Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP incredibly slow after malware fixes


  • This topic is locked This topic is locked
1 reply to this topic

#1 kaegee

kaegee

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 13 April 2011 - 07:52 PM

Hello,

I run Windows XP Pro SP2 on a Compal Hel81 laptop.
2.16 GHz Core 2 Duo processor,
2 GB ram
120 GB Hitachi HDD


I had a 'Security Tool' pop-up in the middle of watching a video about five days ago. I ran Spybot and Malwarebytes, which found and fixed some problems, and then my Windows XP would not boot normally.
Once it gets to the black, WindowsXP logo screen, it slows to a crawl. The blue loading bar stops and starts for about 10-15 min, then a black screen for 10 min, then a blank wallpaper for 10min, then slowly icons appear. The mouse moves very slowly, the windows take about 2-5 min to open, and many programs just won't run.

I have been able to boot into Safe Mode, where things are still slow, but much better than normal mode. I have tried to system restore from the Recovery Console, but nothing changes. I have tried booting the 'last good configuration', to no avail. I have tried a repair install, but some files are missing or corrupted, and it hangs at 34 minutes. I've tried to run SFC /scannow: in Normal Mode it just hangs forever, and in Safe Mode it will not run and gives an "RPC network" error.

Also, the Device Manager shows an exclamation mark next to Microsoft System Management Bios.




If someone knows any way to fix or diagnose this, I would really appreciate some help. I have attached the necessary files.

Thank you,
-Kenny




DDS (Ver_10-03-17.01) - NTFSx86 MINIMAL
Run by Administrator at 19:58:45.39 on Tue 04/12/2011
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_21

============== Running Processes ===============

C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mmc.exe
C:\Documents and Settings\Kenny\Desktop\All Antivirus bleep\NearDevastation\bleepingcomputer\dds.scr

============== Pseudo HJT Report ===============

BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [CASS] c:\program files\compal electronics, inc\wireless select switch\Wireless Select Switch.exe
mRun: [KTPWare] c:\program files\elantech\ktp.exe
mRun: [Sidewalker] c:\program files\compal electronics, inc\sidewalker\CSWalker.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [!AVG Anti-Spyware] "c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe" /minimized
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {233c1507-6a77-46a4-9443-f871f945d258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/59.04/uploader2.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.il", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgba3a4f16a", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgba3a4fra", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--wgbl6a", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R? AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler
R? AntiVirService;AntiVir PersonalEdition Classic Guard
R? KorgBlkT;KorgBlkT.Sys KORG USB Bulk Driver
R? KORGUMDS;KORG USB-MIDI Driver for Windows
R? SASDIFSV;SASDIFSV
R? SASENUM;SASENUM
R? SASKUTIL;SASKUTIL
R? StarWindServiceAE;StarWind AE Service
R? Viewpoint Manager Service;Viewpoint Manager Service
R? XDva190;XDva190
S? Asapi;Asapi
S? CLEDX;Team H2O CLEDX service
S? CPEb;CPEb

=============== Created Last 30 ================

2011-04-13 02:11:21 116352 ----a-w- c:\windows\system32\drivers\pcmcia.sys
2011-04-13 01:32:48 0 d-----w- c:\windows\system32\ReinstallBackups
2011-04-12 17:01:39 48640 ----a-w- c:\windows\system32\drivers\stream.sys
2011-04-12 16:55:17 145792 ----a-w- c:\windows\system32\drivers\portcls.sys
2011-04-12 16:53:13 60288 ----a-w- c:\windows\system32\drivers\drmk.sys
2011-04-12 16:51:12 140928 ----a-w- c:\windows\system32\drivers\ks.sys
2011-04-12 16:42:55 4096 ----a-w- c:\windows\system32\ksuser.dll
2011-04-12 11:35:22 0 d-----r- C:\I386
2011-04-12 08:23:26 0 d-----w- c:\windows\LastGood.Tmp
2011-04-12 05:04:09 172032 ----a-w- c:\windows\system32\igfxres.dll
2011-04-12 04:50:03 37888 ----a-w- c:\windows\system32\drivers\ESD7SK.sys
2011-04-12 04:48:17 0 d-----w- C:\HEL81stuff
2011-04-11 06:41:21 552 ----a-w- c:\windows\system32\d3d8caps.dat
2011-04-11 06:29:34 0 d-----w- C:\autoruns
2011-04-10 08:46:35 206 ----a-w- c:\windows\system32\dfefdddff9_g.dll
2011-04-10 08:46:34 206 ----a-w- c:\windows\system32\efedeec_g.ocx
2011-04-10 08:38:36 0 d-----w- c:\program files\RegSupreme
2011-04-10 07:51:48 0 d-----w- c:\windows\LogFiles
2011-04-09 21:51:48 0 d-----w- c:\windows\tmp
2011-03-23 10:48:10 0 d-----w- c:\program files\OpenLibraries
2011-03-23 09:18:55 165376 ----a-w- c:\windows\system32\unrar.dll
2011-03-23 09:18:54 38 ----a-w- c:\windows\avisplitter.ini
2011-03-23 09:18:53 232448 ----a-w- c:\windows\system32\mp3fhg.acm
2011-03-23 09:18:52 810496 ----a-w- c:\windows\system32\xvidcore.dll
2011-03-23 09:18:52 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-03-23 09:18:52 590 ----a-w- c:\windows\system32\ff_vfw.dll.manifest
2011-03-23 09:18:52 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2011-03-23 09:18:52 183808 ----a-w- c:\windows\system32\xvidvfw.dll
2011-03-23 09:18:52 151552 ----a-w- c:\windows\system32\ac3acm.acm

==================== Find3M ====================

2011-04-09 21:47:08 65536 ----a-w- c:\windows\DUMP34a7.tmp

============= FINISH: 19:59:17.17 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Ried

Ried

  • Malware Response Team
  • 1,009 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:33 PM

Posted 16 April 2011 - 11:26 AM

Since we are working on this same machine here, this thread shall be closed.

Microsoft MVP - Consumer Security 2010, 2011, 2012

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users