRAP\ROOT KIT FINDER STUFF\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
mRun: [SmcService] c:\progra~1\sygate\spf\smc.exe -startgui
mRun: [Matrox PowerDesk SE] "c:\program files\matrox graphics inc\powerdesk se\Matrox.PowerDesk SE.exe"
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [CaPPcl] c:\program files\ca\ca internet security suite\ca anti-spyware\CAAntiSpyware.exe /scan /startup
StartupFolder: c:\documents and settings\rdc\start menu\programs\startup\micros~1.lnk - c:\windows\installer\{91120000-0030-0000-0000-0000000ff1ce}\outicon.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\VetRedir.dll
TCP: {0179564A-45E5-4718-B683-04D4CE9D0CD4} = 204.127.203.135,216.148.225.135
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\documents and settings\rdc\application data\mozilla\firefox\profiles\e9h966k8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2008-11-28 26352]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2008-11-28 21104]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2008-11-28 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2008-11-28 21488]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2008-11-28 32240]
R3 miniqic;miniqic;c:\windows\system32\drivers\miniqic.sys [2008-5-17 6528]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2008-11-28 185584]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2008-11-28 108368]
R4 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2008-11-28 144696]
R4 ETDrv;ETDrv;c:\windows\system32\drivers\ETDrv.sys [2008-9-7 151476]
R4 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-12-25 47640]
R4 Matrox Centering Service;Matrox Centering Service;c:\program files\matrox graphics inc\powerdesk\services\Matrox.PowerDesk.Services.exe [2008-9-19 1262336]
R4 Matrox.Pdesk.ServicesHost;Matrox.Pdesk.ServicesHost;c:\program files\matrox graphics inc\powerdesk se\Matrox.Pdesk.ServicesHost.exe [2008-9-19 343296]
R4 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
R4 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2008-11-28 255216]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-12-3 24652]
S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [2008-5-17 166720]
S3 UtilNT;UtilNT;c:\windows\system32\drivers\utilnt.sys [2008-9-11 5533]
S4 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2008-12-5 935208]
S4 vsdatant;vsdatant; [x]

=============== Created Last 30 ================

2009-01-26 21:12 <DIR> --d----- c:\windows\IIS Temporary Compressed Files
2009-01-26 21:10 <DIR> --d----- C:\Inetpub
2009-01-25 16:30 <DIR> --d----- C:\PerfLogs
2009-01-24 22:13 <DIR> --d----- c:\windows\pss
2009-01-18 13:21 250 -------- c:\windows\gmer.ini
2009-01-18 12:22 <DIR> --dshr-- C:\cmdcons
2009-01-18 12:22 <DIR> --d----- c:\windows\setup.pss
2009-01-18 12:22 <DIR> --d----- c:\windows\setupupd
2009-01-11 20:09 <DIR> --d----- c:\program files\Creative
2009-01-11 11:28 <DIR> --d----- c:\documents and settings\rdc\.JDiskReport
2009-01-10 20:24 4,767 -------- c:\windows\Irremote.ini
2009-01-10 15:07 <DIR> --d----- c:\documents and settings\all users\application data\Nero
2009-01-10 14:48 <DIR> --d----- c:\windows\system32\XPSViewer
2009-01-10 14:46 14,048 -------- c:\windows\system32\spmsg2.dll
2009-01-10 13:01 69 -------- c:\windows\NeroDigital.ini
2009-01-10 12:53 16 -------- c:\windows\wininit.ini
2009-01-09 21:31 12,540 -------- c:\windows\system32\wpa.bak

==================== Find3M ====================

2008-12-11 04:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-04 20:09 410,984 -------- c:\windows\system32\deploytk.dll
2008-11-22 12:36 4,240 -------- c:\windows\system32\d3d9caps.dat
2008-11-15 15:56 60,744 -------- c:\documents and settings\rdc\g2mdlhlpx.exe
2008-09-06 22:01 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090620080907\index.dat

============= FINISH: 17:41:20.75 ===============
Attached Files
File Type: zip Attach.zip (4.3 KB, 28 views)
rcordell is offline  
Sponsored Links
Advertisement
 
Old 02-26-2009, 05:45 AM   #2
TSF-Emeritus
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Hello and welcome to TSF.

Apologies for the late response.

If you still require assistance, we would like to see the latest state of your system. So, please post a fresh DDS log as it has been a while since you posted, and we'll take it from there.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I donít hear from you in three days this thread will be closed.
__________________

amateur is offline  
Old 03-02-2009, 07:32 PM   #3
TSF-Emeritus
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

https://www.techsupportforum.com/secu...oval-help.html
__________________

amateur is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 06:07 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts