Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Extremely Slow Computer!


  • This topic is locked This topic is locked
8 replies to this topic

#1 SkipDiver

SkipDiver

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:10:26 AM

Posted 08 August 2008 - 10:35 PM

I can't figure it out. I have tried every virus removal system I can think of as well as trojen and malware, and they are not bringing anything up.I DID have one hell of a virus on my computer, I think in the VUNDO area. I can't find traces anymore...but now my computer is taking foever to do anything. Computer resources are usually around 100% CONSTANTLY, and I know that is part of the reason. I have a hiJack tThis log file I will add to this post. but I also noticed that avgrsx.exe usually runs around 70-90%with a mem usage of 42,400k. I anly can have a max of 512mb in this computer...its a little old...but has been a strong one. I ahve also seen...sometimes when I start the computer...that LSASS.exe has a mem usage abnormally high. I have gone to the microsoft website and they sent me a hotfix...but that didn't work. Here is the HiJackThis log...let me know if anyone has ANY ideas.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:17:36 PM, on 8/6/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\CTsvcCDA.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINNT\system32\devldr32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\System32\mqsvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1214940681\ee\aolsoftware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\DllHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive2k\Program\AHQInit.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214831749592
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1214889087956
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15102/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7738 bytes

Attached Files



BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:26 PM

Posted 09 August 2008 - 08:19 AM

Hi,

I notice from your log that there's more than 1 Antivirus installed. AVG and Norton.
Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!
The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.
Also because more than one Antivirus and Firewall installed are not compatible with eachother, it can cause system performance problems and a serious system slowdown.

So you have to make a decision here and keep the Antivirus you prefer and uninstall the other one.
Then reboot after uninstalling.

Then, I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
Also read this: Help! My computer is slow! and perform the instructions posted there.
Then reboot.

Then after performing all above steps, scan with HijackThis again and post a new log in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SkipDiver

SkipDiver
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:10:26 AM

Posted 11 August 2008 - 05:30 AM

Its still coming off as slow. I can't figure it out. I have, after I deleted Viewpoint and one of the virus removal programs, defraged and disk cleanup'd the computer using the windows 2000 tools and then PageDefrag. Here is the next hiJackThis log that you requested. I just can't seem to get it....booo.





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:55 AM, on 8/10/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\CTsvcCDA.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\system32\devldr32.exe
C:\WINNT\System32\mqsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214831749592
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1214889087956
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15102/CTPID.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 6519 bytes

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:26 PM

Posted 11 August 2008 - 05:39 AM

Hi,

* Download Deckard System Scanner to your Desktop.
  • Close all applications and windows.
  • Double-click on dds.exe to run it, and follow the prompts.
  • The scan may take a minute. When the scan is complete, a text file will open - main.txt
  • A folder (C:\Deckard\System Scanner) will also open which contains the main.txt and an extra.txt.
  • Copy and paste the contents of main.txt in your next reply. (Do not post the extra.txt - only post this when being asked)

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 SkipDiver

SkipDiver
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:10:26 AM

Posted 11 August 2008 - 12:37 PM

That worked out...I ran a scan from them right before I posted the last JiJackThis log....but forgot to post it...here it is


Deckard's System Scanner v20071014.68
Run by David Henrickson on 2008-08-11 06:32:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.

System Drive C: has 9.58 GiB (less than 15%) free.


-- HijackThis (run as David Henrickson.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:34:20 AM, on 8/11/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\CTsvcCDA.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\mqsvc.exe
C:\WINNT\system32\devldr32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\NORTON~1\navw32.exe
C:\Documents and Settings\David Henrickson\Desktop\Deckards System Scanner.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\David Henrickson.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214831749592
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1214889087956
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15102/CTPID.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 6750 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080729-181239-227 O23 - Service: GAQJHCTX - Unknown owner - C:\DOCUME~1\DAVIDH~1\LOCALS~1\Temp\GAQJHCTX.exe (file missing)
backup-20080729-181239-651 O23 - Service: JRNNFWZ - Unknown owner - C:\DOCUME~1\DAVIDH~1\LOCALS~1\Temp\JRNNFWZ.exe (file missing)
backup-20080729-181239-856 O23 - Service: QCNVLVEFMJR - Unknown owner - C:\DOCUME~1\DAVIDH~1\LOCALS~1\Temp\QCNVLVEFMJR.exe (file missing)
backup-20080729-181239-857 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20080729-181239-866 O23 - Service: HIYUZDJK - Unknown owner - C:\DOCUME~1\DAVIDH~1\LOCALS~1\Temp\HIYUZDJK.exe (file missing)

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 GAQJHCTX - c:\docume~1\davidh~1\locals~1\temp\gaqjhctx.exe (file missing)
S4 HIYUZDJK - c:\docume~1\davidh~1\locals~1\temp\hiyuzdjk.exe (file missing)
S4 JRNNFWZ - c:\docume~1\davidh~1\locals~1\temp\jrnnfwz.exe (file missing)
S4 QCNVLVEFMJR - c:\docume~1\davidh~1\locals~1\temp\qcnvlvefmjr.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&264480D3&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&264480D3&0
Service: i8042prt


-- Scheduled Tasks -------------------------------------------------------------

2008-08-11 06:30:58 552 --a------ C:\WINNT\Tasks\Norton AntiVirus - Scan my computer - David Henrickson.job


-- Files created between 2008-07-11 and 2008-08-11 -----------------------------

2008-08-10 23:15:20 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_360.dat
2008-08-09 21:40:58 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2ec.dat
2008-08-09 20:08:03 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_358.dat
2008-08-09 13:03:54 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_3e0.dat
2008-08-09 13:01:25 0 d-a------ C:\Documents and Settings\All Users\Application Data\Avg8
2008-08-09 12:18:33 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_b90.dat
2008-08-09 00:15:45 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_550.dat
2008-08-09 00:10:46 25992 --a------ C:\WINNT\system32\pgdfgsvc.exe <Not Verified; Sysinternals - www.sysinternals.com; Page File Defragmenter>
2008-08-08 01:28:45 0 d-------- C:\WINNT\Sun
2008-08-07 22:21:51 0 d-------- C:\Program Files\Java
2008-08-07 22:21:19 0 d-------- C:\Program Files\Common Files\Java
2008-08-07 21:52:35 0 d-------- C:\Documents and Settings\David Henrickson\Application Data\Sun
2008-08-07 12:53:28 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_584.dat
2008-08-07 12:30:58 0 d--h----- C:\WINNT\PIF
2008-08-07 12:22:31 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-08-07 12:19:05 0 d-------- C:\Program Files\Common Files\iS3
2008-08-07 12:18:39 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-08-06 01:59:51 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_4fc.dat
2008-08-04 01:14:25 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_4e8.dat
2008-08-01 18:03:44 0 d-------- C:\Tara's Computer Backup
2008-07-27 14:20:48 465464 ---h----- C:\WINNT\ShellIconCache
2008-07-25 16:59:43 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_524.dat
2008-07-25 16:41:40 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_4f0.dat
2008-07-24 00:16:19 0 d-------- C:\VundoFix Backups
2008-07-24 00:10:39 0 d-------- C:\Program Files\Enigma Software Group
2008-07-23 21:28:33 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_514.dat
2008-07-19 06:19:24 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_528.dat
2008-07-18 08:08:28 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_4f4.dat
2008-07-18 07:21:05 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_508.dat
2008-07-18 00:53:12 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_510.dat
2008-07-17 22:10:03 0 d-------- C:\Program Files\Easy Desk Utilities
2008-07-17 22:09:08 0 d-------- C:\Documents and Settings\David Henrickson\Application Data\gtopala
2008-07-17 01:13:56 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_3b4.dat
2008-07-16 07:45:33 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_3b8.dat
2008-07-15 22:25:40 0 --a------ C:\WINNT\system32\SBRC.dat
2008-07-15 22:25:40 0 --a------ C:\WINNT\system32\SBFC.dat
2008-07-15 22:19:00 0 d-------- C:\Documents and Settings\David Henrickson\Application Data\Sunbelt Software
2008-07-15 22:18:53 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_4bc.dat
2008-07-15 22:07:46 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-15 18:21:33 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_38c.dat
2008-07-15 16:24:54 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_3c4.dat
2008-07-15 15:39:36 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_388.dat
2008-07-15 06:26:08 728977 --ahs---- C:\WINNT\system32\PAHgfMoq.ini2
2008-07-14 22:01:09 0 d-------- C:\New
2008-07-14 01:44:45 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_3a0.dat
2008-07-12 14:23:10 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_3cc.dat
2008-07-12 06:43:41 732359 --ahs---- C:\WINNT\system32\SYFPstwa.ini2
2008-07-12 01:46:49 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_364.dat
2008-07-12 01:40:07 0 d-------- C:\Program Files\Show Hidden Files
2008-07-12 01:35:34 0 d-------- C:\Program Files\FDRLab
2008-07-11 20:49:15 0 d-------- C:\Kung Fu Panda 2008
2008-07-11 20:47:27 0 d-------- C:\Documents and Settings\David Henrickson\Application Data\Ahead


-- Find3M Report ---------------------------------------------------------------

2008-08-10 23:16:11 0 d-a------ C:\Program Files\Common Files
2008-07-29 18:10:39 0 d-------- C:\Program Files\Trend Micro
2008-07-29 16:24:20 0 d-------- C:\Documents and Settings\David Henrickson\Application Data\AdobeUM
2008-07-29 03:54:01 0 d-------- C:\Documents and Settings\David Henrickson\Application Data\Adobe
2008-07-12 14:33:56 0 d-------- C:\Program Files\Norton AntiVirus
2008-07-12 01:46:08 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-10 22:09:18 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-10 21:26:13 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_374.dat
2008-07-10 16:28:06 0 d-------- C:\Program Files\Shareaza
2008-07-10 16:27:24 0 d-------- C:\Documents and Settings\David Henrickson\Application Data\Shareaza
2008-07-09 15:10:26 0 d-------- C:\Program Files\MSECache
2008-07-09 14:54:26 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_3a4.dat
2008-07-09 01:50:34 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_3c0.dat
2008-07-09 01:40:32 0 d-------- C:\Documents and Settings\David Henrickson\Application Data\Leadertech
2008-07-08 23:13:31 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_3b0.dat
2008-07-08 15:56:06 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_480.dat
2008-07-08 05:37:09 0 d-------- C:\Program Files\Windows NT
2008-07-07 00:25:40 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_49c.dat
2008-07-04 05:13:37 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_408.dat
2008-07-04 01:25:30 0 d-------- C:\Program Files\Symantec
2008-07-04 01:24:41 0 d-------- C:\Program Files\SymNetDrv
2008-07-03 22:10:29 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_4b4.dat
2008-07-03 16:28:05 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_46c.dat
2008-07-03 04:03:06 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_33c.dat
2008-07-02 22:11:24 0 d-------- C:\Program Files\Ahead
2008-07-02 22:09:12 0 d-------- C:\Program Files\Common Files\Ahead
2008-07-02 21:56:13 0 d-------- C:\Documents and Settings\David Henrickson\Application Data\Symantec
2008-07-02 21:55:27 0 d-------- C:\Program Files\WinISO
2008-07-02 16:16:18 0 d-------- C:\Program Files\Microsoft Works
2008-07-02 01:16:56 0 d-------- C:\Documents and Settings\David Henrickson\Application Data\Lavasoft
2008-07-02 01:16:47 0 d-------- C:\Program Files\Lavasoft
2008-07-02 00:47:40 0 d-------- C:\Program Files\EuroTool
2008-07-01 16:51:55 0 d-------- C:\Program Files\AOL 9.1
2008-07-01 16:35:46 0 d-------- C:\Program Files\Common Files\L&H
2008-07-01 16:35:34 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-07-01 16:35:00 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-07-01 16:32:22 0 d-------- C:\Program Files\Microsoft.NET
2008-07-01 15:34:56 0 d-------- C:\Documents and Settings\David Henrickson\Application Data\AOL
2008-07-01 15:34:25 0 d-a------ C:\Program Files\Common Files\AOL
2008-07-01 15:34:02 0 d-a------ C:\Program Files\Common Files\aolshare
2008-07-01 15:33:31 0 d-------- C:\Program Files\Common Files\Nullsoft
2008-07-01 15:33:06 16 --a------ C:\WINNT\?
2008-06-30 19:33:22 0 d-ah----- C:\Program Files\WindowsUpdate
2008-06-30 19:29:42 0 d-------- C:\Documents and Settings\David Henrickson\Application Data\acccore
2008-06-30 19:29:04 0 d-------- C:\Program Files\AIM6
2008-06-30 19:28:14 335 --a------ C:\WINNT\nsreg.dat
2008-06-30 18:54:37 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-30 18:15:08 0 d-------- C:\Documents and Settings\David Henrickson\Application Data\ZoomBrowser EX
2008-06-30 18:06:15 0 d-------- C:\Program Files\Canon
2008-06-30 18:04:45 0 d-------- C:\Program Files\Common Files\Canon
2008-06-30 17:54:41 57344 --a------ C:\WINNT\uneng.exe <Not Verified; Roxio; Roxio Update Wizard>
2008-06-30 17:54:41 0 d-------- C:\Program Files\Common Files\Adaptec Shared
2008-06-30 17:33:22 0 d-------- C:\Program Files\Creative
2008-06-30 17:16:21 0 --a------ C:\WINNT\
2008-06-30 17:16:10 0 --a------ C:\WINNT\?
2008-06-30 09:12:19 0 d-------- C:\Documents and Settings\David Henrickson\Application Data\Macromedia
2008-06-30 09:09:43 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-30 01:50:16 0 d-------- C:\Program Files\VIA Technologies, Inc
2008-06-30 01:44:27 0 d-------- C:\Program Files\Microsoft Script Debugger
2008-06-30 01:40:15 0 d-------- C:\Documents and Settings\David Henrickson\Application Data\Identities
2008-06-30 00:34:13 0 d-------- C:\Program Files\microsoft frontpage
2008-06-30 00:33:31 0 -rahs---- C:\MSDOS.SYS
2008-06-30 00:33:31 0 -rahs---- C:\IO.SYS
2008-06-30 00:33:31 0 ---h----- C:\CONFIG.SYS
2008-06-30 00:33:31 0 ---h----- C:\AUTOEXEC.BAT
2008-06-30 00:31:51 15012 --a------ C:\WINNT\system32\emptyregdb.dat
2008-06-29 20:30:39 0 d-------- C:\Program Files\Accessories
2008-06-29 20:23:31 0 d-a------ C:\Program Files\Common Files\ODBC


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 12:05p C:\WINNT\system32\mobsync.exe]
"NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [10/22/06 12:22p]
"nwiz"="nwiz.exe" [10/22/06 12:22p C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\System32\NvMcTray.dll" [10/22/06 12:22p]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03/09/06 11:47a]
"NAV CfgWiz"="C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe" [08/15/03 08:24p]
"Advanced Tools Check"="C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [08/17/03 11:33p]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [07/04/08 01:24a]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [11/02/04 04:59p]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/05 11:46p]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [03/21/05 03:13p C:\WINNT\system32\CTFMON.EXE]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BM171adde6"=Rundll32.exe "C:\WINNT\system32\vitmxnth.dll",s




-- End of Deckard's System Scanner: finished at 2008-08-11 06:47:05 ------------

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:26 PM

Posted 11 August 2008 - 12:51 PM

Hi,

I need another log, just to doublecheck..

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Edited by miekiemoes, 11 August 2008 - 12:52 PM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 SkipDiver

SkipDiver
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:10:26 AM

Posted 12 August 2008 - 03:39 PM

ok...I tried it...it got somewhat through the first time, but now it just locks up my computer, to the point I can't do anything. I am using Windows 2000 with SP4. Are there any other suggestions? I click the combofix exe icon and it does its little load thing..then lock up time. Thanks for sticking with me.

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:26 PM

Posted 12 August 2008 - 04:34 PM

Hi,

I see some malware leftovers present in the previous log, that's why I needed a doublecheck, but forgot you run Windows 2000, which may explain the issues with Combofix.


Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BM171adde6"=-

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
(In case you are unsure how to create a reg file, take a look here with screenshots.)

Then, navigate to and delete next files and folder:

C:\WINNT\system32\PAHgfMoq.ini2
C:\WINNT\system32\SYFPstwa.ini2
C:\VundoFix Backups <== folder

It's a hidden system file, so to see it, Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Please hide your hidden files and folders afterwards again, when we are done with this thread and your problems are solved, because above instructions to set your system to show all files, unhide legit files and folders as well.
And I don't want you to delete them because they may look suspicious. To hide them again, just perform the above instructions in the opposite way.


Also, there are some files created in your Windows with a foreign characterset:

2008-06-30 17:16:21 0 --a------ C:\WINNT\
2008-06-30 17:16:10 0 --a------ C:\WINNT\?

Nothing to worry about since they are 0 bytes, or a bit more. I've seen this before on Windows 2000, but can't remember what was causing this. In anyway, all I can remember is that it wasn't an issue.


And your issue is a slow computer.
So let's look at the potential causes..

First of all, this is what it says in your previous log on top:

System Drive C: has 9.58 GiB (less than 15%) free.

Not much space left there...
Keep in mind, if the drive gets full, your Windows will be slower anyway. So I can imagine that it runs a lot slower with only 15% of free space. You should get rid of programs etc you don't use anymore to free up some space. Also, music, movies, in your case, it would be better to save it on cd and delete it from your drive afterwards to free up some more space.
Also, since this is a Windows 2000 computer, I assume that this is an older computer as well. Older computers do run slower and there's not much you can do about this...
Some people recommend to format and reinstall Windows once in 2 years or once a year if it's indeed an older computer, this in order to start from scratch, so all cluttered data is gone.

In your case, I suspect the main culprit is your Norton here. Norton is known to cause a huge system slowdown anyway. And the second reason why I suspect your Norton is, from your log, I see a lot of these Perflib_Perfdata_***.dat files present. They are legitimate files but you shouldn't have so many orphaned ones. The reason why they are orphaned is in most cases because your computer didn't shut down properly, for example, you used the power button to shut down your computer.... But in most cases this may also be caused by third party software (or hardware) which causes the computer not to shut down properly. And Security Software may indeed cause this.
And I see this started 1 day after Norton was installed/Modified.

To quote a part of your log...

2008-07-07 00:25:40 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_49c.dat
2008-07-04 05:13:37 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_408.dat
2008-07-04 01:25:30 0 d-------- C:\Program Files\Symantec
2008-07-04 01:24:41 0 d-------- C:\Program Files\SymNetDrv
2008-07-03 22:10:29 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_4b4.dat
2008-07-03 16:28:05 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_46c.dat
2008-07-03 04:03:06 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_33c.dat
2008-07-02 22:11:24 0 d-------- C:\Program Files\Ahead
2008-07-02 22:09:12 0 d-------- C:\Program Files\Common Files\Ahead
2008-07-02 21:56:13 0 d-------- C:\Documents and Settings\David Henrickson\Application Data\Symantec


Norton related components are marked in bold. And since then, all the Perflib_Perfdata_***.dat files were created.

So what I suggest here is... Temporary uninstall Norton, then reboot and then post a new HijackThislog in your next reply. We can only properly troubleshoot if we remove potential causes.

Edited by miekiemoes, 12 August 2008 - 04:36 PM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:26 PM

Posted 20 August 2008 - 01:55 PM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users