Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

User Tag List

I followed instrucions.....

This is a discussion on I followed instrucions..... within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. Hi, Thank you in advance for your time and assistance. Unfortunately I am likely the very reason you have the


 
 
Thread Tools Search this Thread
Old 05-24-2012, 02:00 PM   #1
Registered Member
 
Join Date: May 2012
Posts: 2
OS: windows XP, tablet pc edition 2005 version 2002, service pack 3



Hi,
Thank you in advance for your time and assistance. Unfortunately I am likely the very reason you have the instructional warning. I just recently found this forum and this is my first post.

Computer: ThinkPad X61 tablet
OS: windows XP tablet pc edition 2005 version 2002, service pack 3
Mother Board: ?
CPU: intel(R) Core(TM)2 Duo CPU L7500 @1.6GHZ
Ram: 2.97GB
Web Browser: IE 8, Firefox 12 (default web browser)
I use Norton 360 but I am not wedded to it as I heard it may be part of the problem.

Problem:
My computer has become progressively slower in the past year or so. My guess is that it started when I upgraded (somewhat awkwardly) to service pack 3. I seem to be running an excessive number of processes and do experience the CPU spikes that others have spoken of. The first thread I read was "is your PC slow" I followed the steps as best I could but it is still quite slow. I temporarily downloaded spybot which did find issues though I do not recall the names. Please help.

