Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer is running slow, Help analyzing HIJ this log


  • This topic is locked This topic is locked
10 replies to this topic

#1 afk001

afk001

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 27 March 2013 - 03:10 PM

Hello, 

 

I am running windows xp service pack 3, 

Intel Celeron® D CPU 3.46GHz

1.75GB RAM 

 

Recently, my computer has been running alot slower

especially upon start up. I ran a HIJ this log to see if it has any

malwalre. Any help on analyzing this log would be really appreciated

 

Thank you, 

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:09:04 PM, on 3/27/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\OWNER\Desktop\Hijackthis\HijackThis.exe
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kaspersky Security Scan Service (KSS) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
 
--
End of file - 5554 bytes
 


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:00 AM

Posted 27 March 2013 - 05:10 PM

Good evening. :)

As HijackThis has not been seriously updated by Trend Micro in some time, it is now no longer considered to be an effective tool for malware removal. You will need to go here, follow step 6 and post the DDS.txt log and attach the Attach.txt log into your next reply to this thread.


So long, and thanks for all the fish.

 

 


#3 afk001

afk001
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 28 March 2013 - 10:48 AM

Thank you, here is the requested info,  I could not find a way to "attach" the Attach.txt file onto this forum 

 

DDS 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702
Run by OWNER at 8:31:13 on 2013-03-28
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1791.1136 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: AVG Firewall *Disabled* 
.
============== Running Processes ================
.
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{C8D1C53E-E83D-4A3D-A01B-A58B4DD764CA} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{CF8EC0CB-F67C-438C-8885-DF571D5483BD} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{EA246C16-BE9C-4150-B4B6-C0706B802B5F} : DHCPNameServer = 209.18.47.61 209.18.47.62
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.172\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\l6sf9uy6.default\
FF - prefs.js: browser.search.selectedEngine - blekko
FF - prefs.js: browser.startup.homepage - hxxp://blekko.com/ws/?source=3971d482&tbp=homepage&u=c4c70833000000000000001921ab5bed
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - ExtSQL: !HIDDEN! 2012-01-29 19:57; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.spamfreesearch.autoRvrt - false
FF - user.js: extensions.spamfreesearch_i.hmpg - true
FF - user.js: extensions.spamfreesearch.hmpgUrl - hxxp://blekko.com/ws/?source=3971d482&tbp=homepage&u=c4c70833000000000000001921ab5bed
FF - user.js: extensions.spamfreesearch.dfltSrch - true
FF - user.js: extensions.spamfreesearch.srchPrvdr - blekko
FF - user.js: extensions.spamfreesearch.keyWordUrl - hxxp://blekko.com/ws/?source=3971d482&tbp=rbox&u=c4c70833000000000000001921ab5bed&q=
FF - user.js: extensions.spamfreesearch_i.dnsErr - true
FF - user.js: extensions.spamfreesearch_i.newTab - true
FF - user.js: extensions.spamfreesearch.newTabUrl - chrome://spamfreesearch/content/new browser tab.html?source=3971d482&tbp=tab&u=c4c70833000000000000001921ab5bed
FF - user.js: extensions.spamfreesearch.tlbrSrchUrl - hxxp://blekko.com/ws/?source=3971d482&tbp=main&u=c4c70833000000000000001921ab5bed&q=
FF - user.js: extensions.spamfreesearch.id - c4c70833000000000000001921ab5bed
FF - user.js: extensions.spamfreesearch.appId - {1005247F-A178-490A-8DC3-6BAF09EA427B}
FF - user.js: extensions.spamfreesearch.instlDay - 15730
FF - user.js: extensions.spamfreesearch.vrsn - 1.8.3.9
FF - user.js: extensions.spamfreesearch.vrsni - 1.8.3.9
FF - user.js: extensions.spamfreesearch_i.vrsnTs - 1.8.3.921:04:39
FF - user.js: extensions.spamfreesearch.prtnrId - blekko
FF - user.js: extensions.spamfreesearch.prdct - spamfreesearch
FF - user.js: extensions.spamfreesearch.aflt - orgnl
FF - user.js: extensions.spamfreesearch_i.smplGrp - none
FF - user.js: extensions.spamfreesearch.tlbrId - base
FF - user.js: extensions.spamfreesearch.instlRef - 3971d482
FF - user.js: extensions.spamfreesearch.dfltLng - 
FF - user.js: extensions.spamfreesearch.excTlbr - false
FF - user.js: extensions.spamfreesearch.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-9 49248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-3-28 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-3-28 368176]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-3-28 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-9 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-3-28 45248]
R2 KSS;Kaspersky Security Scan Service;c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe [2012-4-25 202296]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2013-1-14 769920]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500xp.sys [2013-3-9 1034240]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-9 164736]
S3 CrucialSMBusScan;CrucialSMBusScan;\??\c:\docume~1\admini~1\locals~1\temp\crucialsmbusscan_xp32.sys --> c:\docume~1\admini~1\locals~1\temp\CrucialSMBusScan_XP32.sys [?]
S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [2012-6-22 19984]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-3-10 30616]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
.
=============== Created Last 30 ================
.
2013-03-24 05:40:45 -------- d-----w- c:\documents and settings\owner\application data\uTorrent
2013-03-13 20:51:50 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-03-13 20:51:49 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-13 02:41:25 16486616 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-03-12 00:07:13 -------- d-----w- c:\windows\system32\appmgmt
2013-03-11 06:06:39 -------- d-----w- c:\program files\Kaspersky Lab
2013-03-11 06:06:39 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab
2013-03-11 05:19:29 30616 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2013-03-11 04:42:35 -------- d-----w- c:\program files\HitmanPro
2013-03-11 04:41:33 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2013-03-10 23:32:20 110080 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{0ac0f1b2-61c7-4b6e-acef-58fcc0b94835}\IconD7F16134.exe
2013-03-10 23:32:20 110080 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{0ac0f1b2-61c7-4b6e-acef-58fcc0b94835}\IconCF33A0CE.exe
2013-03-10 23:32:19 110080 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{0ac0f1b2-61c7-4b6e-acef-58fcc0b94835}\IconF7A21AF7.exe
2013-03-10 23:32:06 -------- d-----w- C:\sh4ldr
2013-03-10 23:32:06 -------- d-----w- c:\program files\Enigma Software Group
2013-03-10 23:31:45 -------- d-----w- c:\windows\0AC0F1B261C74B6EACEF58FCC0B94835.TMP
2013-03-10 23:31:39 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2013-03-10 23:10:12 -------- d-sha-r- C:\cmdcons
2013-03-10 19:24:31 -------- d-----w- c:\program files\ESET
2013-03-10 06:07:13 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2013-03-10 06:07:13 605968 ----a-w- c:\windows\system32\ztv7z.dll
2013-03-10 06:07:13 185616 ----a-w- c:\windows\system32\ztvunrar39.dll
2013-03-10 06:07:13 169744 ----a-w- c:\windows\system32\ztvunrar36.dll
2013-03-10 06:07:12 77072 ----a-w- c:\windows\system32\ztvcabinet.dll
2013-03-10 06:07:12 75264 ----a-w- c:\windows\system32\unacev2.dll
2013-03-10 06:07:12 153088 ----a-w- c:\windows\system32\unrar3.dll
2013-03-10 06:07:06 -------- d-----w- c:\documents and settings\owner\application data\Simply Super Software
2013-03-10 06:07:06 -------- d-----w- c:\documents and settings\all users\application data\Simply Super Software
2013-03-10 06:06:13 -------- d-----w- C:\AI_RecycleBin
2013-03-10 04:52:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-03-10 03:29:41 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-10 03:29:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-09 21:28:13 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-09 21:28:12 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-09 21:28:12 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-09 21:07:42 1034240 ----a-w- c:\windows\system32\drivers\AE2500xp.sys
.
==================== Find3M  ====================
.
2013-03-13 02:42:27 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 02:42:25 73432 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-06 23:33:24 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:32:51 41664 ----a-w- c:\windows\avastSS.scr
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05:46 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53:57 385024 ----a-w- c:\windows\system32\html.iec
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:16:02 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36:58 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
.
============= FINISH:  8:32:01.15 ===============

Edited by afk001, 28 March 2013 - 10:50 AM.


#4 afk001

afk001
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 28 March 2013 - 10:52 AM

I could not figure out how to attach this file onto this forum. My apologies
 
Attach.txt
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/10/2011 1:03:53 PM
System Uptime: 3/27/2013 2:18:53 PM (18 hours ago)
.
Motherboard: ECS                                                              |  | Alhena5   
Processor:               Intel® Celeron® D CPU 3.46GHz | CPU 1 | 3458/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 83.193 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_1002&DEV_4385&SUBSYS_2A4F103C&REV_13\3&267A616A&0&A0
Manufacturer: 
Name: SM Bus Controller
PNP Device ID: PCI\VEN_1002&DEV_4385&SUBSYS_2A4F103C&REV_13\3&267A616A&0&A0
Service: 
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200C14F1&REV_00\4&2966AB86&0&10A4
Manufacturer: 
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200C14F1&REV_00\4&2966AB86&0&10A4
Service: 
.
==== System Restore Points ===================
.
RP419: 1/4/2013 3:00:14 AM - Software Distribution Service 3.0
RP420: 1/5/2013 6:29:03 AM - System Checkpoint
RP421: 1/6/2013 7:07:20 AM - System Checkpoint
RP422: 1/15/2013 1:07:44 AM - System Checkpoint
RP423: 1/17/2013 8:04:42 AM - Software Distribution Service 3.0
RP424: 1/21/2013 12:55:01 PM - System Checkpoint
RP425: 1/22/2013 10:08:21 PM - System Checkpoint
RP426: 1/27/2013 4:03:19 PM - System Checkpoint
RP427: 1/29/2013 5:51:36 PM - System Checkpoint
RP428: 2/6/2013 8:59:40 PM - System Checkpoint
RP429: 2/9/2013 12:18:05 PM - System Checkpoint
RP430: 2/10/2013 12:38:27 PM - System Checkpoint
RP431: 2/11/2013 9:16:18 PM - System Checkpoint
RP432: 2/13/2013 8:31:59 PM - System Checkpoint
RP433: 2/14/2013 4:31:51 PM - Software Distribution Service 3.0
RP434: 2/15/2013 5:30:44 PM - System Checkpoint
RP435: 2/16/2013 6:30:44 PM - System Checkpoint
RP436: 2/17/2013 6:47:22 PM - System Checkpoint
RP437: 2/18/2013 7:00:43 PM - System Checkpoint
RP438: 2/20/2013 7:20:16 PM - System Checkpoint
RP439: 2/23/2013 7:10:31 PM - System Checkpoint
RP440: 2/24/2013 7:41:34 PM - System Checkpoint
RP441: 3/2/2013 11:13:16 AM - System Checkpoint
RP442: 3/9/2013 1:46:51 PM - System Checkpoint
RP443: 3/10/2013 4:32:05 PM - Installed SpyHunter
RP444: 3/10/2013 11:06:38 PM - Installed Kaspersky Security Scan.
RP445: 3/11/2013 5:06:40 PM - Removed Java™ 6 Update 22
RP446: 3/12/2013 8:08:31 PM - System Checkpoint
RP447: 3/13/2013 1:26:30 PM - Software Distribution Service 3.0
RP448: 3/13/2013 11:35:40 PM - Software Distribution Service 3.0
RP449: 3/15/2013 11:58:03 AM - System Checkpoint
RP450: 3/16/2013 12:27:48 PM - System Checkpoint
RP451: 3/17/2013 2:47:54 PM - System Checkpoint
RP452: 3/18/2013 4:46:51 PM - System Checkpoint
RP453: 3/19/2013 5:04:12 PM - System Checkpoint
RP454: 3/21/2013 4:01:27 PM - System Checkpoint
RP455: 3/22/2013 7:56:07 PM - System Checkpoint
RP456: 3/23/2013 8:36:10 PM - System Checkpoint
RP457: 3/25/2013 7:51:11 AM - System Checkpoint
RP458: 3/27/2013 3:38:37 PM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
4500_G510af_Help
4500G510af
4500G510af_Software_Min
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 7.0
AIO_Scan
ArcSoft PhotoImpression
ATI Display Driver
avast! Free Antivirus
BufferChm
C4200
c4200_Help
CCleaner
Copy
CustomerResearchQFolder
Destinations
DeviceDiscovery
DeviceManagementQFolder
DocMgr
DocProc
DocProcQFolder
ESET Online Scanner v3
eSupportQFolder
Fax
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
High Definition Audio Driver Package - KB888111
HiJackThis
HitmanPro 3.7
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 13.0
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP Officejet 4500 G510a-f
HP Photosmart All-In-One Software 8.0
HP Photosmart Essential
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPProductAssistant
HPSSupply
Kaspersky Security Scan
Malwarebytes Anti-Malware version 1.70.0.1100
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 11.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 6
OCR Software by I.R.I.S. 13.0
PowerDVD
PS_AIO_ProductContext
PS_AIO_Software
PS_AIO_Software_min
Realtek High Definition Audio Driver
Scan
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
SpyHunter
Status
SUPERAntiSpyware
TeamViewer 7
Toolbox
TrayApp
UnloadSupport
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows XP Service Pack 3
.
==== End Of File ===========================


#5 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:00 AM

Posted 28 March 2013 - 04:45 PM

Good evening. :)

Both your AV and firewall show as Disabled - have you done this?


So long, and thanks for all the fish.

 

 


#6 afk001

afk001
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 28 March 2013 - 11:10 PM

I did disable my antivirus "AVAST"( for only an 1hr) as far as firewall, that I did not. 

 

Thank you



#7 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:00 AM

Posted 29 March 2013 - 02:41 PM

Good evening. :)

Pay a visit to the ESET Online Scanner.

  • Click the ESET Online Scanner button and a new window will open - you may need to maximise it.
  • Click the Run ESET Online Scanner button in the new window.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:

    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.


So long, and thanks for all the fish.

 

 


#8 afk001

afk001
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 29 March 2013 - 09:04 PM

Hello, Nothing was found after running the eset online scanner..



#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:00 AM

Posted 30 March 2013 - 05:17 PM

Good evening. :)

 

While the ESET scan came back clean there is no guarantee that you haven't picked up something that it hasn't been able to recognise, so I can't say for sure that it isn't malware contributing to your systems slowdown, particularly as you have a few out-of-date programs that are known to have security issues.  Adobe Reader 7.0 is seriously old as it is now Adobe Reader XI, Windows Internet Explorer 8 is now up to Version 10, and I see you have recently uninstalled Java™ 6 Update 22 which is now up to Version 7 Update 17.

I suspect that the main issue here is the age of your Windows installation. According to the log it is just over eighteen months old and that is quite old for an OS. Normal usage, program installations and uninstallations and Windows Updates all contribute to system slowdown and the only real cure is to back-up any important data and reformat and reinstall, i'm afraid, and if this was my machine that is what I would do.


So long, and thanks for all the fish.

 

 


#10 afk001

afk001
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 30 March 2013 - 07:16 PM

Ok I understand, I will reformat and reinstall. Thank you for all your help



#11 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:00 AM

Posted 31 March 2013 - 01:36 PM

Good evening. :)

Sorry I wasn't more help. As this issue appears to have been resolved, this thread is now closed.
 


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users