Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Don't know why my new computer is so SLOW!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Don't know why my new computer is so SLOW!

Unread postby susanfloro » November 16th, 2009, 10:57 pm

Hi there! My computer is new. It has 2Gig of RAM and Intel Core 2 Quad CPU @2.33 GHz and 1.99 GHz. I have cable high speed internet connection. Yet... my computer is running really SLOW. I've done all that was suggested in the section called "What to do if your Computer's running slowly." above. My hyjackthis.txt is pasted below. Thanks for your time!
----------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:41:45 AM, on 11/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

--
End of file - 6295 bytes
susanfloro
Regular Member
 
Posts: 25
Joined: December 19th, 2007, 11:50 am
Advertisement
Register to Remove

Re: Don't know why my new computer is so SLOW!

Unread postby Dakeyras » November 20th, 2009, 11:58 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.
Hi susanfloro. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!.
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Scan with Rooter:

Please download Rooter to your desktop.

  • Double click on Rooter.exe to start the application.
  • Now click on the Scan button.
  • When the scan is completed a text file called Rooter.txt will appear on your desktop, post the contents in your next reply.
  • Now click on Close button to exit Rooter.

Note: The logfile can also be located within this folder Rooter$ at the root of your installed Hard-Drive. EG: C:\Rooter$

Scan with RSIT:

  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
Make sure that RSIT.exe is on the your Desktop before running the application!
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.

Note: Both logs can also be located within this folder rsit at the root of your installed Hard-Drive. EG: C:\rsit

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • Rooter Log.
  • Both RSIT logs. <-- Post them individually please, IE: one Log per post/reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Don't know why my new computer is so SLOW!

Unread postby susanfloro » November 21st, 2009, 2:51 pm

My computer is still running slow. Here is the rooter text:
----------------
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 3
[32_bits] - x86 Family 6 Model 23 Stepping 10, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 8.0.6001.18702
Mozilla Firefox 3.5.5 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:465 Go - Free:429 Go )
D:\ [CD_Rom]
E:\ [Removable]
.
Scan : 10:48.22
Path : C:\Documents and Settings\User\Desktop\Rooter.exe
User : User ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (636)
______ \??\C:\WINDOWS\system32\csrss.exe (700)
______ \??\C:\WINDOWS\system32\winlogon.exe (724)
______ C:\WINDOWS\system32\services.exe (768)
______ C:\WINDOWS\system32\lsass.exe (780)
______ C:\WINDOWS\system32\svchost.exe (944)
______ C:\WINDOWS\system32\svchost.exe (1012)
______ C:\WINDOWS\System32\svchost.exe (1052)
______ C:\WINDOWS\system32\svchost.exe (1244)
______ C:\WINDOWS\system32\svchost.exe (1272)
______ C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (1284)
______ C:\Program Files\AVG\AVG9\avgchsvx.exe (1316)
______ C:\Program Files\AVG\AVG9\avgrsx.exe (1324)
______ C:\Program Files\AVG\AVG9\avgcsrvx.exe (1412)
______ C:\WINDOWS\system32\spoolsv.exe (1840)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (1948)
______ C:\Program Files\AVG\AVG9\avgwdsvc.exe (1960)
______ C:\Program Files\Bonjour\mDNSResponder.exe (1980)
______ C:\Program Files\Java\jre6\bin\jqs.exe (2016)
______ C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe (172)
______ C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (216)
______ C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (236)
______ C:\Program Files\AVG\AVG9\avgnsx.exe (388)
______ C:\WINDOWS\system32\java.exe (536)
______ C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (608)
______ C:\WINDOWS\System32\alg.exe (2500)
______ C:\WINDOWS\system32\wuauclt.exe (3648)
______ C:\WINDOWS\Explorer.EXE (492)
______ C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (1744)
______ C:\PROGRA~1\AVG\AVG9\avgtray.exe (2088)
______ C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (2188)
______ C:\Program Files\iTunes\iTunesHelper.exe (2268)
______ C:\WINDOWS\system32\ctfmon.exe (2284)
______ C:\Program Files\iPod\bin\iPodService.exe (3268)
______ C:\Program Files\Mozilla Firefox\firefox.exe (1400)
______ C:\Documents and Settings\User\Desktop\Rooter.exe (428)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:500105217024)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 10:48.30
.
C:\Rooter$\Rooter_1.txt - (21/11/2009 | 10:48.30)
susanfloro
Regular Member
 
Posts: 25
Joined: December 19th, 2007, 11:50 am

Re: Don't know why my new computer is so SLOW!

Unread postby susanfloro » November 21st, 2009, 2:52 pm

And here is the RSIT - Info text:

info.txt logfile of random's system information tool 1.06 2009-11-20 19:48:09

======Uninstall list======

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee for Pentax 2.0-->MsiExec.exe /I{D8320DD6-FE47-41DE-B116-4158B7AE3F37}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Apple Application Support-->MsiExec.exe /I{B607C354-CD79-4D22-86D1-92DC94153F42}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Cisco AnyConnect VPN Client-->MsiExec.exe /X{2A6355EB-273D-4368-9DB6-FB99EBA9FABD}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Deskjet 3900 series-->C:\Program Files\HP\Digital Imaging\{3819891A-030B-4a4e-98ED-B28A649E48AB}\setup\hpzscr01.exe -datfile hpfscr05.dat
HP Extended Capabilities 5.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone Express-->MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Imaging Device Functions 5.0-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Linksys EasyLink Advisor-->"C:\Documents and Settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865}\setup.exe" REMOVE=TRUE MODIFY=FALSE
Linksys EasyLink Advisor-->C:\Documents and Settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865}\setup.exe
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Nero 8 Essentials-->MsiExec.exe /X{2CC667CD-2234-4774-A536-2757606A1033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Simply Accounting v9.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63784A8D-A20D-11D5-8073-00B0D0627A8E}\setup.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
WebEx Support Manager for Internet Explorer-->MsiExec.exe /I{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinPatrol 2009-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: USER-A4C0CBAB9D
Event Code: 54
Message:
Record Number: 1164
Source Name: AvgTdiX
Time Written: 20091112215246.000000-480
Event Type: warning
User:

Computer Name: USER-A4C0CBAB9D
Event Code: 54
Message:
Record Number: 1163
Source Name: AvgTdiX
Time Written: 20091112215246.000000-480
Event Type: warning
User:

Computer Name: USER-A4C0CBAB9D
Event Code: 54
Message:
Record Number: 1162
Source Name: AvgTdiX
Time Written: 20091112215246.000000-480
Event Type: warning
User:

Computer Name: USER-A4C0CBAB9D
Event Code: 54
Message:
Record Number: 1161
Source Name: AvgTdiX
Time Written: 20091112215246.000000-480
Event Type: warning
User:

Computer Name: USER-A4C0CBAB9D
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 1159
Source Name: Tcpip
Time Written: 20091112214558.000000-480
Event Type: warning
User:

=====Application event log=====

Computer Name: USER-A4C0CBAB9D
Event Code: 1015
Message: Failed to connect to server. Error: 0x800401F0

Record Number: 87
Source Name: MsiInstaller
Time Written: 20091111141926.000000-480
Event Type: warning
User: USER-A4C0CBAB9D\User

Computer Name: USER-A4C0CBAB9D
Event Code: 1015
Message: Failed to connect to server. Error: 0x800401F0

Record Number: 85
Source Name: MsiInstaller
Time Written: 20091111141924.000000-480
Event Type: warning
User: USER-A4C0CBAB9D\User

Computer Name: USER-A4C0CBAB9D
Event Code: 1015
Message: Failed to connect to server. Error: 0x800401F0

Record Number: 83
Source Name: MsiInstaller
Time Written: 20091111141923.000000-480
Event Type: warning
User: USER-A4C0CBAB9D\User

Computer Name: USER-A4C0CBAB9D
Event Code: 1015
Message: Failed to connect to server. Error: 0x800401F0

Record Number: 81
Source Name: MsiInstaller
Time Written: 20091111141911.000000-480
Event Type: warning
User: USER-A4C0CBAB9D\User

Computer Name: USER-A4C0CBAB9D
Event Code: 1015
Message: Failed to connect to server. Error: 0x800401F0

Record Number: 79
Source Name: MsiInstaller
Time Written: 20091111141906.000000-480
Event Type: warning
User: USER-A4C0CBAB9D\User

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=4
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
susanfloro
Regular Member
 
Posts: 25
Joined: December 19th, 2007, 11:50 am

Re: Don't know why my new computer is so SLOW!

