Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suddenly Sluggish - Malware Removal Assistance Please (and thanks)


  • This topic is locked This topic is locked
27 replies to this topic

#1 brigg

brigg

  • Members
  • 457 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:34 PM

Posted 28 December 2014 - 01:19 AM

HI - My system is running very slow. There's a delay in typing in these words. It's too slow to page down on ebay for me to use it. Video is too chappy to understnd what they're saying. I notice that is' running at around 100% CPU usage a lot of times. Right now, with three windows of Chrome open, and Avast, and two notepad files, it's very choppy, and when I flipped over to Task Manager, it show s it as averaging around 80% CPU usage. Now I see that it jumps up higher when I type and drops down whn I stop.

 

I just went through a couple of weeks of malware removal, and everything worked great for a week or so. During that week there were a couple times i forgot to activate Avast real time protection. 

 

I've run Malware Bytesm multiple times in the last week - I don't think it's ever found anything. I've run Super ant-spyware multiple times, and it usually finds a lot of adware, and once in a while something else, although I don't remember the specifics. 

I've started through the Slow Computer sticky post, and through #6 of the Preparation Guide, and updated my old Malware

thread here. There are some process logs there I took whe the system was running at 100%
 

Yesterday I deleted 7gb of files, did the disk cleanup and defrag. 

 

I have a Dell D620 XP (32bit).

 

I'm pasting the DDS.txt here, and attaching the attach.txt and DDS.txt  files .

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 11.25.2
Run by Dell User at 23:51:56 on 2014-12-27
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1014.227 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_25\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\lastpass_1808285345\LPToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_25\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\lastpass_1808285345\LPToolbar.dll
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: LastPass - c:\documents and settings\dell user\local settings\application data\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - c:\documents and settings\dell user\local settings\application data\lastpass\context.html?cmd=fillforms
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\lastpass_1808285345\LPToolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{0EA3C25E-1F27-46DE-91A0-E5CD10F6215F} : DHCPNameServer = 64.81.159.2 216.231.41.2 192.168.0.1
TCP: Interfaces\{B2C54B86-E7F5-4633-8838-FF91A7F02F4C} : DHCPNameServer = 208.67.222.222 208.67.222.220 192.168.0.1
TCP: Interfaces\{DED3AD90-33AD-450E-A14E-352B2C6D6480} : DHCPNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\39.0.2171.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-11-12 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-11-12 206248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2013-1-31 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2013-1-31 423784]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2012-7-11 142648]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-11-12 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-11-12 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-1-31 50344]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2013-4-22 822504]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2009-12-2 587944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2009-12-2 213288]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-12-2 23208]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2009-12-2 19112]
.
=============== Created Last 30 ================
.
2014-12-23 05:31:52 -------- d-----w- c:\program files\MozBackup
2014-12-22 21:07:46 -------- d-----w- c:\program files\Speccy
2014-12-17 06:03:01 0 ----a-w- c:\windows\system32\sho4DA.tmp
2014-12-14 06:45:24 0 ----a-w- c:\windows\system32\sho1CB.tmp
2014-12-12 18:35:06 1324 ----a-w- c:\documents and settings\dell user\local settings\application data\d3d9caps.tmp
2014-12-08 02:28:34 -------- d-----w- c:\documents and settings\dell user\local settings\application data\Secunia PSI
2014-12-04 18:11:18 -------- d-----w- c:\program files\Secunia
2014-12-04 17:28:10 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2014-12-04 17:28:10 782240 ----a-w- c:\windows\system32\deployJava1.dll
2014-12-04 05:39:42 -------- d-----w- c:\documents and settings\all users\application data\Oracle
2014-12-03 03:28:49 -------- d-----w- c:\windows\ERUNT
2014-12-03 00:37:18 -------- d-----w- c:\documents and settings\all users\application data\Sophos
2014-12-03 00:37:01 73728 ----a-r- c:\documents and settings\dell user\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-12-03 00:37:01 73728 ----a-r- c:\documents and settings\dell user\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-12-03 00:37:01 73728 ----a-r- c:\documents and settings\dell user\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe
2014-12-03 00:35:54 -------- d-----w- c:\program files\Sophos
2014-12-02 18:16:31 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)
.
==================== Find3M  ====================
.
2014-12-26 17:01:22 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-26 16:48:21 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-26 16:48:21 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-24 03:56:15 2480312 ----a-w- c:\program files\procexp.exe
2014-12-04 05:40:57 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-12-04 05:40:40 146432 ----a-w- c:\windows\system32\javacpl.cpl
2014-12-01 21:22:37 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-21 12:14:14 54360 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 12:14:06 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-18 20:56:48 1202848 ----a-w- c:\windows\system32\FM20.DLL
2014-11-12 21:17:36 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-12 21:17:35 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-11-12 21:17:35 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-12 21:17:35 43152 ----a-w- c:\windows\avastSS.scr
2014-11-12 21:17:35 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-04-10 19:38:12 11184128 ----a-w- c:\program files\common files\lpuninstall.exe
2014-04-10 19:33:57 11184128 ----a-w- c:\program files\lastpass.exe
2013-05-27 19:44:15 6433055 -c--a-w- c:\program files\WinMerge-2.14.0-Setup.exe
2013-04-03 05:40:50 632832 ----a-w- c:\program files\Snipping Tool-COBRA.msi
2011-11-12 20:30:49 4529299 -c--a-w- c:\program files\FileZilla_3.5.2_win32-setup.exe
2008-06-08 20:15:26 2284108 -c--a-w- c:\program files\office.reg
.
============= FINISH: 23:58:30.42 ===============
 

 

Attached Files


Kansas City Mo area - Central time zone 

Dell D620 Laptop    -   Operating System:  Windows XP Professional 32-bit SP3     -     CPU:  Intel Core Duo T2300E @ 1.66GHz 51 °C     -  Yonah 65nm Technology

RAM:  1.00GB Dual-Channel DDR2 @ 267MHz (4-4-4-12)    -     Motherboard:  Dell Inc. 53 °C     -     Graphics:  Plug and Play Monitor (1280x720@60Hz)
Storage:  74GB SAMSUNG HM080HI (SATA) 36 °C     -     Optical Drives:  TSSTcorp CDRW/DVD TSL462C     -     Audio:  SigmaTel High Definition Audio CODEC
PAE Enabled - Installation Date: 3/20/2009     -     Plug and Play Monitor (1280x720@60Hz)     -     Intel Mobile Intel 945GM Express Chipset Family (Dell)
 

BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 PM

Posted 02 January 2015 - 01:20 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/561220 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 brigg

brigg
  • Topic Starter

  • Members
  • 457 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:34 PM

Posted 02 January 2015 - 12:28 PM

  • Description: xp, dell laptop d620 - my computer stopped working and posted here. I was working with Broni - in the middle of that, I replaced the power supply and the main problem resolved. Broni helped me clear up a bunch of issues, and it worked well for a bout a week, then it became super slow. Like, one internet window open and no other programs and the CPU usage would be at 100%. Watching a video on YouTube or NetFlix became impossible - it was loading forever, and when it played it was so choppy I couldn't understand it. A few days ago I stopped enabling live protection from Avast, and about half the time the system works well enough for me to watch a video. Half the time not. 
  • new DDS log is paste below. I no longer see options to attach anything.
  • I do not have the original Windows CD/DVD available. 
  • Thanks!

------------------------------------------------------------------------------------------------------------------------------------------------------------

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 11.25.2
Run by Dell User at 11:16:21 on 2015-01-02
#Option MBR scan  is disabled.
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1014.314 [GMT -6:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_25\bin\ssv.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\lastpass_1808285345\LPToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_25\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\lastpass_1808285345\LPToolbar.dll
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: LastPass - c:\documents and settings\dell user\local settings\application data\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - c:\documents and settings\dell user\local settings\application data\lastpass\context.html?cmd=fillforms
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\lastpass_1808285345\LPToolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{0EA3C25E-1F27-46DE-91A0-E5CD10F6215F} : DHCPNameServer = 64.81.159.2 216.231.41.2 192.168.0.1
TCP: Interfaces\{B2C54B86-E7F5-4633-8838-FF91A7F02F4C} : DHCPNameServer = 208.67.222.222 208.67.222.220 192.168.0.1
TCP: Interfaces\{DED3AD90-33AD-450E-A14E-352B2C6D6480} : DHCPNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\39.0.2171.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2012-7-11 142648]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2013-4-22 822504]
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2011-5-6 1085440]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2013-6-26 523944]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2009-12-2 587944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2009-12-2 213288]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-12-2 23208]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2009-12-2 19112]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2013-6-26 207528]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2014-4-3 315008]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2014-12-23 05:31:52 -------- d-----w- c:\program files\MozBackup
2014-12-22 21:07:46 -------- d-----w- c:\program files\Speccy
2014-12-17 06:03:01 0 ----a-w- c:\windows\system32\sho4DA.tmp
2014-12-14 06:45:24 0 ----a-w- c:\windows\system32\sho1CB.tmp
2014-12-12 18:35:06 1324 ----a-w- c:\documents and settings\dell user\local settings\application data\d3d9caps.tmp
2014-12-08 02:28:34 -------- d-----w- c:\documents and settings\dell user\local settings\application data\Secunia PSI
2014-12-04 18:11:18 -------- d-----w- c:\program files\Secunia
2014-12-04 17:28:10 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2014-12-04 17:28:10 782240 ----a-w- c:\windows\system32\deployJava1.dll
2014-12-04 05:39:42 -------- d-----w- c:\documents and settings\all users\application data\Oracle
.
==================== Find3M  ====================
.
2015-01-02 14:40:27 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-26 16:48:21 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-26 16:48:21 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-24 03:56:15 2480312 ----a-w- c:\program files\procexp.exe
2014-12-04 05:40:57 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-12-04 05:40:40 146432 ----a-w- c:\windows\system32\javacpl.cpl
2014-11-21 12:14:14 54360 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 12:14:06 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-18 20:56:48 1202848 ----a-w- c:\windows\system32\FM20.DLL
2014-04-10 19:38:12 11184128 ----a-w- c:\program files\common files\lpuninstall.exe
2014-04-10 19:33:57 11184128 ----a-w- c:\program files\lastpass.exe
2013-05-27 19:44:15 6433055 -c--a-w- c:\program files\WinMerge-2.14.0-Setup.exe
2013-04-03 05:40:50 632832 ----a-w- c:\program files\Snipping Tool-COBRA.msi
2011-11-12 20:30:49 4529299 -c--a-w- c:\program files\FileZilla_3.5.2_win32-setup.exe
2008-06-08 20:15:26 2284108 -c--a-w- c:\program files\office.reg
.
============= FINISH: 11:17:45.89 ===============

Kansas City Mo area - Central time zone 

Dell D620 Laptop    -   Operating System:  Windows XP Professional 32-bit SP3     -     CPU:  Intel Core Duo T2300E @ 1.66GHz 51 °C     -  Yonah 65nm Technology

RAM:  1.00GB Dual-Channel DDR2 @ 267MHz (4-4-4-12)    -     Motherboard:  Dell Inc. 53 °C     -     Graphics:  Plug and Play Monitor (1280x720@60Hz)
Storage:  74GB SAMSUNG HM080HI (SATA) 36 °C     -     Optical Drives:  TSSTcorp CDRW/DVD TSL462C     -     Audio:  SigmaTel High Definition Audio CODEC
PAE Enabled - Installation Date: 3/20/2009     -     Plug and Play Monitor (1280x720@60Hz)     -     Intel Mobile Intel 945GM Express Chipset Family (Dell)
 

#4 polskamachina

polskamachina

  • Malware Study Hall Senior
  • 3,835 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 PM

Posted 03 January 2015 - 12:05 PM

Hi brigg :)

 

My name is polskamachina and I will be assisting you with your malware problems. Please give me some time to review your situation and I will get back to you with further instructions.

 

polskamachina


Member of the Bleeping Computer A.I.I. early response team!

#5 brigg

brigg
  • Topic Starter

  • Members
  • 457 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:34 PM

Posted 05 January 2015 - 12:57 PM

Okay, thanks for looking it over. 

You may be able to see that I am running without any protection so that I can use the computer. It is essentially unusable with Avast running these days. The last four days or so I can get a video to start but the video and sound don't play together and everything is stop then go then stop then go. It's not possible to understand a single sentence. 


Kansas City Mo area - Central time zone 

Dell D620 Laptop    -   Operating System:  Windows XP Professional 32-bit SP3     -     CPU:  Intel Core Duo T2300E @ 1.66GHz 51 °C     -  Yonah 65nm Technology

RAM:  1.00GB Dual-Channel DDR2 @ 267MHz (4-4-4-12)    -     Motherboard:  Dell Inc. 53 °C     -     Graphics:  Plug and Play Monitor (1280x720@60Hz)
Storage:  74GB SAMSUNG HM080HI (SATA) 36 °C     -     Optical Drives:  TSSTcorp CDRW/DVD TSL462C     -     Audio:  SigmaTel High Definition Audio CODEC
PAE Enabled - Installation Date: 3/20/2009     -     Plug and Play Monitor (1280x720@60Hz)     -     Intel Mobile Intel 945GM Express Chipset Family (Dell)
 

#6 polskamachina

polskamachina

  • Malware Study Hall Senior
  • 3,835 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 PM

Posted 05 January 2015 - 01:34 PM

Hi brigg :)

 

Thank you for the update. Every piece of information helps.

 

polskamachina


Member of the Bleeping Computer A.I.I. early response team!

#7 polskamachina

polskamachina

  • Malware Study Hall Senior
  • 3,835 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 PM

Posted 06 January 2015 - 12:29 PM

Hi brigg :)
 
I see some services in your log, such as cryptsvc, were not configured to their default settings. Do you recall changing any of these settings manually?
 
Next I'd like you to uninstall SuperAntiSpyware. It's very resource consuming and not very effective.

We need to remove a program using "Add/Remove Programs"

Click "Start" on the taskbar and then click on the "Control Panel" icon.
Please double-click the "Add or Remove Programs" icon.
A list of programs installed will be "populated" (this may take a bit of time).
If it exists, uninstall the following by clicking on the below entry and selecting "Remove":

SuperAntiSpyware

Additional instructions can be found here if needed.

 

Let me know if you have any questions.

polskamachina


Member of the Bleeping Computer A.I.I. early response team!

#8 brigg

brigg
  • Topic Starter

  • Members
  • 457 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:34 PM

Posted 06 January 2015 - 12:44 PM

Hi there - 

1) did a bunch of stuff (with Bleepingcomputer) a couple of years ago. Every day, when I boot up, I come to the screen that allows me to uncheck "load start up items" then I click Apply, then Okay, then the boot up continues. About half the time I get a Microsoft Error Report and I choose to do not send.  

 

2) Done. Super Anti-Spyware is uninstalled. 

 

3) the computer this am is running good- I'v been on it for 45 min and it is continually below 20% CPU usage. Last night when I was using it it was running around 100% for about the last couple of hours I was on it. 

 

Thanks!!


Kansas City Mo area - Central time zone 

Dell D620 Laptop    -   Operating System:  Windows XP Professional 32-bit SP3     -     CPU:  Intel Core Duo T2300E @ 1.66GHz 51 °C     -  Yonah 65nm Technology

RAM:  1.00GB Dual-Channel DDR2 @ 267MHz (4-4-4-12)    -     Motherboard:  Dell Inc. 53 °C     -     Graphics:  Plug and Play Monitor (1280x720@60Hz)
Storage:  74GB SAMSUNG HM080HI (SATA) 36 °C     -     Optical Drives:  TSSTcorp CDRW/DVD TSL462C     -     Audio:  SigmaTel High Definition Audio CODEC
PAE Enabled - Installation Date: 3/20/2009     -     Plug and Play Monitor (1280x720@60Hz)     -     Intel Mobile Intel 945GM Express Chipset Family (Dell)
 

#9 polskamachina

polskamachina

  • Malware Study Hall Senior
  • 3,835 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 PM

Posted 07 January 2015 - 11:23 AM

Hi brigg :)
 
The way I understand your situation is that after you uninstalled SuperAntiSpyware, there was a marked performance increase. Then in the evening, it was running around 100%. Do you mean the CPU usage was at maximum and then your computer slowed down again. Is that correct? Also, does the bootup screen you describe make any reference to the program, msconfig?
 
Next, I'd like to get a general assessment of how your hardware is doing. I noticed that you have Speccy installed on your machine so perhaps this is not new to you but let's run it again. It would be most effective to run Speccy when your computer has slowed down (and hopefully still operational) so that we can diagnose the problem.
 

How To Publish a Snapshot using Speccy


Guide Overview

The purpose of this guide is to teach you how to post your computer's specifications to the forum with minimal effort on your part. This is often helpful when troubleshooting problems, and the person helping you needs to see the details of your computer's hardware.

Tools Needed

  • Speccy - First, you will need a program called Speccy. From Piriform's website: "Speccy is an advanced system information tool for your PC." This is a very useful utility that every PC user should have in their arsenal.

Instructions (if you already have a shortcut to Speccy in your program menu or desktop, you can skip the download step.)

  • Go to Piriform's website, and click the big download.png button.

    Next, click Download from Piriform (the FileHippo link requires an extra click). Or if you want to use a portable version of Speccy (which doesn't require installation), click the builds page link and download the portable version.

    You will now be asked where you want to save the file. The best place to put it is the Desktop, as it will be easy to find later.
  • After the file finishes downloading, you are ready to run Speccy. If you downloaded the installer, simply double-click on it and follow the prompts until installation is complete. If you downloaded the portable version, you will need to unzip it before use. Right-click the ZIP file and click Extract all. Click Next. Open up the extracted folder and double-click on Speccy.
  • Once inside Speccy, it will look similar to this (with your computer's specifications, of course):
    JmYsp.png

    Now, in the menu bar at the top left, click File > Publish Snapshot

    You will see the following prompt:
    publish.png

    Click Yes > then Copy to Clipboard

    copydi.png

    Now, once you are back in the forum topic you are posting in, click the replyji.png button. Right-click in the empty space of the Reply box and click Paste. Then, click Add Reply below the Reply box.

Finally, let's check your CPU usage.
 
Next, press and hold the ctrl and shift keys while you tap the Escape key. In other words, you will need to momentarily press all three keys at once. Then, the task manager will appear. Click on the second tab, Processes, if it isn't already shown. Next, click on the column header for CPU two times. The column will now be sorted by process with the highest CPU users at the top of the list. Take note of any process that is using more just a few percentage points. In a healthy computer, the System Idle process should be using over 95% of the CPU resources. If you see other processes using more than just a couple of percentage points, write them down and please copy and paste them in your next reply to me.
 
Let me know if you have any questions and how your system is performing.
 
polskamachina


Member of the Bleeping Computer A.I.I. early response team!

#10 brigg

brigg
  • Topic Starter

  • Members
  • 457 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:34 PM

Posted 08 January 2015 - 12:50 PM

Hi  

Let me clarify your first question. 

The night before I uninstalled SuperAntiSpyware my system seemed to have, for no reason, started to perform better. 

That said, since that time, including uninstalled SAS, my system has been performing pretty good, - without avy active virus protection. 

This morning watching a video was a bit choppy but still understandable. 

 

I rebooted to see the start up screens - it's the System Configuation Utility . Does not make any mention of the msconfig. 

 

Today my system is intermitently running up as high as 100%, as it was yesterday. I "saved" a bunch of snapshots in Speccy when it was high, 

but it wont let me attach. I will paste the most recent one below. Oh, now I see I should have chosen Publish. I did another one. Let's see if this helps. 

 

Note - when my system became unusable a month and a half ago (see my posts on theis forum) I randomly found an extra power supply and when I started using it, the majority of my problems were solved. I do get hardware errors sometimes now that must be related to the powersupply. Sometimes on start up it says the system doesn't recognize the power supply. Sometimes I am now getting "new hardware found" 

 

-------------------

 

http://speccy.piriform.com/results/Z1cCKVmQI5FmQz8aFBFhA73

 

---------------------------

 

Re CPU usage - I am generally  running with Task Manager so I can keep my eye on it. ebooted recently, it's only at 

usually the browswer(s), whichever one I use, takes up the most space. AND it grows through out the day. Since I rebooted

recently - it's only at 111,492. There are two other occurences of Chrome, both in the second and third postions (I have a total of 

two chrome windows open). They are using 90,040K and 59,212K. After that is svchost.exe. at 32,308K Then Explorer.exe at 27,572k.

System Idle is at the bottom of the list when sorting by Mem Use, high to low.

 

Thanks! 


Kansas City Mo area - Central time zone 

Dell D620 Laptop    -   Operating System:  Windows XP Professional 32-bit SP3     -     CPU:  Intel Core Duo T2300E @ 1.66GHz 51 °C     -  Yonah 65nm Technology

RAM:  1.00GB Dual-Channel DDR2 @ 267MHz (4-4-4-12)    -     Motherboard:  Dell Inc. 53 °C     -     Graphics:  Plug and Play Monitor (1280x720@60Hz)
Storage:  74GB SAMSUNG HM080HI (SATA) 36 °C     -     Optical Drives:  TSSTcorp CDRW/DVD TSL462C     -     Audio:  SigmaTel High Definition Audio CODEC
PAE Enabled - Installation Date: 3/20/2009     -     Plug and Play Monitor (1280x720@60Hz)     -     Intel Mobile Intel 945GM Express Chipset Family (Dell)
 

#11 brigg

brigg
  • Topic Starter

  • Members
  • 457 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:34 PM

Posted 08 January 2015 - 11:02 PM

Hi  just thought I'd listen to a little music tonight..instead, it's taken me 15 minutes to post something here!!!!.So sloooowww.   CPU is back at 100%, with minor dips. 

http://speccy.piriform.com/results/dLnzayBREKRdguXhzFSJSy7

 

I've been listening to a choppy music clip for for around 18 min. and it's about 10 min. into it. 


Kansas City Mo area - Central time zone 

Dell D620 Laptop    -   Operating System:  Windows XP Professional 32-bit SP3     -     CPU:  Intel Core Duo T2300E @ 1.66GHz 51 °C     -  Yonah 65nm Technology

RAM:  1.00GB Dual-Channel DDR2 @ 267MHz (4-4-4-12)    -     Motherboard:  Dell Inc. 53 °C     -     Graphics:  Plug and Play Monitor (1280x720@60Hz)
Storage:  74GB SAMSUNG HM080HI (SATA) 36 °C     -     Optical Drives:  TSSTcorp CDRW/DVD TSL462C     -     Audio:  SigmaTel High Definition Audio CODEC
PAE Enabled - Installation Date: 3/20/2009     -     Plug and Play Monitor (1280x720@60Hz)     -     Intel Mobile Intel 945GM Express Chipset Family (Dell)
 

#12 brigg

brigg
  • Topic Starter

  • Members
  • 457 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:34 PM

Posted 09 January 2015 - 12:12 AM

About 15 minutes after posting the above, my browser crashed. I reopened, closed Youtube.com, and cpu levels returned to midrange.

 

When I opened BC just now, the useage spiked way up, and is quite up and down, now, it gets low when I stop typing and goes back up when I type. 


Kansas City Mo area - Central time zone 

Dell D620 Laptop    -   Operating System:  Windows XP Professional 32-bit SP3     -     CPU:  Intel Core Duo T2300E @ 1.66GHz 51 °C     -  Yonah 65nm Technology

RAM:  1.00GB Dual-Channel DDR2 @ 267MHz (4-4-4-12)    -     Motherboard:  Dell Inc. 53 °C     -     Graphics:  Plug and Play Monitor (1280x720@60Hz)
Storage:  74GB SAMSUNG HM080HI (SATA) 36 °C     -     Optical Drives:  TSSTcorp CDRW/DVD TSL462C     -     Audio:  SigmaTel High Definition Audio CODEC
PAE Enabled - Installation Date: 3/20/2009     -     Plug and Play Monitor (1280x720@60Hz)     -     Intel Mobile Intel 945GM Express Chipset Family (Dell)
 

#13 polskamachina

polskamachina

  • Malware Study Hall Senior
  • 3,835 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 PM

Posted 09 January 2015 - 02:39 AM

Hi brigg :)

 

I am presently working on a series of steps that will hopefully get you computer back to normal soon.

 

Thank you for your patience.

 

polskamachina


Member of the Bleeping Computer A.I.I. early response team!

#14 polskamachina

polskamachina

  • Malware Study Hall Senior
  • 3,835 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 PM

Posted 09 January 2015 - 11:53 AM

Hi brigg :)

 

I would like you to try deleting the browser cache in Chrome to see if there is any improvement in performance. Instructions are here.

 

Now, while you have your task manager window open, can you please:

  • Look at the listing under the Processes tab.
  • Scroll to the right so the column that says CPU becomes visible.
  • Click on the column header, CPU twice. That will sort the processes from highest to lowest. That way you can tell me which Processes are using the most amount of CPU power and what their corresponding usage percentage is. This number is far more helpful than the numbers in the Mem Usage column.

 
Let me know if you have any questions.
 
polskamachina


Member of the Bleeping Computer A.I.I. early response team!

#15 brigg

brigg
  • Topic Starter

  • Members
  • 457 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:34 PM

Posted 09 January 2015 - 01:06 PM

HI - I deleted the cache...didn't notice any improvement right away, but now about 20 min. later, there seems to be a very small improvement...system is running more like 80% - 100% vs. 100% most of the time. 

 

Re the CPU tab and sorting by the highest....

it keeps changing, so here's what's popping up at the top and the numbe associated with CPU

System Idle Process... (most often in the top position)  60, 70 , 81, around tehre

chrome  18, 06, 24, 09 10 ....

sometimes there are two chrome processes in the top three positions

sometimes wmiprvse.exe   09, 03, 05  04   05  

 

I think that addresses what you intended but please let me know if there's anything else that would help. . 


Kansas City Mo area - Central time zone 

Dell D620 Laptop    -   Operating System:  Windows XP Professional 32-bit SP3     -     CPU:  Intel Core Duo T2300E @ 1.66GHz 51 °C     -  Yonah 65nm Technology

RAM:  1.00GB Dual-Channel DDR2 @ 267MHz (4-4-4-12)    -     Motherboard:  Dell Inc. 53 °C     -     Graphics:  Plug and Play Monitor (1280x720@60Hz)
Storage:  74GB SAMSUNG HM080HI (SATA) 36 °C     -     Optical Drives:  TSSTcorp CDRW/DVD TSL462C     -     Audio:  SigmaTel High Definition Audio CODEC
PAE Enabled - Installation Date: 3/20/2009     -     Plug and Play Monitor (1280x720@60Hz)     -     Intel Mobile Intel 945GM Express Chipset Family (Dell)
 




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users