Here are the requested files....
DDS.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by cody mitchell at 18:05:45 on 2012-05-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3046.2272 [GMT -7:00]
.
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Gunze\GZTP_Pack\GzSnd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
C:\Program Files\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Norton 360\Engine\5.2.1.3\ccSvcHst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ThinkPad\Tablet Shortcut\TSMService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
C:\Program Files\Norton 360\Engine\5.2.1.3\ccSvcHst.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AcroTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://lenovo.live.com
uStart Page = hxxp://lenovo.live.com
uInternet Settings,ProxyServer = 924-745-001-d:80
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.2.1.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.2.1.3\ips\IPSBHO.DLL
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.2.1.3\coIEPlg.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Akamai NetSession Interface] "c:\documents and settings\cody mitchell\local settings\application data\akamai\netsession_win.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [<NO NAME>]
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [GzSnd] %ProgramFiles%\Gunze\GZTP_Pack\GzSnd.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [LenovoAutoScrollUtility] c:\program files\lenovo\virtscrl\virtscrl.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [TabletWizard] c:\windows\help\SplshWrp.exe
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [PSQLLauncher] "c:\program files\thinkvantage fingerprint software\launcher.exe" /startup
mRun: [LENTBCTL] "c:\program files\thinkpad\tablet shortcut\LENTBCTL.EXE" /r
mRun: [TSMResident] "c:\program files\thinkpad\tablet shortcut\TSMRESIDENT.EXE" /r
mRun: [TabletButton] "c:\program files\thinkpad\tablet shortcut\TabletButton.EXE" /STARTUP
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{84D05BE9-F8E6-408E-B795-B81EDC7DC69D} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{99891C41-A7A5-4DAD-A61C-E7BC38FC5C2B} : DhcpNameServer = 75.75.75.75 75.75.76.76
Notify: igfxcui - igfxdev.dll
Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
Notify: TabBtnWL - TabBtnWL.dll
Notify: tpgwlnotify - tpgwlnot.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli psqlpwd c:\program files\thinkvantage fingerprint software\psqlpwd.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\cody mitchell\application data\mozilla\firefox\profiles\zvjne5ce.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3000917&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\coffplgn_2011_7_1_3\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\cody mitchell\application data\mozilla\firefox\profiles\zvjne5ce.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\cody mitchell\application data\mozilla\firefox\profiles\zvjne5ce.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
.
.
.
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2011-10-6 25968]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502010.003\symds.sys [2012-4-3 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502010.003\symefa.sys [2012-4-3 744568]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2011-3-29 20592]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20120507.001\BHDrvx86.sys [2012-5-8 821880]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2011-10-6 13680]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502010.003\ironx86.sys [2012-4-3 136312]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-5-9 46144]
R2 ASRSVC;ASR Service;c:\program files\thinkpad\tablet shortcut\asr\ASRSVC.exe [2012-5-22 79136]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2011-10-6 292200]
R2 N360;Norton 360;c:\program files\norton 360\engine\5.2.1.3\ccsvchst.exe [2012-4-3 130008]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2011-10-6 69632]
R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\thinkpad\utilities\PWMEWSVC.exe [2011-10-6 148840]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]
R2 TabletSVC;TABLET Service;c:\program files\thinkpad\tablet shortcut\TSMService.exe [2012-5-22 83920]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2012-4-30 131432]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2012-4-30 142696]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-14 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-9 253952]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-11 106104]
R3 GzTpHid;Touch Panel Filter Driver;c:\windows\system32\drivers\GzTpHid.sys [2009-7-16 27008]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20120522.001\IDSXpx86.sys [2012-5-22 356792]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20120523.002\NAVENG.SYS [2012-5-23 87928]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20120523.002\NAVEX15.SYS [2012-5-23 1589752]
R3 NETwLx32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [2012-4-12 6609920]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 37312]
R3 wisdpen;Wacom Penabled MiniDriver;c:\windows\system32\drivers\wisdpen.sys [2009-7-16 30888]
S1 TSMSMI;TSM System Interface Driver;c:\windows\system32\drivers\tsmsmi32.sys --> c:\windows\system32\drivers\TSMSMI32.SYS [?]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2012-4-30 101736]
S2 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 129976]
S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver; [x]
S3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys --> c:\windows\system32\drivers\tp4track.sys [?]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2008-5-6 14208]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-4-30 14336]
.
=============== Created Last 30 ================
.
2012-05-23 09:12:03 -------- dc-h--w- c:\windows\ie8
2012-05-23 08:41:32 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-23 06:52:24 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-05-23 06:52:19 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-05-23 06:52:18 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-05-23 06:52:14 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-05-23 06:52:09 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-05-23 06:50:56 701386 ----a-w- c:\windows\system32\dllcache\wdhaalba.sys
2012-05-23 06:49:58 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2012-05-23 06:48:57 22912 ----a-w- c:\windows\system32\dllcache\umaxpcls.sys
2012-05-23 06:47:57 28232 ----a-w- c:\windows\system32\dllcache\tos4mo.sys
2012-05-23 06:46:58 10240 ----a-w- c:\windows\system32\dllcache\swpdflt2.dll
2012-05-23 06:45:59 114688 ----a-w- c:\windows\system32\dllcache\sonypi.dll
2012-05-23 06:44:58 91294 ----a-w- c:\windows\system32\dllcache\skfpwin.sys
2012-05-23 06:43:59 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
2012-05-23 06:42:58 62496 ----a-w- c:\windows\system32\dllcache\s3mtrio.dll
2012-05-23 06:41:58 714762 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2012-05-23 06:40:57 92416 ----a-w- c:\windows\system32\dllcache\phildec.sys
2012-05-23 06:39:58 20480 ----a-w- c:\windows\system32\dllcache\ovcomc.dll
2012-05-23 06:38:56 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys
2012-05-23 06:37:59 7168 ----a-w- c:\windows\system32\dllcache\mxport.dll
2012-05-23 06:36:56 320384 ----a-w- c:\windows\system32\dllcache\mgaum.sys
2012-05-23 06:35:59 20573 ----a-w- c:\windows\system32\dllcache\lne100.sys
2012-05-23 06:34:59 90200 ----a-w- c:\windows\system32\dllcache\io8ports.dll
2012-05-23 06:33:59 28700 ----a-w- c:\windows\system32\dllcache\ibmexmp.sys
2012-05-23 06:32:58 13312 ----a-w- c:\windows\system32\dllcache\hpsjmcro.dll
2012-05-23 06:31:58 454912 ----a-w- c:\windows\system32\dllcache\fxusbase.sys
2012-05-23 06:30:59 43008 ----a-w- c:\windows\system32\dllcache\esucm.dll
2012-05-23 06:29:59 514587 ----a-w- c:\windows\system32\dllcache\edb500.dll
2012-05-23 06:28:59 80896 ----a-w- c:\windows\system32\dllcache\dc210usd.dll
2012-05-23 06:27:54 236032 ----a-w- c:\windows\system32\dllcache\camext20.dll
2012-05-23 06:26:59 46464 ----a-w- c:\windows\system32\dllcache\atibt829.sys
2012-05-23 06:07:35 -------- d-----w- c:\documents and settings\cody mitchell\application data\ElevatedDiagnostics
2012-05-23 00:20:37 -------- d-----w- c:\documents and settings\cody mitchell\application data\DriverCure
2012-05-23 00:20:35 -------- d-----w- c:\documents and settings\cody mitchell\application data\SpeedyPC Software
2012-05-23 00:20:18 -------- d-----w- c:\documents and settings\all users\application data\SpeedyPC Software
2012-05-22 23:38:18 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-22 23:38:18 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-22 18:34:15 531312 ----a-w- c:\windows\qfe4F.tmp
2012-05-19 03:34:24 -------- d-----w- c:\program files\Microsoft Services
2012-05-18 15:26:31 -------- d-----w- c:\windows\IIS Temporary Compressed Files
2012-05-18 15:23:07 9216 ----a-w- c:\windows\system32\dllcache\wamps51.dll
2012-05-18 15:22:59 7168 ----a-w- c:\windows\system32\wamregps.dll
2012-05-18 13:20:55 -------- d-----w- c:\documents and settings\cody mitchell\application data\FixCleaner
2012-05-18 13:20:48 -------- d-----w- c:\program files\FixCleaner
2012-05-16 07:28:37 -------- d-----w- c:\documents and settings\cody mitchell\application data\Serif
2012-05-16 07:27:23 -------- d-----w- c:\program files\Serif
2012-05-16 07:15:19 -------- d-----w- c:\documents and settings\cody mitchell\application data\PriceGong
2012-05-16 07:08:34 -------- d-----w- c:\program files\Conduit
2012-05-16 07:08:31 -------- d-----w- c:\documents and settings\cody mitchell\local settings\application data\Conduit
2012-05-16 06:36:41 -------- d-----w- c:\documents and settings\cody mitchell\local settings\application data\WMTools Downloaded Files
2012-05-01 01:32:57 17844 ----a-w- c:\windows\system32\drivers\TPHKDRV.sys
2012-04-25 03:47:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-04-25 03:47:04 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-04-25 02:12:10 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-25 02:12:00 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-04-25 02:12:00 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
.
==================== Find3M ====================
.
2012-04-13 00:22:23 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ------w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-05 01:47:02 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 22:15:06 37440 ----a-w- c:\windows\system32\tpinspm.dll
2012-02-29 22:15:02 40512 ----a-w- c:\windows\system32\ibmpmsvc.exe
2012-02-29 22:14:20 35272 ----a-w- c:\windows\system32\drivers\ibmpmdrv.sys
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ------w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 18:07:02.10 ===============
Attached Files
File Type: zip attach.zip (15.7 KB, 22 views)
cmitch5 is offline  
Sponsored Links
Advertisement
 