Unread postby susanfloro » November 21st, 2009, 2:53 pm

And hers is the RSIT Log text. Thank you for helping me!

Logfile of random's system information tool 1.06 (written by random/random)
Run by User at 2009-11-21 10:49:28
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 439 GB (92%) free of 477 GB
Total RAM: 2038 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:33 AM, on 11/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\User.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

--
End of file - 6424 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2009-11-11 1475864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-11-09 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-09 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-13 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2008-04-13 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-13 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-13 455168]
"nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-12-12 642856]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2009-11-12 2020120]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2009-10-10 320832]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
[]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-11-11 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2009-01-21 205824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-07 133632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskmgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"\\Srv-slaco\Shared\DVD\Ahead Nero\Nero 8\Nero 8 Essentials for OEMs\Installation\Setupx.exe"="\\Srv-slaco\Shared\DVD\Ahead Nero\Nero 8\Nero 8 Essentials for OEMs\Installation\Setupx.exe:*:Enabled:Nero ControlCenter"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1cbe1bf3-d010-11de-97f4-00261874c3d1}]
shell\AutoRun\command - F:\DTVP_Launcher.exe


======List of files/folders created in the last 1 months======

2009-11-21 10:48:30 ----D---- C:\Rooter$
2009-11-20 19:48:00 ----D---- C:\rsit
2009-11-20 06:51:42 ----D---- C:\Program Files\Cisco
2009-11-16 07:54:47 ----D---- C:\Program Files\Trend Micro
2009-11-14 12:46:41 ----D---- C:\WINDOWS\system32\LogFiles
2009-11-12 22:20:25 ----A---- C:\WINDOWS\system32\hpzll3xu.dll
2009-11-12 21:38:27 ----D---- C:\Documents and Settings\All Users\Application Data\Cisco
2009-11-12 21:07:23 ----D---- C:\WINDOWS\system32\PreInstall
2009-11-12 21:07:22 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-11-12 21:01:39 ----D---- C:\Documents and Settings\User\Application Data\WinPatrol
2009-11-12 21:01:33 ----D---- C:\Program Files\BillP Studios
2009-11-12 07:36:35 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-11-11 23:44:28 ----HD---- C:\$AVG
2009-11-11 23:44:19 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-11-11 23:43:59 ----D---- C:\Program Files\AVG
2009-11-11 23:43:58 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2009-11-11 21:02:39 ----D---- C:\Documents and Settings\User\Application Data\Apple Computer
2009-11-11 21:02:34 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-11-11 21:02:11 ----D---- C:\Program Files\iPod
2009-11-11 21:02:09 ----D---- C:\Program Files\iTunes
2009-11-11 21:02:09 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-11 21:01:56 ----D---- C:\Program Files\Bonjour
2009-11-11 21:01:35 ----D---- C:\Program Files\QuickTime
2009-11-11 21:01:34 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-11-11 21:01:25 ----D---- C:\Program Files\Apple Software Update
2009-11-11 21:00:43 ----D---- C:\Program Files\Common Files\Apple
2009-11-11 21:00:43 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-11-11 18:43:17 ----D---- C:\Documents and Settings\All Users\Application Data\Linksys
2009-11-11 18:14:28 ----HDC---- C:\Documents and Settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865}
2009-11-11 18:13:18 ----D---- C:\Program Files\WebEx
2009-11-11 18:12:55 ----D---- C:\Program Files\MSBuild
2009-11-11 18:10:58 ----D---- C:\WINDOWS\system32\XPSViewer
2009-11-11 18:10:39 ----D---- C:\Program Files\Reference Assemblies
2009-11-11 18:10:24 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-11-11 18:09:12 ----RSD---- C:\WINDOWS\assembly
2009-11-11 18:09:00 ----D---- C:\WINDOWS\Microsoft.NET
2009-11-11 18:08:17 ----D---- C:\Program Files\Common Files\Pure Networks Shared
2009-11-11 18:08:10 ----D---- C:\Documents and Settings\All Users\Application Data\Pure Networks
2009-11-11 18:08:05 ----A---- C:\WINDOWS\system32\javaws.exe
2009-11-11 18:08:05 ----A---- C:\WINDOWS\system32\javaw.exe
2009-11-11 18:08:05 ----A---- C:\WINDOWS\system32\java.exe
2009-11-11 18:07:49 ----D---- C:\Program Files\Common Files\Java
2009-11-11 17:47:31 ----D---- C:\Program Files\Linksys
2009-11-11 17:39:37 ----A---- C:\WINDOWS\system32\mdimon.dll
2009-11-11 17:39:07 ----D---- C:\Program Files\Common Files\L&H
2009-11-11 17:39:04 ----D---- C:\Program Files\Microsoft.NET
2009-11-11 17:39:00 ----D---- C:\Program Files\Microsoft ActiveSync
2009-11-11 17:38:47 ----D---- C:\Program Files\Common Files\DESIGNER
2009-11-11 17:38:45 ----D---- C:\Program Files\Microsoft Works
2009-11-11 17:38:40 ----D---- C:\Program Files\Microsoft Visual Studio
2009-11-11 17:38:32 ----D---- C:\WINDOWS\SHELLNEW
2009-11-11 17:38:28 ----D---- C:\Program Files\Microsoft Office
2009-11-11 17:36:00 ----RHD---- C:\MSOCache
2009-11-11 16:11:56 ----A---- C:\WINDOWS\ODBC.INI
2009-11-11 16:08:07 ----D---- C:\Documents and Settings\User\Application Data\Mozilla
2009-11-11 16:08:04 ----D---- C:\Program Files\Mozilla Firefox
2009-11-11 16:06:20 ----A---- C:\WINDOWS\NeroDigital.ini
2009-11-11 14:38:07 ----A---- C:\WINDOWS\simply90.ini
2009-11-11 14:37:38 ----A---- C:\WINDOWS\system32\VB5DB.DLL
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\VBAR332.DLL
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\odbctl32.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\msxbse35.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\mstext35.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\msrpfs35.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\msrepl35.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\msrd2x35.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\mspdox35.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\msltus35.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\msjter35.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\msjt4jlt.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\msjint35.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\msjet35.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\msexcl35.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\msexch35.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\JETCOMP.exe
2009-11-11 14:37:35 ----A---- C:\WINDOWS\system32\rdocurs.dll
2009-11-11 14:37:35 ----A---- C:\WINDOWS\system32\MSRDO20.DLL
2009-11-11 14:37:33 ----D---- C:\WINDOWS\Crystal
2009-11-11 14:37:32 ----A---- C:\WINDOWS\system32\LTFIL60N.DLL
2009-11-11 14:37:32 ----A---- C:\WINDOWS\system32\IMPLODE.DLL
2009-11-11 14:37:32 ----A---- C:\WINDOWS\system32\crwrap32.dll
2009-11-11 14:37:32 ----A---- C:\WINDOWS\system32\CRPAIG32.DLL
2009-11-11 14:37:31 ----A---- C:\WINDOWS\system32\LTKRN60N.DLL
2009-11-11 14:37:31 ----A---- C:\WINDOWS\system32\CRPE32.DLL
2009-11-11 14:37:27 ----A---- C:\WINDOWS\system32\dsofile.dll
2009-11-11 14:37:19 ----D---- C:\Program Files\Winsim
2009-11-11 14:26:58 ----D---- C:\Documents and Settings\User\Application Data\ACD Systems
2009-11-11 14:24:07 ----D---- C:\Documents and Settings\All Users\Application Data\ACD Systems
2009-11-11 14:24:04 ----D---- C:\Program Files\Common Files\ACD Systems
2009-11-11 14:24:04 ----D---- C:\Program Files\ACD Systems
2009-11-11 14:23:23 ----D---- C:\WINDOWS\Downloaded Installations
2009-11-11 14:20:04 ----D---- C:\Program Files\Common Files\HP
2009-11-11 14:19:29 ----D---- C:\Program Files\Hewlett-Packard
2009-11-11 14:19:13 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2009-11-11 14:18:01 ----D---- C:\Program Files\HP
2009-11-11 14:17:48 ----HD---- C:\Config.Msi
2009-11-11 14:17:33 ----D---- C:\Documents and Settings\User\Application Data\HP
2009-11-11 13:45:30 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-11-09 11:40:54 ----D---- C:\Program Files\Java
2009-11-07 17:48:09 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-11-07 17:42:49 ----A---- C:\WINDOWS\smscfg.ini

======List of files/folders modified in the last 1 months======

2009-11-21 10:48:40 ----D---- C:\WINDOWS\Prefetch
2009-11-21 10:48:34 ----D---- C:\WINDOWS\Temp
2009-11-21 04:04:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-21 01:52:12 ----SHD---- C:\WINDOWS\Installer
2009-11-21 00:39:34 ----SHD---- C:\RECYCLER
2009-11-20 06:57:47 ----D---- C:\WINDOWS\system32\drivers
2009-11-20 06:57:42 ----D---- C:\WINDOWS\system32
2009-11-20 06:51:43 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-11-20 06:51:42 ----RD---- C:\Program Files
2009-11-20 06:49:09 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-16 07:25:55 ----SD---- C:\Documents and Settings\User\Application Data\Microsoft
2009-11-15 23:39:06 ----SD---- C:\WINDOWS\Tasks
2009-11-15 12:49:31 ----D---- C:\Documents and Settings\User\Application Data\Adobe
2009-11-12 22:21:44 ----D---- C:\WINDOWS
2009-11-12 22:21:44 ----D---- C:\Documents and Settings
2009-11-12 22:20:21 ----HD---- C:\WINDOWS\inf
2009-11-12 22:20:04 ----D---- C:\WINDOWS\system32\config
2009-11-12 21:32:19 ----A---- C:\WINDOWS\OEWABLog.txt
2009-11-12 21:26:35 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-12 20:45:12 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-12 20:45:09 ----D---- C:\WINDOWS\SoftwareDistribution
2009-11-12 07:36:41 ----D---- C:\WINDOWS\Help
2009-11-11 23:43:47 ----D---- C:\WINDOWS\WinSxS
2009-11-11 23:43:47 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-11-11 21:02:34 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-11-11 21:01:51 ----D---- C:\Program Files\Internet Explorer
2009-11-11 21:00:43 ----D---- C:\Program Files\Common Files
2009-11-11 18:13:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-11 18:10:58 ----D---- C:\WINDOWS\system32\en-US
2009-11-11 18:10:56 ----RSD---- C:\WINDOWS\Fonts
2009-11-11 18:10:30 ----D---- C:\WINDOWS\system32\spool
2009-11-11 17:39:26 ----A---- C:\WINDOWS\win.ini
2009-11-11 17:38:34 ----D---- C:\Program Files\Common Files\System
2009-11-11 17:36:05 ----D---- C:\WINDOWS\system
2009-11-11 14:38:11 ----AC---- C:\WINDOWS\ODBCINST.INI
2009-11-11 14:37:25 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-09 13:19:46 ----A---- C:\WINDOWS\setuplog.txt
2009-11-09 11:42:53 ----A---- C:\WINDOWS\system32\wpa.bak
2009-11-09 11:40:56 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-11-07 18:02:06 ----D---- C:\WINDOWS\security
2009-11-07 17:48:09 ----D---- C:\WINDOWS\Registration
2009-11-07 17:47:59 ----SHD---- C:\System Volume Information
2009-11-07 17:47:59 ----D---- C:\WINDOWS\system32\Restore
2009-11-07 17:47:56 ----RASH---- C:\boot.ini
2009-11-07 17:46:12 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-07 17:43:51 ----D---- C:\WINDOWS\repair

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-11-11 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-11-11 28424]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-11-11 360584]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-12-12 23984]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-12-12 25264]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-01-21 6278560]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-03-30 5063168]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-14 5810]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2009-11-11 9856]
R3 RT61;Linksys Wireless-G PCI Adapter Driver(RT61); C:\WINDOWS\system32\DRIVERS\RT61.sys [2005-10-26 356096]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-09-25 115328]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 vpnva;Cisco AnyConnect VPN Virtual Miniport Adapter for Windows; C:\WINDOWS\system32\DRIVERS\vpnva.sys [2009-10-09 20152]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-05-07 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-07 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-11-11 285392]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-11-09 153376]
R2 LinksysUpdater;Linksys Updater; C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-12-12 642856]
R2 vpnagent;Cisco AnyConnect VPN Agent; C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-11-15 382248]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------
susanfloro
Regular Member
 
Posts: 25
Joined: December 19th, 2007, 11:50 am

Re: Don't know why my new computer is so SLOW!

Unread postby Dakeyras » November 21st, 2009, 3:48 pm

Hi. :)

  • Please download this tool from Microsoft.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in. Save this file and post it in your next reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Don't know why my new computer is so SLOW!

Unread postby susanfloro » November 21st, 2009, 9:44 pm

Here's the MGADiag results you asked for:

Diagnostic Report (1.9.0011.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0

Cached Validation Code: N/A
Windows Product Key: *****-*****-8YTG4-28R3B-MWW98
Windows Product Key Hash: TErwv80AUPPWCO6JTgXUX0o4zco=
Windows Product ID: 55277-OEM-2148922-78175
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {E1E3D2D7-1F57-4578-AAD4-7433600A6D56}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.9.9.1
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{E1E3D2D7-1F57-4578-AAD4-7433600A6D56}</UGUID><Version>1.9.0011.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-MWW98</PKey><PID>55277-OEM-2148922-78175</PID><PIDType>3</PIDType><SID>S-1-5-21-3019735678-385699809-1331543007</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0506 </Version><SMBIOSVersion major="2" minor="5"/><Date>20090527000000.000000+000</Date></BIOS><HWID>300B33F70184E078</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73931-640-0000106-57956</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 15560:ASUSTeK Computer Inc|16C65:GENUINE C&C INC|B257:HITACHI, Ltd|B257:HITACHI, Ltd|B257:HITACHI, Ltd
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A
susanfloro
Regular Member
 
Posts: 25
Joined: December 19th, 2007, 11:50 am

Re: Don't know why my new computer is so SLOW!

Unread postby Dakeyras » November 22nd, 2009, 9:11 am

Hi. :)

Your computer appears to be missing a fair amount of critical updates from Microsoft. Do not however attempt to update your machine until I give the all clear as this will actually hinder the malware removal process, thank you.

Have you recently updated to Internet Explorer v8 and or did the problems start to occur afterwards if so?

Reset Host File:

  • Open Notepad.
  • Copy and Paste everything from the Code Box below into Notepad: <-- Start >> Run... type in notepad and select OK
Code: Select all
@Echo off
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
del %0
  • Go to File >> Save As
  • Save File name as "Dakeyras.bat" <-- Make sure to include the quotes.
  • Change Save as Type to All Files and save the file to your Desktop.
  • It should look like this: Image

Now double click on the desktop Dakeyras.bat to run the batch file. It will self-delete when completed.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and select then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following:

  • How is you computer performing now? Any problems encountered and or any further symptoms?
  • Answer to my IE8 query.
  • Malwarebytes' Anti-Malware Log.
  • A new RSIT Log. <-- Only one log will be created this time.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Don't know why my new computer is so SLOW!

Unread postby susanfloro » November 22nd, 2009, 2:31 pm

My computer is running about the same as before... slow.
I don't remember updating Internet Explorer so I used its help to find out what version I have. It is Ver. 8.0.6001.18702.
The logs you requested are below. Thank you for your help.
-----------
Malwarebytes' Anti-Malware 1.41
Database version: 3213
Windows 5.1.2600 Service Pack 3

11/22/2009 10:14:05 AM
mbam-log-2009-11-22 (10-14-05).txt

Scan type: Quick Scan
Objects scanned: 114584
Time elapsed: 2 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
----------------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by User at 2009-11-22 10:26:16
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 439 GB (92%) free of 477 GB
Total RAM: 2038 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:20 AM, on 11/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\User.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

--
End of file - 6501 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2009-11-11 1475864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-11-09 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-09 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-13 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2008-04-13 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-13 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-13 455168]
"nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-12-12 642856]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2009-11-12 2020120]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2009-10-10 320832]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
[]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-11-11 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2009-01-21 205824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-07 133632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskmgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"\\Srv-slaco\Shared\DVD\Ahead Nero\Nero 8\Nero 8 Essentials for OEMs\Installation\Setupx.exe"="\\Srv-slaco\Shared\DVD\Ahead Nero\Nero 8\Nero 8 Essentials for OEMs\Installation\Setupx.exe:*:Enabled:Nero ControlCenter"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1cbe1bf3-d010-11de-97f4-00261874c3d1}]
shell\AutoRun\command - F:\DTVP_Launcher.exe


======List of files/folders created in the last 1 months======

2009-11-22 09:53:23 ----D---- C:\Documents and Settings\User\Application Data\Malwarebytes
2009-11-22 09:53:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-22 09:53:18 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-11-21 17:38:57 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2009-11-21 17:38:51 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-11-21 10:48:30 ----D---- C:\Rooter$
2009-11-20 19:48:00 ----D---- C:\rsit
2009-11-20 06:51:42 ----D---- C:\Program Files\Cisco
2009-11-16 07:54:47 ----D---- C:\Program Files\Trend Micro
2009-11-14 12:46:41 ----D---- C:\WINDOWS\system32\LogFiles
2009-11-12 22:20:25 ----A---- C:\WINDOWS\system32\hpzll3xu.dll
2009-11-12 21:38:27 ----D---- C:\Documents and Settings\All Users\Application Data\Cisco
2009-11-12 21:07:23 ----D---- C:\WINDOWS\system32\PreInstall
2009-11-12 21:07:22 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-11-12 21:01:39 ----D---- C:\Documents and Settings\User\Application Data\WinPatrol
2009-11-12 21:01:33 ----D---- C:\Program Files\BillP Studios
2009-11-12 07:36:35 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-11-11 23:44:28 ----HD---- C:\$AVG
2009-11-11 23:44:19 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-11-11 23:43:59 ----D---- C:\Program Files\AVG
2009-11-11 23:43:58 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2009-11-11 21:02:39 ----D---- C:\Documents and Settings\User\Application Data\Apple Computer
2009-11-11 21:02:34 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-11-11 21:02:11 ----D---- C:\Program Files\iPod
2009-11-11 21:02:09 ----D---- C:\Program Files\iTunes
2009-11-11 21:02:09 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-11 21:01:56 ----D---- C:\Program Files\Bonjour
2009-11-11 21:01:35 ----D---- C:\Program Files\QuickTime
2009-11-11 21:01:34 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-11-11 21:01:25 ----D---- C:\Program Files\Apple Software Update
2009-11-11 21:00:43 ----D---- C:\Program Files\Common Files\Apple
2009-11-11 21:00:43 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-11-11 18:43:17 ----D---- C:\Documents and Settings\All Users\Application Data\Linksys
2009-11-11 18:14:28 ----HDC---- C:\Documents and Settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865}
2009-11-11 18:13:18 ----D---- C:\Program Files\WebEx
2009-11-11 18:12:55 ----D---- C:\Program Files\MSBuild
2009-11-11 18:10:58 ----D---- C:\WINDOWS\system32\XPSViewer
2009-11-11 18:10:39 ----D---- C:\Program Files\Reference Assemblies
2009-11-11 18:10:24 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-11-11 18:09:12 ----RSD---- C:\WINDOWS\assembly
2009-11-11 18:09:00 ----D---- C:\WINDOWS\Microsoft.NET
2009-11-11 18:08:17 ----D---- C:\Program Files\Common Files\Pure Networks Shared
2009-11-11 18:08:10 ----D---- C:\Documents and Settings\All Users\Application Data\Pure Networks
2009-11-11 18:08:05 ----A---- C:\WINDOWS\system32\javaws.exe
2009-11-11 18:08:05 ----A---- C:\WINDOWS\system32\javaw.exe
2009-11-11 18:08:05 ----A---- C:\WINDOWS\system32\java.exe
2009-11-11 18:07:49 ----D---- C:\Program Files\Common Files\Java
2009-11-11 17:47:31 ----D---- C:\Program Files\Linksys
2009-11-11 17:39:37 ----A---- C:\WINDOWS\system32\mdimon.dll
2009-11-11 17:39:07 ----D---- C:\Program Files\Common Files\L&H
2009-11-11 17:39:04 ----D---- C:\Program Files\Microsoft.NET
2009-11-11 17:39:00 ----D---- C:\Program Files\Microsoft ActiveSync
2009-11-11 17:38:47 ----D---- C:\Program Files\Common Files\DESIGNER
2009-11-11 17:38:45 ----D---- C:\Program Files\Microsoft Works
2009-11-11 17:38:40 ----D---- C:\Program Files\Microsoft Visual Studio
2009-11-11 17:38:32 ----D---- C:\WINDOWS\SHELLNEW
2009-11-11 17:38:28 ----D---- C:\Program Files\Microsoft Office
2009-11-11 17:36:00 ----RHD---- C:\MSOCache
2009-11-11 16:11:56 ----A---- C:\WINDOWS\ODBC.INI
2009-11-11 16:08:07 ----D---- C:\Documents and Settings\User\Application Data\Mozilla
2009-11-11 16:08:04 ----D---- C:\Program Files\Mozilla Firefox
2009-11-11 16:06:20 ----A---- C:\WINDOWS\NeroDigital.ini
2009-11-11 14:38:07 ----A---- C:\WINDOWS\simply90.ini
2009-11-11 14:37:38 ----A---- C:\WINDOWS\system32\VB5DB.DLL
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\VBAR332.DLL
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\odbctl32.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\msxbse35.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\mstext35.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\msrpfs35.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\msrepl35.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\msrd2x35.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\mspdox35.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\msltus35.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\msjter35.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\msjt4jlt.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\msjint35.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\msjet35.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\msexcl35.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\msexch35.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\JETCOMP.exe
2009-11-11 14:37:35 ----A---- C:\WINDOWS\system32\rdocurs.dll
2009-11-11 14:37:35 ----A---- C:\WINDOWS\system32\MSRDO20.DLL
2009-11-11 14:37:33 ----D---- C:\WINDOWS\Crystal
2009-11-11 14:37:32 ----A---- C:\WINDOWS\system32\LTFIL60N.DLL
2009-11-11 14:37:32 ----A---- C:\WINDOWS\system32\IMPLODE.DLL
2009-11-11 14:37:32 ----A---- C:\WINDOWS\system32\crwrap32.dll
2009-11-11 14:37:32 ----A---- C:\WINDOWS\system32\CRPAIG32.DLL
2009-11-11 14:37:31 ----A---- C:\WINDOWS\system32\LTKRN60N.DLL
2009-11-11 14:37:31 ----A---- C:\WINDOWS\system32\CRPE32.DLL
2009-11-11 14:37:27 ----A---- C:\WINDOWS\system32\dsofile.dll
2009-11-11 14:37:19 ----D---- C:\Program Files\Winsim
2009-11-11 14:26:58 ----D---- C:\Documents and Settings\User\Application Data\ACD Systems
2009-11-11 14:24:07 ----D---- C:\Documents and Settings\All Users\Application Data\ACD Systems
2009-11-11 14:24:04 ----D---- C:\Program Files\Common Files\ACD Systems
2009-11-11 14:24:04 ----D---- C:\Program Files\ACD Systems
2009-11-11 14:23:23 ----D---- C:\WINDOWS\Downloaded Installations
2009-11-11 14:20:04 ----D---- C:\Program Files\Common Files\HP
2009-11-11 14:19:29 ----D---- C:\Program Files\Hewlett-Packard
2009-11-11 14:19:13 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2009-11-11 14:18:01 ----D---- C:\Program Files\HP
2009-11-11 14:17:48 ----HD---- C:\Config.Msi
2009-11-11 14:17:33 ----D---- C:\Documents and Settings\User\Application Data\HP
2009-11-11 13:45:30 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-11-09 11:40:54 ----D---- C:\Program Files\Java
2009-11-07 17:48:09 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-11-07 17:42:49 ----A---- C:\WINDOWS\smscfg.ini

======List of files/folders modified in the last 1 months======

2009-11-22 10:25:41 ----D---- C:\WINDOWS\Temp
2009-11-22 10:24:26 ----D---- C:\WINDOWS\Prefetch
2009-11-22 10:14:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-22 09:53:19 ----D---- C:\WINDOWS\system32\drivers
2009-11-22 09:53:18 ----RD---- C:\Program Files
2009-11-22 09:40:46 ----D---- C:\WINDOWS\system32
2009-11-22 09:40:46 ----D---- C:\WINDOWS
2009-11-21 17:40:53 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-11-21 17:38:57 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-21 01:52:12 ----SHD---- C:\WINDOWS\Installer
2009-11-21 00:39:34 ----SHD---- C:\RECYCLER
2009-11-20 06:51:43 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-11-16 07:25:55 ----SD---- C:\Documents and Settings\User\Application Data\Microsoft
2009-11-15 23:39:06 ----SD---- C:\WINDOWS\Tasks
2009-11-15 12:49:31 ----D---- C:\Documents and Settings\User\Application Data\Adobe
2009-11-12 22:21:44 ----D---- C:\Documents and Settings
2009-11-12 22:20:21 ----HD---- C:\WINDOWS\inf
2009-11-12 22:20:04 ----D---- C:\WINDOWS\system32\config
2009-11-12 21:32:19 ----A---- C:\WINDOWS\OEWABLog.txt
2009-11-12 21:26:35 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-12 20:45:12 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-12 20:45:09 ----D---- C:\WINDOWS\SoftwareDistribution
2009-11-12 07:36:41 ----D---- C:\WINDOWS\Help
2009-11-11 23:43:47 ----D---- C:\WINDOWS\WinSxS
2009-11-11 23:43:47 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-11-11 21:02:34 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-11-11 21:01:51 ----D---- C:\Program Files\Internet Explorer
2009-11-11 21:00:43 ----D---- C:\Program Files\Common Files
2009-11-11 18:13:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-11 18:10:58 ----D---- C:\WINDOWS\system32\en-US
2009-11-11 18:10:56 ----RSD---- C:\WINDOWS\Fonts
2009-11-11 18:10:30 ----D---- C:\WINDOWS\system32\spool
2009-11-11 17:39:26 ----A---- C:\WINDOWS\win.ini
2009-11-11 17:38:34 ----D---- C:\Program Files\Common Files\System
2009-11-11 17:36:05 ----D---- C:\WINDOWS\system
2009-11-11 14:38:11 ----AC---- C:\WINDOWS\ODBCINST.INI
2009-11-11 14:37:25 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-09 13:19:46 ----A---- C:\WINDOWS\setuplog.txt
2009-11-09 11:42:53 ----A---- C:\WINDOWS\system32\wpa.bak
2009-11-09 11:40:56 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-11-07 18:02:06 ----D---- C:\WINDOWS\security
2009-11-07 17:48:09 ----D---- C:\WINDOWS\Registration
2009-11-07 17:47:59 ----SHD---- C:\System Volume Information
2009-11-07 17:47:59 ----D---- C:\WINDOWS\system32\Restore
2009-11-07 17:47:56 ----RASH---- C:\boot.ini
2009-11-07 17:46:12 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-07 17:43:51 ----D---- C:\WINDOWS\repair

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-11-11 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-11-11 28424]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-11-11 360584]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-12-12 23984]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-12-12 25264]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-01-21 6278560]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-03-30 5063168]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-14 5810]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2009-11-11 9856]
R3 RT61;Linksys Wireless-G PCI Adapter Driver(RT61); C:\WINDOWS\system32\DRIVERS\RT61.sys [2005-10-26 356096]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-09-25 115328]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 vpnva;Cisco AnyConnect VPN Virtual Miniport Adapter for Windows; C:\WINDOWS\system32\DRIVERS\vpnva.sys [2009-10-09 20152]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-05-07 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-07 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-11-11 285392]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-11-09 153376]
R2 LinksysUpdater;Linksys Updater; C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-12-12 642856]
R2 vpnagent;Cisco AnyConnect VPN Agent; C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-11-15 382248]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------
susanfloro
Regular Member
 
Posts: 25
Joined: December 19th, 2007, 11:50 am

Re: Don't know why my new computer is so SLOW!

Unread postby Dakeyras » November 22nd, 2009, 6:02 pm

Hi. :)

OK and thanks for the update, plus you are very welcome!

Further research has revealed it may be your Anti-Virus application that is the cause for your computers problems. Specifically this running process:-

avgchsvx.exe

One method to counter this from researching in the actual AVG support forum is too:-

  • Right click the AVG icon in your taskbar.
  • Click Launch AVG Test Centre
  • Uncheck the option: scan for tracking cookies in the resident shield options
  • Close the AVG Test Centre

Please inform myself in your next reply if this has made any difference, thank you.

Note: If it does turn out this is the culprit I will provide a small application to counter any tracking cookies etc.

I will not however rule out malware as the culprit just yet.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.

Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Custom Batch File:

  • Open Notepad.
  • Copy and Paste everything from the Code Box below into Notepad: <-- Start >> Run... type in notepad and select OK
Code: Select all
@Echo off
Reg Delete "HKLM\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE" /F
Reg Delete "HKLM\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds" /F
Reg Delete "HKLM\software\microsoft\shared tools\msconfig\startupreg\IgfxTray" /F
Reg Delete "HKLM\software\microsoft\shared tools\msconfig\startupreg\Persistence" /F
Reg Delete "HKLM\software\microsoft\shared tools\msconfig\startupreg\RemoteControl" /F
Del %0
  • Go to File >> Save As
  • Save File name as "Dakeyras.bat" <-- Make sure to include the quotes.
  • Change Save as Type to All Files and save the file to your Desktop.
  • It should look like this: Image

Now double click on the desktop Dakeyras.bat to run the batch file. It will self-delete when completed.

Next:

Please re-open HiJackThis and select Do a system scan only. Check the boxes next to all the entries listed below (if present):

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -


Now click on Fix Checked. Close HiJackThis.

Next:

Now click Start >> Run and type cleanmgr in the box and press OK.

  • Ensure the boxes for Temporary Files, Temporary Internet Files and Recycle Bin are checked.
  • You can choose to check other boxes if you wish but they are not required.
  • Click on OK then Yes.
  • Now Reboot(restart) your computer.

F-Secure Blacklight:

Please download Blacklight from here to your desktop.

or

Link to it from the ftp site: ftp://ftp.f-secure.com/anti-virus/tools/fsbl.exe
and save it to your desktop from there.

Go to Start-->Run, copy in the following text, and press Enter:
"%userprofile%\desktop\fsbl.exe" /expert
Accept the license agreement.
Click > scan, wait for it to finish, then click Close

There will be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).
Copy and paste the contents of this log into your next reply.

When completed the above, please post back the following:

  • How is you computer performing now? Any problems encountered and or any further symptoms?
  • Blacklight Log.
  • A new RSIT Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Don't know why my new computer is so SLOW!

Unread postby susanfloro » November 22nd, 2009, 9:43 pm

Hi there. I "think" my computer is running a little faster but it might just be me hoping that what we are doing is helping! :) I'll observe it for the rest of this evening.

When I checked the option "scan for tracking cookies in the resident shield options" in my AVG settings, it was not checked so I didn't do that step. Here are the log files. Thank you!

11/22/09 17:35:42 [Info]: BlackLight Engine 2.2.1092 initialized
11/22/09 17:35:42 [Info]: OS: 5.1 build 2600 (Service Pack 3)
11/22/09 17:35:42 [Note]: 7019 4
11/22/09 17:35:42 [Note]: 7005 0
11/22/09 17:35:55 [Note]: 7006 0
11/22/09 17:35:55 [Note]: 7011 2880
11/22/09 17:35:55 [Note]: 7035 0
11/22/09 17:35:55 [Note]: 7026 0
11/22/09 17:35:55 [Note]: 7026 0
11/22/09 17:35:56 [Note]: FSRAW library version 1.7.1024
11/22/09 17:37:45 [Note]: 7007 0
--------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by User at 2009-11-22 17:38:45
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 439 GB (92%) free of 477 GB
Total RAM: 2038 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:38:52 PM, on 11/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\User\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\User.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

--
End of file - 6321 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2009-11-11 1475864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-11-09 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-09 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-13 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2008-04-13 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-13 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-13 455168]
"nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-12-12 642856]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2009-11-12 2020120]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2009-10-10 320832]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-11-11 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2009-01-21 205824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-07 133632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskmgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"\\Srv-slaco\Shared\DVD\Ahead Nero\Nero 8\Nero 8 Essentials for OEMs\Installation\Setupx.exe"="\\Srv-slaco\Shared\DVD\Ahead Nero\Nero 8\Nero 8 Essentials for OEMs\Installation\Setupx.exe:*:Enabled:Nero ControlCenter"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1cbe1bf3-d010-11de-97f4-00261874c3d1}]
shell\AutoRun\command - F:\DTVP_Launcher.exe


======List of files/folders created in the last 1 months======

2009-11-22 17:25:11 ----D---- C:\WINDOWS\ERDNT
2009-11-22 17:24:29 ----D---- C:\Program Files\ERUNT
2009-11-22 09:53:23 ----D---- C:\Documents and Settings\User\Application Data\Malwarebytes
2009-11-22 09:53:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-22 09:53:18 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-11-21 17:38:57 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2009-11-21 17:38:51 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-11-21 10:48:30 ----D---- C:\Rooter$
2009-11-20 19:48:00 ----D---- C:\rsit
2009-11-20 06:51:42 ----D---- C:\Program Files\Cisco
2009-11-16 07:54:47 ----D---- C:\Program Files\Trend Micro
2009-11-14 12:46:41 ----D---- C:\WINDOWS\system32\LogFiles
2009-11-12 22:20:25 ----A---- C:\WINDOWS\system32\hpzll3xu.dll
2009-11-12 21:38:27 ----D---- C:\Documents and Settings\All Users\Application Data\Cisco
2009-11-12 21:07:23 ----D---- C:\WINDOWS\system32\PreInstall
2009-11-12 21:07:22 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-11-12 21:01:39 ----D---- C:\Documents and Settings\User\Application Data\WinPatrol
2009-11-12 21:01:33 ----D---- C:\Program Files\BillP Studios
2009-11-12 07:36:35 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-11-11 23:44:28 ----HD---- C:\$AVG
2009-11-11 23:44:19 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-11-11 23:43:59 ----D---- C:\Program Files\AVG
2009-11-11 23:43:58 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2009-11-11 21:02:39 ----D---- C:\Documents and Settings\User\Application Data\Apple Computer
2009-11-11 21:02:34 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-11-11 21:02:11 ----D---- C:\Program Files\iPod
2009-11-11 21:02:09 ----D---- C:\Program Files\iTunes
2009-11-11 21:02:09 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-11 21:01:56 ----D---- C:\Program Files\Bonjour
2009-11-11 21:01:35 ----D---- C:\Program Files\QuickTime
2009-11-11 21:01:34 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-11-11 21:01:25 ----D---- C:\Program Files\Apple Software Update
2009-11-11 21:00:43 ----D---- C:\Program Files\Common Files\Apple
2009-11-11 21:00:43 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-11-11 18:43:17 ----D---- C:\Documents and Settings\All Users\Application Data\Linksys
2009-11-11 18:14:28 ----HDC---- C:\Documents and Settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865}
2009-11-11 18:13:18 ----D---- C:\Program Files\WebEx
2009-11-11 18:12:55 ----D---- C:\Program Files\MSBuild
2009-11-11 18:10:58 ----D---- C:\WINDOWS\system32\XPSViewer
2009-11-11 18:10:39 ----D---- C:\Program Files\Reference Assemblies
2009-11-11 18:10:24 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-11-11 18:09:12 ----RSD---- C:\WINDOWS\assembly
2009-11-11 18:09:00 ----D---- C:\WINDOWS\Microsoft.NET
2009-11-11 18:08:17 ----D---- C:\Program Files\Common Files\Pure Networks Shared
2009-11-11 18:08:10 ----D---- C:\Documents and Settings\All Users\Application Data\Pure Networks
2009-11-11 18:08:05 ----A---- C:\WINDOWS\system32\javaws.exe
2009-11-11 18:08:05 ----A---- C:\WINDOWS\system32\javaw.exe
2009-11-11 18:08:05 ----A---- C:\WINDOWS\system32\java.exe
2009-11-11 18:07:49 ----D---- C:\Program Files\Common Files\Java
2009-11-11 17:47:31 ----D---- C:\Program Files\Linksys
2009-11-11 17:39:37 ----A---- C:\WINDOWS\system32\mdimon.dll
2009-11-11 17:39:07 ----D---- C:\Program Files\Common Files\L&H
2009-11-11 17:39:04 ----D---- C:\Program Files\Microsoft.NET
2009-11-11 17:39:00 ----D---- C:\Program Files\Microsoft ActiveSync
2009-11-11 17:38:47 ----D---- C:\Program Files\Common Files\DESIGNER
2009-11-11 17:38:45 ----D---- C:\Program Files\Microsoft Works
2009-11-11 17:38:40 ----D---- C:\Program Files\Microsoft Visual Studio
2009-11-11 17:38:32 ----D---- C:\WINDOWS\SHELLNEW
2009-11-11 17:38:28 ----D---- C:\Program Files\Microsoft Office
2009-11-11 17:36:00 ----RHD---- C:\MSOCache
2009-11-11 16:11:56 ----A---- C:\WINDOWS\ODBC.INI
2009-11-11 16:08:07 ----D---- C:\Documents and Settings\User\Application Data\Mozilla
2009-11-11 16:08:04 ----D---- C:\Program Files\Mozilla Firefox
2009-11-11 16:06:20 ----A---- C:\WINDOWS\NeroDigital.ini
2009-11-11 14:38:07 ----A---- C:\WINDOWS\simply90.ini
2009-11-11 14:37:38 ----A---- C:\WINDOWS\system32\VB5DB.DLL
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\VBAR332.DLL
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\odbctl32.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\msxbse35.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\mstext35.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\msrpfs35.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\msrepl35.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\msrd2x35.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\mspdox35.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\msltus35.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\msjter35.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\msjt4jlt.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\msjint35.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\msjet35.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\msexcl35.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\msexch35.dll
2009-11-11 14:37:37 ----A---- C:\WINDOWS\system32\JETCOMP.exe
2009-11-11 14:37:35 ----A---- C:\WINDOWS\system32\rdocurs.dll
2009-11-11 14:37:35 ----A---- C:\WINDOWS\system32\MSRDO20.DLL
2009-11-11 14:37:33 ----D---- C:\WINDOWS\Crystal
2009-11-11 14:37:32 ----A---- C:\WINDOWS\system32\LTFIL60N.DLL
2009-11-11 14:37:32 ----A---- C:\WINDOWS\system32\IMPLODE.DLL
2009-11-11 14:37:32 ----A---- C:\WINDOWS\system32\crwrap32.dll
2009-11-11 14:37:32 ----A---- C:\WINDOWS\system32\CRPAIG32.DLL
2009-11-11 14:37:31 ----A---- C:\WINDOWS\system32\LTKRN60N.DLL
2009-11-11 14:37:31 ----A---- C:\WINDOWS\system32\CRPE32.DLL
2009-11-11 14:37:27 ----A---- C:\WINDOWS\system32\dsofile.dll
2009-11-11 14:37:19 ----D---- C:\Program Files\Winsim
2009-11-11 14:26:58 ----D---- C:\Documents and Settings\User\Application Data\ACD Systems
2009-11-11 14:24:07 ----D---- C:\Documents and Settings\All Users\Application Data\ACD Systems
2009-11-11 14:24:04 ----D---- C:\Program Files\Common Files\ACD Systems
2009-11-11 14:24:04 ----D---- C:\Program Files\ACD Systems
2009-11-11 14:23:23 ----D---- C:\WINDOWS\Downloaded Installations
2009-11-11 14:20:04 ----D---- C:\Program Files\Common Files\HP
2009-11-11 14:19:29 ----D---- C:\Program Files\Hewlett-Packard
2009-11-11 14:19:13 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2009-11-11 14:18:01 ----D---- C:\Program Files\HP
2009-11-11 14:17:48 ----HD---- C:\Config.Msi
2009-11-11 14:17:33 ----D---- C:\Documents and Settings\User\Application Data\HP
2009-11-11 13:45:30 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-11-09 11:40:54 ----D---- C:\Program Files\Java
2009-11-07 17:48:09 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-11-07 17:42:49 ----A---- C:\WINDOWS\smscfg.ini

======List of files/folders modified in the last 1 months======

2009-11-22 17:38:38 ----D---- C:\WINDOWS\Temp
2009-11-22 17:35:49 ----D---- C:\WINDOWS\Prefetch
2009-11-22 17:31:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-22 17:25:11 ----D---- C:\WINDOWS
2009-11-22 17:24:29 ----RD---- C:\Program Files
2009-11-22 17:18:46 ----SD---- C:\Documents and Settings\User\Application Data\Microsoft
2009-11-22 09:53:19 ----D---- C:\WINDOWS\system32\drivers
2009-11-22 09:40:46 ----D---- C:\WINDOWS\system32
2009-11-21 17:40:53 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-11-21 17:38:57 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-21 01:52:12 ----SHD---- C:\WINDOWS\Installer
2009-11-21 00:39:34 ----SHD---- C:\RECYCLER
2009-11-20 06:51:43 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-11-15 23:39:06 ----SD---- C:\WINDOWS\Tasks
2009-11-15 12:49:31 ----D---- C:\Documents and Settings\User\Application Data\Adobe
2009-11-12 22:21:44 ----D---- C:\Documents and Settings
2009-11-12 22:20:21 ----HD---- C:\WINDOWS\inf
2009-11-12 22:20:04 ----D---- C:\WINDOWS\system32\config
2009-11-12 21:32:19 ----A---- C:\WINDOWS\OEWABLog.txt
2009-11-12 21:26:35 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-12 20:45:12 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-12 20:45:09 ----D---- C:\WINDOWS\SoftwareDistribution
2009-11-12 07:36:41 ----D---- C:\WINDOWS\Help
2009-11-11 23:43:47 ----D---- C:\WINDOWS\WinSxS
2009-11-11 23:43:47 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-11-11 21:02:34 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-11-11 21:01:51 ----D---- C:\Program Files\Internet Explorer
2009-11-11 21:00:43 ----D---- C:\Program Files\Common Files
2009-11-11 18:13:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-11 18:10:58 ----D---- C:\WINDOWS\system32\en-US
2009-11-11 18:10:56 ----RSD---- C:\WINDOWS\Fonts
2009-11-11 18:10:30 ----D---- C:\WINDOWS\system32\spool
2009-11-11 17:39:26 ----A---- C:\WINDOWS\win.ini
2009-11-11 17:38:34 ----D---- C:\Program Files\Common Files\System
2009-11-11 17:36:05 ----D---- C:\WINDOWS\system
2009-11-11 14:38:11 ----AC---- C:\WINDOWS\ODBCINST.INI
2009-11-11 14:37:25 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-09 13:19:46 ----A---- C:\WINDOWS\setuplog.txt
2009-11-09 11:42:53 ----A---- C:\WINDOWS\system32\wpa.bak
2009-11-09 11:40:56 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-11-07 18:02:06 ----D---- C:\WINDOWS\security
2009-11-07 17:48:09 ----D---- C:\WINDOWS\Registration
2009-11-07 17:47:59 ----SHD---- C:\System Volume Information
2009-11-07 17:47:59 ----D---- C:\WINDOWS\system32\Restore
2009-11-07 17:47:56 ----RASH---- C:\boot.ini
2009-11-07 17:46:12 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-07 17:43:51 ----D---- C:\WINDOWS\repair

