Johhny I appreciate the advice but that's my last resort. As anyone has ever done this it is time consuming. I have a ton of software and files and that will take me days.
I would rather use "johnb35" advice and try to fix the problem 1st.
My laptop running XP SP3 is super slow.
- Thread starter skos
- Start date
Johhny I appreciate the advice but that's my last resort. As anyone has ever done this it is time consuming. I have a ton of software and files and that will take me days.
I would rather use "johnb35" advice and try to fix the problem 1st.
johnb35,
thanks for all your help. so far so good. Here is the log
ComboFix 12-08-17.03 - SJK05CC 08/18/2012 8:03.7.1 - x86
Running from: c:\documents and settings\sjk05cc\My Documents\Koscielak\Computer\ComboFix\ComboFix.exe
Command switches used :: c:\documents and settings\sjk05cc\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_!SASCORE
-------\Legacy_SASKUTIL
-------\Service_!SASCORE
-------\Service_SABKUTIL
-------\Service_SASKUTIL
.
.
((((((((((((((((((((((((( Files Created from 2012-07-18 to 2012-08-18 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 18:46 . 2010-07-17 14:01 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-23 02:02 . 2011-04-21 15:26 529562 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-06-04 22:35 . 2007-07-31 00:18 222448 ----a-w- c:\windows\system32\muweb.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-07-25_02.57.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-05 19:32 . 2012-08-17 01:17 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-02-05 14:41 . 2012-08-17 01:17 65536 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-02-05 14:41 . 2012-07-22 20:54 65536 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-09-02 02:44 . 2012-08-15 00:43 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2011-09-02 02:44 . 2012-07-25 00:44 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2012-06-24 13:13 . 2012-07-22 20:54 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-08-05 19:32 . 2012-08-17 01:17 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-08-05 03:23 . 2012-07-06 03:06 772544 c:\windows\system32\npDeployJava1.dll
+ 2012-08-05 03:23 . 2012-07-06 03:06 227760 c:\windows\system32\javaws.exe
+ 2012-08-05 03:23 . 2012-08-05 03:22 174064 c:\windows\system32\javaw.exe
+ 2012-08-05 03:23 . 2012-08-05 03:22 174064 c:\windows\system32\java.exe
+ 2012-08-05 03:25 . 2012-08-05 03:25 176128 c:\windows\Installer\24d4c40.msi
+ 2012-08-05 03:24 . 2012-08-05 03:25 457216 c:\windows\Installer\24d4c3b.msi
+ 2012-08-05 03:22 . 2012-08-05 03:22 863744 c:\windows\Installer\24d4c37.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-02-23 16:23 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-30 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-02-23 4031368]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
2004-04-01 22:48 24668 ---ha-w- c:\windows\system32\ckpNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1123561945-1715567821-839522115-2218\Scripts\Logon\0\0]
"Script"=\\northamerica.gbcglobal.local\SysVol\northamerica.gbcglobal.local\scripts\SMSINST.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1123561945-1715567821-839522115-2218\Scripts\Logon\1\0]
"Script"=\\northamerica.gbcglobal.local\SysVol\northamerica.gbcglobal.local\scripts\DST_Patch.bat
.
[HKLM\~\startupfolder\C:^Documents and Settings^sjk05cc^Start Menu^Programs^Startup^eFax 4.4.lnk]
path=c:\documents and settings\sjk05cc\Start Menu\Programs\Startup\eFax 4.4.lnk
backup=c:\windows\pss\eFax 4.4.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 07:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 02:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2010-07-29 07:47 95576 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2011-03-15 02:09 2565520 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2011-03-28 17:40 1611160 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.4]
2010-07-02 18:24 95744 ----a-w- c:\program files\eFax Messenger 4.4\J2GDllCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScannerSelectorEX]
2011-01-15 22:48 452016 ----a-w- c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 10:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 16:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-10-30 13:47 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-03-09 12:30 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SR_WatchDog"=2 (0x2)
"SR_Service"=2 (0x2)
"Bonjour Service"=2 (0x2)
"YahooAUService"=2 (0x2)
"idsvc"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"TomTomHOMEService"=2 (0x2)
"ServiceLayer"=3 (0x3)
"SeaPort"=2 (0x2)
"S24EventMonitor"=2 (0x2)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"MatSvc"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"FsUsbExService"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"WudfSvc"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"UPS"=3 (0x3)
"TrkWks"=2 (0x2)
"Fax"=2 (0x2)
"avast! Antivirus"=2 (0x2)
"IMFservice"=2 (0x2)
"helpsvc"=2 (0x2)
"!SASCORE"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*
isabledxpsp2res.dll,-22009
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/3/2012 9:33 AM 610648]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/3/2012 9:33 AM 337112]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/3/2012 9:33 AM 20696]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/26/2012 10:59 AM 655944]
R2 Scap;SecureClient Application Policy Module;c:\windows\system32\drivers\scap.sys [5/30/2008 6:03 PM 17424]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [5/30/2008 6:03 PM 670128]
R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [5/30/2008 6:03 PM 2041744]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/17/2010 9:01 AM 22344]
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [4/21/2005 10:58 PM 92550]
R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [7/11/2010 4:06 PM 49208]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2/27/2012 9:07 PM 253600]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [9/6/2011 4:34 PM 36608]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12/27/2010 11:50 PM 30969208]
S3 OMVA;VPN-1 SecureClient Adapter;c:\windows\system32\drivers\OMVA.sys [5/30/2008 6:03 PM 14924]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [9/6/2011 4:34 PM 238952]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/30/2010 8:47 AM 135664]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/30/2010 8:47 AM 135664]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [3/9/2011 7:30 AM 92592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = https://mail.google.com/mail/?shva=1#inbox
uInternet Connection Wizard,ShellNext = hxxp://myacco/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: adobe.com
Trusted Zone: computerforum.com
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\v4.update
Trusted Zone: microsoft.com\www
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-18 08:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\avast! sandbox
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(596)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1848)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\crypserv.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
c:\windows\system32\CCM\CcmExec.exe
.
**************************************************************************
.
Completion time: 2012-08-18 08:40:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-18 13:40
ComboFix2.txt 2012-08-13 02:13
ComboFix3.txt 2012-08-04 16:33
ComboFix4.txt 2012-07-25 03:01
ComboFix5.txt 2012-08-18 12:59
.
Pre-Run: 1,797,857,280 bytes free
Post-Run: 1,989,730,304 bytes free
.
- - End Of File - - A636902512392C77A9E1711A1BDA5EBC
thanks for all your help. so far so good. Here is the log
ComboFix 12-08-17.03 - SJK05CC 08/18/2012 8:03.7.1 - x86
Running from: c:\documents and settings\sjk05cc\My Documents\Koscielak\Computer\ComboFix\ComboFix.exe
Command switches used :: c:\documents and settings\sjk05cc\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_!SASCORE
-------\Legacy_SASKUTIL
-------\Service_!SASCORE
-------\Service_SABKUTIL
-------\Service_SASKUTIL
.
.
((((((((((((((((((((((((( Files Created from 2012-07-18 to 2012-08-18 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 18:46 . 2010-07-17 14:01 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-23 02:02 . 2011-04-21 15:26 529562 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-06-04 22:35 . 2007-07-31 00:18 222448 ----a-w- c:\windows\system32\muweb.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-07-25_02.57.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-05 19:32 . 2012-08-17 01:17 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-02-05 14:41 . 2012-08-17 01:17 65536 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-02-05 14:41 . 2012-07-22 20:54 65536 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-09-02 02:44 . 2012-08-15 00:43 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2011-09-02 02:44 . 2012-07-25 00:44 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2012-06-24 13:13 . 2012-07-22 20:54 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-08-05 19:32 . 2012-08-17 01:17 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-08-05 03:23 . 2012-07-06 03:06 772544 c:\windows\system32\npDeployJava1.dll
+ 2012-08-05 03:23 . 2012-07-06 03:06 227760 c:\windows\system32\javaws.exe
+ 2012-08-05 03:23 . 2012-08-05 03:22 174064 c:\windows\system32\javaw.exe
+ 2012-08-05 03:23 . 2012-08-05 03:22 174064 c:\windows\system32\java.exe
+ 2012-08-05 03:25 . 2012-08-05 03:25 176128 c:\windows\Installer\24d4c40.msi
+ 2012-08-05 03:24 . 2012-08-05 03:25 457216 c:\windows\Installer\24d4c3b.msi
+ 2012-08-05 03:22 . 2012-08-05 03:22 863744 c:\windows\Installer\24d4c37.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-02-23 16:23 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-30 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-02-23 4031368]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
2004-04-01 22:48 24668 ---ha-w- c:\windows\system32\ckpNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1123561945-1715567821-839522115-2218\Scripts\Logon\0\0]
"Script"=\\northamerica.gbcglobal.local\SysVol\northamerica.gbcglobal.local\scripts\SMSINST.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1123561945-1715567821-839522115-2218\Scripts\Logon\1\0]
"Script"=\\northamerica.gbcglobal.local\SysVol\northamerica.gbcglobal.local\scripts\DST_Patch.bat
.
[HKLM\~\startupfolder\C:^Documents and Settings^sjk05cc^Start Menu^Programs^Startup^eFax 4.4.lnk]
path=c:\documents and settings\sjk05cc\Start Menu\Programs\Startup\eFax 4.4.lnk
backup=c:\windows\pss\eFax 4.4.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 07:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 02:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2010-07-29 07:47 95576 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2011-03-15 02:09 2565520 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2011-03-28 17:40 1611160 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.4]
2010-07-02 18:24 95744 ----a-w- c:\program files\eFax Messenger 4.4\J2GDllCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScannerSelectorEX]
2011-01-15 22:48 452016 ----a-w- c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 10:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 16:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-10-30 13:47 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-03-09 12:30 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SR_WatchDog"=2 (0x2)
"SR_Service"=2 (0x2)
"Bonjour Service"=2 (0x2)
"YahooAUService"=2 (0x2)
"idsvc"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"TomTomHOMEService"=2 (0x2)
"ServiceLayer"=3 (0x3)
"SeaPort"=2 (0x2)
"S24EventMonitor"=2 (0x2)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"MatSvc"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"FsUsbExService"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"WudfSvc"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"UPS"=3 (0x3)
"TrkWks"=2 (0x2)
"Fax"=2 (0x2)
"avast! Antivirus"=2 (0x2)
"IMFservice"=2 (0x2)
"helpsvc"=2 (0x2)
"!SASCORE"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*
isabledxpsp2res.dll,-22009.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/3/2012 9:33 AM 610648]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/3/2012 9:33 AM 337112]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/3/2012 9:33 AM 20696]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/26/2012 10:59 AM 655944]
R2 Scap;SecureClient Application Policy Module;c:\windows\system32\drivers\scap.sys [5/30/2008 6:03 PM 17424]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [5/30/2008 6:03 PM 670128]
R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [5/30/2008 6:03 PM 2041744]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/17/2010 9:01 AM 22344]
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [4/21/2005 10:58 PM 92550]
R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [7/11/2010 4:06 PM 49208]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2/27/2012 9:07 PM 253600]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [9/6/2011 4:34 PM 36608]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12/27/2010 11:50 PM 30969208]
S3 OMVA;VPN-1 SecureClient Adapter;c:\windows\system32\drivers\OMVA.sys [5/30/2008 6:03 PM 14924]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [9/6/2011 4:34 PM 238952]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/30/2010 8:47 AM 135664]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/30/2010 8:47 AM 135664]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [3/9/2011 7:30 AM 92592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = https://mail.google.com/mail/?shva=1#inbox
uInternet Connection Wizard,ShellNext = hxxp://myacco/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: adobe.com
Trusted Zone: computerforum.com
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\v4.update
Trusted Zone: microsoft.com\www
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-18 08:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\avast! sandbox
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(596)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1848)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\crypserv.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
c:\windows\system32\CCM\CcmExec.exe
.
**************************************************************************
.
Completion time: 2012-08-18 08:40:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-18 13:40
ComboFix2.txt 2012-08-13 02:13
ComboFix3.txt 2012-08-04 16:33
ComboFix4.txt 2012-07-25 03:01
ComboFix5.txt 2012-08-18 12:59
.
Pre-Run: 1,797,857,280 bytes free
Post-Run: 1,989,730,304 bytes free
.
- - End Of File - - A636902512392C77A9E1711A1BDA5EBC
AntimatterAsh
banned
Sometimes it is just easier to format. If it has not been done for a while lol.
S.T.A.R.S.
banned
Please answer these questions:
When your computer runs slow while you are doing something,is HDD led lighting all the time even though it's not supposed to light (read/write operations) so much for a small task that you are trying to perform such as loading a single WEB page?
How big is your PF usage while your computer runs slow?
Do you hear any loud / strange noises from your computer (reffering to the hard disk drive hardware) while your computer runs slow?
When your computer runs slow while you are doing something,is HDD led lighting all the time even though it's not supposed to light (read/write operations) so much for a small task that you are trying to perform such as loading a single WEB page?
How big is your PF usage while your computer runs slow?
Do you hear any loud / strange noises from your computer (reffering to the hard disk drive hardware) while your computer runs slow?
it is running much faster, thanks. However I don't feel I am back to 100%. Anything MS Office 2010 takes forever to open and do.
Ok, the HDD led is NOT on all the time.
My Page File is 736MB when just Outlook and 1 session & 5 tabs are open in IE8
No strange noises of any kind.
claptonman
New Member
What is your CPU's temperature? Coretemp is a good program to see this.
Test your HDD and RAM?
Test your HDD and RAM?
Last edited:
S.T.A.R.S.
banned
Please check the SYSTEM temperature,CPU temperature,graphic card temperature and HDD temperature and report them back here.
I just reinstalled office
S.T.A.R.S.
banned
Your PF usage is WAAAAY high.Please go to the PROCESSES tab and look under MEM USAGE which process is using so much RAM memory and give us the name of the process.
By the way try closing all background (if any) and all foreground programs.Because some of them might be using your RAM memory a LOT and that causes PF to go hugh and high PF causes the system to work like crap lol.
By the way some programs (which we all call viruses mostly lol) are hidden and use RAM memory a LOT on purpose for no reason and that causes high PF so be sure to go to the PROCESSES tab and look under MEM USAGE which process is using so much RAM memory and give us the name of the process like I already said above.
And like I said in my previous port,give us the temperatures.