Old 05-27-2012, 11:27 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Do you use a proxy server?

I see no sign of infection in your logs. When you say slow, do you mean startup, shutdown, opening applications, etc.?

Or do you mean slow internet browsing? Or all the aforementioned?

Quote:
My guess is that it started when I upgraded (somewhat awkwardly) to service pack 3
Please explain what you mean by 'somewhat awkwardly'.

------------------------------------------------------

Do you experience the slowness in Safe Mode with Networking?:
  • Restart your computer.
  • After hearing your computer beep once during startup, but before the Windows icon appears, start pressing the F8 key.
  • In some systems, this may be the F5 key.
  • Instead of Windows loading as normal, a menu should appear.
  • Use the up arrow key to highlight Safe Mode with Networking and press 'Enter'.
  • Login on your usual account.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-30-2012, 07:00 PM   #3
Registered Member
 
Join Date: May 2012
Posts: 2
OS: windows XP, tablet pc edition 2005 version 2002, service pack 3



All of the above.

Cheers!
-Cody
cmitch5 is offline  
Sponsored Links
Advertisement
 
Old 05-30-2012, 07:30 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Quote:
My guess is that it started when I upgraded (somewhat awkwardly) to service pack 3
Please explain what you mean by 'somewhat awkwardly'.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-06-2012, 10:55 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Still with us, cmitch5? I generally unsubscribe from threads after 3 days of inactivity. If you do not reply within 24 hours, this thread will be closed.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-10-2012, 02:28 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 04:29 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts