Tech Support banner

Status
Not open for further replies.
1 - 6 of 6 Posts

·
Registered
Joined
·
8 Posts
Discussion Starter #1
Greetings all,

So I'm not convinced this is a malware problem, but I'd much rather that it be software related than the alternative. Hopefully you guys (and gals) can tell me that all my problems are related to some nasty bug (although I'm not terribly optimistic).

At the beginning of this week - I maybe noticed it first on Sunday night or Monday - my PC slowed down dramatically. I first noticed it in the context of audio and video files wherein I was getting the rapid fire stutter/repeat thing. I have since noticed it in the context of loading programs, switching between documents, you name it. This machine has slowed down. I did recently have the motherboard replaced by the manufacturer, so it's likely I'm working on a refurbished unit and I really hope that this is a SW issue and not HW. At first I thought it was just the sound card or driver, because I noticed the effect in the context of music problems if I would try to save a document at the same time, for instance. But really it just seems like my processors are working at a fraction of the appropriate level.

If it's helpful for diagnostic purposes, startup is taking longer also and the initial windows chime that plays during start up is always very mangled and slow-motion sounding. (what a great description). Below are my Panda (took over 4 hours to run) and DSS logs. Attached is my "extra" DSS file, and I have run through as many of the 5 steps as possible.

I've run symantec (since uninstalled) and avast antivirus programs, I've run NoAdware, uninstalled various programs and updated others, downloaded latest microsoft patches . . . I'm pretty much out of ideas.

Thank you in advance for your help, like I said, I'm not sure this is even a malware issue!

Ethan

Panda Scan:

Incident Status Location

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\ETHAN\Application Data\Mozilla\Firefox\Profiles\yeb433ry.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\ETHAN\Application Data\Mozilla\Firefox\Profiles\yeb433ry.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\ETHAN\Application Data\Mozilla\Firefox\Profiles\yeb433ry.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\ETHAN\Application Data\Mozilla\Firefox\Profiles\yeb433ry.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\ETHAN\Application Data\Mozilla\Firefox\Profiles\yeb433ry.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\ETHAN\Application Data\Mozilla\Firefox\Profiles\yeb433ry.default\cookies.txt[.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\ETHAN\Application Data\Mozilla\Firefox\Profiles\yeb433ry.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\ETHAN\Application Data\Mozilla\Firefox\Profiles\yeb433ry.default\cookies.txt[.advertising.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\ETHAN\Application Data\Mozilla\Firefox\Profiles\yeb433ry.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\ETHAN\Application Data\Mozilla\Firefox\Profiles\yeb433ry.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\ETHAN\Application Data\Mozilla\Firefox\Profiles\yeb433ry.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\ETHAN\Application Data\Mozilla\Firefox\Profiles\yeb433ry.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\ETHAN\Application Data\Mozilla\Firefox\Profiles\yeb433ry.default\cookies.txt[.xiti.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\ETHAN\Application Data\Mozilla\Firefox\Profiles\yeb433ry.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\ETHAN\Application Data\Mozilla\Firefox\Profiles\yeb433ry.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\ETHAN\Application Data\Mozilla\Firefox\Profiles\yeb433ry.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\ETHAN\Application Data\Mozilla\Firefox\Profiles\yeb433ry.default\cookies.txt[.target.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\ETHAN\Application Data\Mozilla\Firefox\Profiles\yeb433ry.default\cookies.txt[.com.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\ETHAN\Application Data\Mozilla\Firefox\Profiles\yeb433ry.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\ETHAN\Application Data\Mozilla\Firefox\Profiles\yeb433ry.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\ETHAN\Application Data\Mozilla\Firefox\Profiles\yeb433ry.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\ETHAN\Application Data\Mozilla\Firefox\Profiles\yeb433ry.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\ETHAN\Application Data\Mozilla\Firefox\Profiles\yeb433ry.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\ETHAN\Application Data\Mozilla\Firefox\Profiles\yeb433ry.default\cookies.txt[.overture.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\ETHAN\Application Data\Mozilla\Firefox\Profiles\yeb433ry.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\ETHAN\Application Data\Mozilla\Firefox\Profiles\yeb433ry.default\cookies.txt[.go.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\ETHAN\Application Data\Mozilla\Firefox\Profiles\yeb433ry.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\ETHAN\Application Data\Mozilla\Firefox\Profiles\yeb433ry.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\ETHAN\Application Data\Mozilla\Firefox\Profiles\yeb433ry.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\ETHAN\Application Data\Mozilla\Firefox\Profiles\yeb433ry.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\ETHAN\Application Data\Mozilla\Firefox\Profiles\yeb433ry.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\ETHAN\Application Data\Mozilla\Firefox\Profiles\yeb433ry.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\ETHAN\Application Data\Mozilla\Firefox\Profiles\yeb433ry.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\ETHAN\Application Data\Mozilla\Firefox\Profiles\yeb433ry.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\ETHAN\Application Data\Mozilla\Firefox\Profiles\yeb433ry.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\ETHAN\Application Data\Mozilla\Firefox\Profiles\yeb433ry.default\cookies.txt[.fortunecity.com/]

DSS:
Deckard's System Scanner v20071014.68
Run by ETHAN on 2007-11-30 03:10:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2007-11-30 08:11:08 UTC - RP3 - Deckard's System Scanner Restore Point
2: 2007-11-29 17:18:12 UTC - RP2 - Removed Symantec AntiVirus
1: 2007-11-29 01:22:43 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as ETHAN.exe) -----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-30 03:17:06
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\RTHDCPL.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\WINDOWS\system32\svchost.exe
C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\DLA\DLACTRLW.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\agrsmmsg.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\ETHAN\Desktop\dss.exe
C:\Program Files\Trend Micro\HijackThis\ETHAN.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: RAMASST.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190779273828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190779414921
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe


--
End of file - 12099 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 meiudf - c:\windows\system32\drivers\meiudf.sys <Not Verified; Matsushita Electric Industrial Co.,Ltd.; >
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 FdRedir - c:\program files\common files\protector suite ql\drivers\fdredir.sys <Not Verified; UPEK Inc.; Protector Suite QL>
R2 FileDisk2 (FileDisk Protector Kernel Driver) - c:\program files\common files\protector suite ql\drivers\filedisk.sys <Not Verified; UPEK Inc.; Protector Suite QL>
R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol>
R2 smihlp (SMI helper driver) - c:\program files\protector suite ql\smihlp.sys <Not Verified; UPEK Inc.; Protector Suite QL>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 tosrfec (Bluetooth ACPI from TOSHIBA) - c:\windows\system32\drivers\tosrfec.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth EC Driver>
R3 TVALD (Toshiba Mobile PC Service) - c:\windows\system32\drivers\nbsmi.sys <Not Verified; Toshiba Corporation; Toshiba Notebook PC SMI Service>
R3 Tvs (TOSHIBA Virtual Sound with SRS technologies) - c:\windows\system32\drivers\tvs.sys <Not Verified; TOSHIBA Corporation; Audio Filter>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree(TM)>
R2 DVD-RAM_Service - c:\windows\system32\dvdramsv.exe <Not Verified; Matsushita Electric Industrial Co., Ltd.; >
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
R2 Swupdtmr - c:\toshiba\ivp\swupdate\swupdtmr.exe
R2 TAPPSRV (TOSHIBA Application Service) - "c:\program files\toshiba\toshiba applet\tappsrv.exe" <Not Verified; TOSHIBA Corp.; TOSHIBA TAPPSRV>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-11-28 17:00:45 270 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2007-11-28 17:00:43 392 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
2007-09-26 02:37:29 258 --a------ C:\WINDOWS\Tasks\Registration reminder 2.job
2007-09-26 02:37:28 258 --a------ C:\WINDOWS\Tasks\Registration reminder 1.job


-- Files created between 2007-10-30 and 2007-11-30 -----------------------------

2007-11-30 03:14:00 0 d-------- C:\Program Files\Trend Micro
2007-11-30 03:01:33 0 d-------- C:\Program Files\SpywareBlaster
2007-11-29 23:37:05 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-29 23:37:01 0 d-------- C:\WINDOWS\LastGood
2007-11-29 12:32:59 0 d-------- C:\Program Files\Alwil Software
2007-11-28 19:24:09 0 d-------- C:\Program Files\a-squared Anti-Malware
2007-11-28 19:23:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-28 18:15:41 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2007-11-28 17:54:57 0 d-------- C:\Program Files\MSXML 6.0
2007-11-28 17:32:00 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2007-11-28 17:32:00 0 d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2007-11-28 17:31:44 376832 --a------ C:\WINDOWS\system32\AegisI5Installer.exe <Not Verified; ; AegisInstall Application>
2007-11-28 17:29:19 0 d-------- C:\Documents and Settings\Default User\Application Data\Intel
2007-11-28 17:29:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2007-11-28 17:27:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Intel
2007-11-28 17:26:50 0 d-------- C:\Documents and Settings\ETHAN\Application Data\Intel
2007-11-28 17:00:51 0 d-------- C:\Documents and Settings\ETHAN\Application Data\Uniblue
2007-11-28 16:57:54 0 d-------- C:\WINDOWS\pss
2007-11-27 19:44:35 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-11-27 19:44:34 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-11-27 19:44:34 0 d-------- C:\Program Files\Xvid
2007-11-27 19:05:34 0 d-------- C:\Program Files\NoAdware5.0
2007-11-27 18:41:13 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2007-11-25 22:42:28 11270 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-25 22:42:28 56 -r-hs---- C:\WINDOWS\system32\B858F050D8.sys
2007-11-25 22:42:22 0 d-------- C:\Program Files\DivX
2007-11-25 22:39:06 0 d-------- C:\Documents and Settings\ETHAN\Application Data\vlc
2007-11-25 22:38:19 0 d-------- C:\Program Files\VideoLAN
2007-11-25 21:06:59 0 d-------- C:\Documents and Settings\ETHAN\Application Data\WinRAR
2007-11-25 20:58:52 0 d-------- C:\Documents and Settings\ETHAN\Application Data\InterVideo
2007-11-21 23:37:44 0 d-------- C:\Program Files\iPod
2007-11-14 22:55:06 0 d-------- C:\Program Files\PeerGuardian2


-- Find3M Report ---------------------------------------------------------------

2007-11-30 02:22:48 0 d-------- C:\Program Files\Protector Suite QL
2007-11-30 02:18:20 0 d-------- C:\Program Files\iTunes
2007-11-30 02:15:45 0 d-------- C:\Program Files\Google
2007-11-29 12:34:09 0 d-------- C:\Program Files\Trillian
2007-11-29 12:20:13 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-29 12:20:06 0 d-------- C:\Program Files\Symantec
2007-11-28 20:05:06 0 d-------- C:\Program Files\Common Files
2007-11-28 18:15:47 0 d-------- C:\Program Files\Realtek
2007-11-25 22:38:53 0 d-------- C:\Documents and Settings\ETHAN\Application Data\uTorrent
2007-11-21 23:36:07 0 d-------- C:\Program Files\QuickTime
2007-11-01 12:57:23 0 d-------- C:\Documents and Settings\ETHAN\Application Data\Google
2007-10-29 21:13:30 0 d-------- C:\Documents and Settings\ETHAN\Application Data\Move Networks
2007-10-28 16:17:24 0 d-------- C:\Documents and Settings\ETHAN\Application Data\Sun
2007-10-27 17:40:12 0 d-------- C:\Documents and Settings\ETHAN\Application Data\Apple Computer
2007-10-24 08:19:25 0 d-------- C:\Documents and Settings\ETHAN\Application Data\Adobe
2007-10-22 23:35:06 0 d-------- C:\Program Files\Microsoft Silverlight
2007-10-21 23:50:15 0 d-------- C:\Program Files\Windows Media Connect 2
2007-10-20 00:21:43 0 dr------- C:\Documents and Settings\ETHAN\Application Data\Brother
2007-10-19 19:56:16 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-10-19 19:54:28 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-10-19 19:54:28 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-10-19 19:54:12 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-10-19 19:54:12 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-10-19 19:54:12 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-10-19 19:54:10 739840 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-10-19 09:43:23 0 d-------- C:\Program Files\Pure Networks
2007-10-19 09:43:23 0 d-------- C:\Program Files\Common Files\AOL
2007-10-19 09:41:28 0 d-------- C:\Documents and Settings\ETHAN\Application Data\AOL
2007-10-18 04:02:34 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-10-13 15:11:11 0 d-------- C:\Program Files\Apple Software Update
2007-10-10 22:11:42 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-10-10 22:05:44 0 d-------- C:\Program Files\Common Files\Adobe
2007-10-10 20:59:59 0 d-------- C:\Program Files\PowerISO
2007-10-10 19:20:05 1156 --a------ C:\WINDOWS\mozver.dat
2007-10-10 19:17:58 0 d-------- C:\Program Files\uTorrent
2007-10-10 17:32:22 0 d-------- C:\Documents and Settings\ETHAN\Application Data\Mozilla
2007-10-08 14:11:52 208896 --a------ C:\WINDOWS\system32\NetProvCredMan.dll <Not Verified; Intel Corporation; NetProvCredMan Dynamic Link Library>
2007-10-05 14:57:41 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-10-03 17:36:18 0 d-------- C:\Program Files\Microsoft MapPoint
2007-10-03 17:19:59 0 d-------- C:\Documents and Settings\ETHAN\Application Data\Macromedia


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [11/30/2005 03:25 PM]
"TPSMain"="TPSMain.exe" [06/01/2005 12:00 AM C:\WINDOWS\system32\TPSMain.exe]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [01/05/2006 05:02 PM]
"TFncKy"="TFncKy.exe" []
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [12/16/2005 07:32 PM]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [04/26/2005 07:13 PM]
"RTHDCPL"="RTHDCPL.EXE" [11/06/2007 10:50 AM C:\WINDOWS\RTHDCPL.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [11/14/2007 11:43 PM]
"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [05/05/2006 07:36 PM]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [03/17/2005 08:37 PM]
"NDSTray.exe"="NDSTray.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 01:11 PM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [10/08/2007 02:18 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/08/2007 02:13 PM]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 04:22 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [10/10/2007 07:32 PM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [10/06/2005 07:20 AM]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [01/02/2006 08:41 PM]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 06:43 PM C:\WINDOWS\Alcmtr.exe]
"AGRSMMSG"="AGRSMMSG.exe" [10/15/2005 09:29 AM C:\WINDOWS\agrsmmsg.exe]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [05/10/2007 10:46 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [09/06/2007 06:06 AM]
"@"="" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/17/2007 11:04 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [10/11/2007 08:18 AM]

C:\Documents and Settings\ETHAN\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [4/19/2007 3:49:52 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [11/28/2007 7:23:16 PM]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [1/19/2006 4:35:06 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll 05/05/2006 07:48 PM 40448 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli psqlpwd





-- End of Deckard's System Scanner: finished at 2007-11-30 03:17:43 ------------
 

Attachments

·
Registered
Joined
·
8 Posts
Discussion Starter #4
So LOTS of people are getting helped BEFORE me

I'm generally not one to complain, and when it comes to free tech support, that's just awesome and I know everyone is volunteering their time. I understand there are only so many resources to go around and some people are going to get left behind. But it seems to me that the "bump" technique is not very effective (bumped twice so far and nothing, yet people who posted a week after me are getting responses). So, here is my plea: Someone please take a look at my logs. I'm not even sure I have malware. This could be the easiest case ever for you. There's a good chance my problem is HW and not SW related, take a look at my logs and let me know what you think. I wouldn't complain, except that, per TSF policy, I have refrained from posting at any other forums, so basically I'm passing up on other opportunities for help.

Here's my original post. http://www.techsupportforum.com/security-center/hijackthis-log-help/198662-pc-has-suddenly-slowed-down-no-other-obvious-signs-malware.html

Thanks,

Ethan
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
Hello Ethan and welcome to TSF,

Our apologies for the oversight of your thread. As you've noticed, there are so many people requesting assistance that inevitably, many threads fall through the crack.

I'm not seeing any malware in these logs, but you should clear those undesirable cookies reported by Panda. Open the Mozilla Browser>Tools>Options>Privacy>Cookies>Clear

I would suggest posting your issue in Hardware Support.
 

·
Registered
Joined
·
8 Posts
Discussion Starter #6
Thanks for the follow up Ried. That's basically what I was expecting to hear, unfortunately. I'll post up in HW, but I think there is little that can be done.

Ethan
 
1 - 6 of 6 Posts
Status
Not open for further replies.
Top