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-11-11 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-11-11 28424]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-11-11 360584]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-12-12 23984]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-12-12 25264]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-01-21 6278560]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-03-30 5063168]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-14 5810]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2009-11-11 9856]
R3 RT61;Linksys Wireless-G PCI Adapter Driver(RT61); C:\WINDOWS\system32\DRIVERS\RT61.sys [2005-10-26 356096]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-09-25 115328]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 vpnva;Cisco AnyConnect VPN Virtual Miniport Adapter for Windows; C:\WINDOWS\system32\DRIVERS\vpnva.sys [2009-10-09 20152]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-05-07 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-07 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-11-11 285392]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-11-09 153376]
R2 LinksysUpdater;Linksys Updater; C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-12-12 642856]
R2 vpnagent;Cisco AnyConnect VPN Agent; C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-11-15 382248]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------
susanfloro
Regular Member
 
Posts: 25
Joined: December 19th, 2007, 11:50 am

Re: Don't know why my new computer is so SLOW!

Unread postby Dakeyras » November 23rd, 2009, 8:08 am

Hi. :)

OK and thanks for the update.

Did you set this Proxyserver?
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
If not and or unsure do not remove the entry below it will be highlighted in red and inform myself in your next reply, thank you.

Next:

Temporarily disable WinPatrol(so it will not hinder the HJT removals below, it will automatically start after the system reboot):-

  • Right click on the WinPatrol system tray icon.
  • Select Exit Program.

Next:

Please re-open HiJackThis and select Do a system scan only. Check the boxes next to all the entries listed below (if present):

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

Now click on Fix Checked. Close HiJackThis. Now Reboot(restart) your computer.

Check Hard Disk For Errors:

Press Start->Run, then copy/paste the following command into the box and press OK:
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
A blank command window will open on your desktop, then close in a few minutes. This is normal.
A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file.

When completed the above, please post back the following:

  • How is you computer performing now? Any problems encountered and or any further symptoms?
  • checkhd.txt
  • A new HijackThis Log. <-- I do not need to view a new RSIT log at this time.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Don't know why my new computer is so SLOW!

Unread postby susanfloro » November 23rd, 2009, 11:33 am

I think my compute is running a bit faster than before!

I did not set this: R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local (I do not know what it does.)

Here are the logs:

The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
CHKDSK is verifying indexes (stage 2 of 3)...
CHKDSK is verifying security descriptors (stage 3 of 3)...
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

488384000 KB total disk space.
38393740 KB in 41087 files.
16112 KB in 6568 indexes.
0 KB in bad sectors.
138956 KB in use by the system.
65536 KB occupied by the log file.
449835192 KB available on disk.

4096 bytes in each allocation unit.
122096000 total allocation units on disk.
112458798 allocation units available on disk.
--------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:29:44 AM, on 11/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

--
End of file - 6245 bytes
susanfloro
Regular Member
 
Posts: 25
Joined: December 19th, 2007, 11:50 am

Re: Don't know why my new computer is so SLOW!

Unread postby Dakeyras » November 23rd, 2009, 12:06 pm

Hi. :)

I think my compute is running a bit faster than before!

I did not set this: R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local (I do not know what it does.)
OK good to know.

As for the latter it basically means Internet Explorer is set to bypass certain IP(Intenet Protocol) settings, with say your ISP for example. It may also be present because there is indication you use or have used a Linksys Router.

I have noticed the actual removals with HijackThis appear to have been unsuccessful, after carrying them out and rebooting your computer did WinPatrol warn of this and you denied the change?

None of the above is a actual problem persay and we can come back to that.

Next:

Out of date Adobe and Java installations pose a security risk. They can be used by malware as a means to infect a computer and or re-infect. We will update both in due course.

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

Adobe Reader 9.1
Java(TM) 6 Update 16
Java(TM) 6 Update 3


To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Now click Start >> Run and type cleanmgr in the box and press OK.

  • Ensure the boxes for Temporary Files, Temporary Internet Files and Recycle Bin are checked.
  • You can choose to check other boxes if you wish but they are not required.
  • Click on OK then Yes.

Hard-Drive Maintenance/Repair:

Note: for the CHKDSK portion you may refer to this tutorial of mine here and follow the instructions for Graphical Mode if you so wish.

  • Click Start >> Run... then type in CMD and click on OK.
  • At the Command Prompt C:\ > type the following:
  • CD C:\ and hit the Enter/Return key.
  • Now type in DEFRAG C: -F
  • A Analysis report will be displayed and then Windows will start the Defragmention run automatically.
  • This may take some time, when completed the Command Prompt C:\ > will appear.
  • Now type in CHKDSK C: /R and hit the Enter/Return key.
  • When prompted with:
CHKDSK cannot run because the volume is in use by another process
Would you like to schedule this volume to be checked next time the system
restarts (Y/N)
  • Hit the Y key then at the Command Prompt C:\ >
  • Type in EXIT and and hit the Enter/Return key.
  • Now Reboot(Restart) your computer.

Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

You should see a screen like this just after the Post(power on self test) screen:

Image

Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be cancelled and you computer will continue to boot-up as normal.

New Adobe Reader Installation:

  • Go HERE and click on AdbeRdr920_en_US.exe to download the latest version of Adobe Acrobat Reader.
  • Save this file to your desktop and run it to install the latest version of Adobe Reader.


New Java Installation:

  • Click here to visit Java's website.
  • Scroll down to Java SE Runtime Environment (JRE) 6 Update 17. Click on Download.
  • Select Windows from the drop-down list for Platform.
  • Select Multi-language from the drop-down list for Language.
  • Check (tick) I agree to the Java SE Runtime Environment 6 License Agreement box and click on Continue.
  • Click on jre-6u17-windows-i586.exe link to download it and save this to a convenient location.
  • Double click on jre-6u17-windows-i586.exe to install Java.

Run Kaspersky Online AV Scanner:

Go to this Kaspersky website and perform an online antivirus scan.

Note: Use Internet Explorer for this scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

This online tuturial will help explain how to use the aforementioned online scan.

When completed the above, please post back the following:

  • How is you computer performing now? Any problems encountered and or any further symptoms?
  • Kaspersky report.
  • A new HijackThis Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Don't know why my new computer is so SLOW!

Unread postby susanfloro » November 24th, 2009, 11:39 am

Hi there. You said, "As for the latter it basically means Internet Explorer is set to bypass certain IP(Intenet Protocol) settings, with say your ISP for example. It may also be present because there is indication you use or have used a Linksys Router." Yes... I am using a Linksys Wireless Router.

You said, "I have noticed the actual removals with HijackThis appear to have been unsuccessful, after carrying them out and rebooting your computer did WinPatrol warn of this and you denied the change?" I don't recall denying the changes but I could have as sometimes Scotty asks me questions after I reboot. If I don't understand the question, my usual reaction is to say "No."

I was unable to run the Kaspersky on-line virus scan. It failed and the message displayed said that it can not run if another antivirus program is already running. AVG Antivirus automatically starts when I reboot so that was probably the cause but unfortunately I do not know how to disable it.

I completed the other steps you asked me to do though... here is a hyjack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:38:42 AM, on 11/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

--
End of file - 6284 bytes
susanfloro
Regular Member
 
Posts: 25
Joined: December 19th, 2007, 11:50 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 89 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware