Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Slow Video over internet, slow system

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Slow Video over internet, slow system

Unread postby turtledove » October 21st, 2010, 9:53 pm

Good evening teajay,

Thank you for the logs. These will take some time to search. I'll be back as soon as possible.

turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California
Advertisement
Register to Remove

Re: Slow Video over internet, slow system

Unread postby turtledove » October 22nd, 2010, 12:07 pm

Good Day teajay,

We need to clean up that drive a bit, as it is down to 15 % . We'll then take a look with a new scan to be sure nothing bad remains.
**Please copy/print out these instructions as the scan will require disconnection from the internet temporarily.**
------------------------------------
Please delete the Folders if present :
C:\Program Files\Vuze
C:\Documents and Settings\My Account Name\Application Data\Azureus


------------------------------------

ATF Cleaner
Please download ATF Cleaner ... by Atribune. Alternate download site: here.
This program is for XP and Windows 2000 only!. It does not require any installation and uses minimal system resources.
It is set up to clean IE, FireFox and Opera, detecting the browsers you have and grays out the other(s).
  1. Double-click ATF-Cleaner.exe to run the program.
  2. Under Main choose: Select All
    Recommend UNCHECKING COOKIES if you rely on system remembered passwords.
  3. Click the Empty Selected button.
      If you use Firefox browser
    • Click Firefox at the top and choose: Select All EXCEPT FIREFOX SAVED PASSWORDS
    • Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
      If you use Opera browser
    • Click Opera at the top and choose: Select All EXCEPT COOKIES AND SAVED PASSWORDS
    • Click the Empty Selected button.
      NOTE: If you would like to keep your cookies and saved passwords, please click No at the prompt.
  4. Reply OK to the total bytes removed...box, then click Exit on the Main menu to close the program.


------------------------------------
Back Up registry with ERUNT

  • Please use the following link and download ERUNT to your desktop. HERE
  • Click on the erunt-setup.exe
  • Follow the prompts to install ERUNT
  • Choose language
  • A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO

    Image

  • Backup your registry to the default location

Note: To restore your registry (if needed), go to the folder and start ERDNT.exe


------------------------------------
ComboFix
Please download ImageComboFix.exe... © Copyrighted to sUBs. Save it to your desktop. <<--- IMPORTANT!! .
Alternate download sites: Mirror #2 or Mirror #3

If you previously downloaded ComboFix, please delete that version and download it again. This tool is frequently updated.

This program is a powerful tool, intended by its creator, to be "used under the guidance and supervision of trained malware removers".
Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!


The first thing you need to do is print out How-To-Use-ComboFix. Read these instructions thoroughly.
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!

  1. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  2. Double click the ComboFix.exe icon on your desktop to begin execution. If you receive the "Open File - Security Warning"... press Run.
  3. Press Yes to the Disclaimer prompt.
    ComboFix screen appears... preparing to run. ComboFix will now begin creating a System Restore Point and then backup your registry.
  4. If not already installed... Press Yes to the "Install Recovery Console" prompt.
  5. Press Yes at the Recovery Console installation results prompt... Even if unsuccessful, have ComboFix continue the scan.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash!
    ComboFix will disconnect you from the Internet, may cause your desktop to disappear and also change your clock settings... this is normal, so don't worry. They will be restored when finished. The ComboFix window data will be changing with various "Stages"... completed. When finished the screen will show that a log is being created.
    ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security.
    When finished... Notepad will open ... ComboFix will produce a log file called "log.txt".
  6. Please copy/paste the contents of log.txt... in your next reply.
Do NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read Combofix's Disclaimer.

** Enable your Antivirus and Firewall, before connecting to the Internet again! **


Post
C:\Combofix.txt
How your system is running now

Thank you

turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Slow Video over internet, slow system

Unread postby teajay » October 22nd, 2010, 6:31 pm

Hello Hello !!

No change in system behavior.

Thanks,

teajay

ComboFix 10-10-22.03 - Guy Bufkin 10/22/2010 16:04:11.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.583 [GMT -5:00]
Running from: c:\documents and settings\My Account Name\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Thumbs.db
c:\windows\system32\drivers\fad.sys
c:\windows\winhelp.ini

.
((((((((((((((((((((((((( Files Created from 2010-09-22 to 2010-10-22 )))))))))))))))))))))))))))))))
.

2010-10-22 20:35 . 2010-10-22 20:36 -------- d-----w- c:\program files\ERUNT
2010-10-21 17:57 . 2010-10-21 17:58 -------- d-----w- C:\rsit
2010-10-17 10:56 . 2010-10-17 10:56 388096 ----a-r- c:\documents and settings\My Account Name\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-17 10:56 . 2010-10-21 17:57 -------- d-----w- c:\program files\Trend Micro
2010-10-17 09:50 . 2010-10-17 09:50 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-10-16 07:37 . 2010-10-16 07:37 -------- d-----w- c:\program files\Common Files\Java
2010-10-16 07:36 . 2010-10-16 07:35 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-16 07:36 . 2010-10-16 07:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-16 07:36 . 2010-10-16 07:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-15 02:16 . 2010-10-15 02:16 -------- d-----w- c:\documents and settings\My Account Name\Application Data\Avira
2010-10-15 01:45 . 2010-03-01 15:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-10-15 01:45 . 2010-02-16 19:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-15 01:45 . 2009-05-11 17:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-10-15 01:45 . 2009-05-11 17:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-10-15 01:45 . 2010-10-15 01:45 -------- d-----w- c:\program files\Avira
2010-10-15 01:45 . 2010-10-15 01:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-10-12 21:29 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-12 21:29 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-12 21:29 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-12 21:28 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-11 21:19 . 2010-10-11 21:20 -------- d-----w- c:\documents and settings\My Account Name\Application Data\WinPatrol
2010-10-11 21:19 . 2010-10-11 21:19 -------- d-----w- c:\program files\BillP Studios
2010-10-10 07:46 . 2010-10-10 07:46 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-10-03 03:45 . 2010-10-03 03:37 3430224 ----a-w- C:\ccsetup236.exe
2010-09-25 01:06 . 2010-09-25 01:07 -------- d-----w- c:\program files\7-Zip
2010-09-22 23:10 . 2010-09-22 23:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-09-22 23:10 . 2010-09-22 23:10 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 17:23 . 2004-08-11 23:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-11 23:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-11 23:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-11 23:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-08-11 23:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-11 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-11 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2004-08-11 23:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-11 23:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-11 23:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-11 23:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2006-03-11 10:36 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-15 22:56 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-11 23:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-11 23:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-11 23:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-10 10:15 . 2010-08-10 10:15 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 10:15 . 2010-08-10 10:15 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-07 02:43 . 2004-08-11 23:00 184 ----a-w- c:\windows\system32\drivers\etc\hosts.vir
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-07 344064]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2004-10-10 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 22:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^My Account Name^Start Menu^Programs^Startup^ZooskMessenger.lnk]
path=c:\documents and settings\My Account Name\Start Menu\Programs\Startup\ZooskMessenger.lnk
backup=c:\windows\pss\ZooskMessenger.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2008-11-06 03:59 4347120 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2007-08-31 21:46 1460560 ----a-w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23:TCP"= 23:TCP:Telnet

R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [3/11/2006 5:40 AM 87936]
S3 ATIXPGAA;ATIXPGAA;c:\dell\drivers\R101342\ATIXPGAA.SYS [10/13/2010 5:15 AM 12032]
.
Contents of the 'Scheduled Tasks' folder

2010-10-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-10-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 20:38]

2010-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-13 00:17]

2010-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-13 00:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\My Account Name\Application Data\Mozilla\Firefox\Profiles\rcz1zins.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 6522
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\My Account Name\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-Singlesnet - c:\program files\Singlesnet\Singlesnet\Singlesnet.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-22 16:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4006047109-2940201462-1022532358-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1028)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2010-10-22 16:51:34
ComboFix-quarantined-files.txt 2010-10-22 21:51

Pre-Run: 12,094,795,776 bytes free
Post-Run: 12,159,930,368 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 67B51FAF90C15D59E9ECC318948876D3
teajay
Regular Member
 
Posts: 42
Joined: October 11th, 2010, 4:25 pm

Re: Slow Video over internet, slow system

Unread postby turtledove » October 23rd, 2010, 1:02 am

Good Day teajay :)

Thank you for the log. Please try turning off Windows Firewall only temporarily and then update AntiVir as it is out of date on its daily file information. It appears that is needed til Firewalls quit disallowing it.

-------------------------------------

ESET online scannner
**Turn off the real time scanner of any existing antivirus program while performing the online scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

  • Hold down Control then click on the following link to open a new window to ESET online scannner
  • Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

****Be sure AntiVir is set to active again
-------------------------------------

Open HijackThis and select: Do a system scan and save a log file.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
The log will be saved as HijackThis.log in the C:\Program Files\Trend Micro\HijackThis folder.
When the scan is finished, From the Notepad File opened: Click Edit> Select All> Edit> Copy> and paste its contents here.

-------------------------------------

Post
ESET Scan Results - Be sure to include the whole log.txt
A new log from HijackThis
Any problems?
Is Windows Firewall on?

Thank you

turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Slow Video over internet, slow system

Unread postby teajay » October 23rd, 2010, 1:58 am

turtledove,

I still can't update antivir even with the firewall turned off and with antivir enabled or disabled. Could it be because I'm still getting warnings that it is installed under a user with administrator rights? I get the following message:

Status: Error loading system components. The update process could not be carried out.

What do you want me to do about Antivir ?
Do you want me to continue with your instructions anyway ?

Thanks,
teajay ...
teajay
Regular Member
 
Posts: 42
Joined: October 11th, 2010, 4:25 pm

Re: Slow Video over internet, slow system

Unread postby turtledove » October 23rd, 2010, 2:13 am

Good evening teajay,

Yes please continue with the other scans. I'll see if I can find out more about this. I use Online Armor Firewall, in my signature; it allows AntiVir as I stated. So uncertain about Windows Firewall actions here. I'll have to check through posts at AntiVirs' Forums.
Do post the other two items and I'll get through those as well.

Than you

turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Slow Video over internet, slow system

Unread postby teajay » October 23rd, 2010, 2:17 am

I don't mind changing firewalls but I guess first things first.
I'll let that be your call. Until then I'll finish the steps above.
thanks,
teajay ...
teajay
Regular Member
 
Posts: 42
Joined: October 11th, 2010, 4:25 pm

Re: Slow Video over internet, slow system

Unread postby turtledove » October 23rd, 2010, 2:28 am

Good evening :)

You may keep Windows Firewall, but it only guards one way in XP systems. The best is a third party Firewall that monitors 2 ways- in and out bound traffic. You could try Online Armor for a while and always go back. But my recommendation is a 2 way firewall.

Lets get the other scans done first.

Thanks

turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Slow Video over internet, slow system

Unread postby teajay » October 23rd, 2010, 3:40 am

turtledove,

When I hit start the screen went black immediately except for a couple of white boxes. No mention of virus signature database being downloaded. My laptop settings is for the screen to blank out after an hour or so. Now I can't even see the boxes or probably anything new ?

How will I be able to tell when this is finished ?
After what amount of time will it be safe to move the mouse to make the screen show again ?

I can let it go all night and half the day or more if necessary.

teajay ...
teajay
Regular Member
 
Posts: 42
Joined: October 11th, 2010, 4:25 pm

Re: Slow Video over internet, slow system

Unread postby teajay » October 23rd, 2010, 4:16 pm

When I woke up around 1:30 pm today I could see the screen and I had the ati driver error and there was no log but it found this.

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP736\A0156526.exe

I'll change my power settings and run again.

Thanks,
teajay

Win32/PSWTool.RAS.A application

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:09:38 PM, on 10/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Microsoft Web Test Recorder Helper - {62355041-605D-4469-84FD-5D66ED67A7E3} - C:\Program

Files\Microsoft Visual Studio

8\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program

Files\GoogleAFE\GoogleAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN

Toolbar\01.01.2607.0\en-us\msntb.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel

PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe"

/r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java

Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -

http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftup ... 1715180988

43
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} -

http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -

https://realtor-org-commercial.webex.co ... eatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} -

C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon -

{8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program

Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir

Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. -

C:\WINDOWS\system32\basfipm.exe
O23 - Service: Persits Software Email Agent (EmailAgent) - Persits Software, Inc. -

C:\PROGRA~1\PERSIT~1\AspEmail\EMAILA~1\BIN\EMAILA~1.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program

Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program

Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common

Files\Motive\McciCMService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program

Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8075 bytes
teajay
Regular Member
 
Posts: 42
Joined: October 11th, 2010, 4:25 pm

Re: Slow Video over internet, slow system

Unread postby turtledove » October 23rd, 2010, 10:14 pm

Good evening teajay,

Try setting power savings to not turn off screen if needed. Run ESET, it can take a long time depending on the number of files. What you posted is in system restore, so we will clear that once sure nothing else is present.
Where was the Win32/PSWTool.RAS.A application found?
Thank you

turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Slow Video over internet, slow system

Unread postby teajay » October 23rd, 2010, 10:56 pm

Win32/PSWTool.RAS.A application was in the ESAT scanner window when I woke up.
I'll run the scan again.
thanks,
teajay
teajay
Regular Member
 
Posts: 42
Joined: October 11th, 2010, 4:25 pm

Re: Slow Video over internet, slow system

Unread postby turtledove » October 23rd, 2010, 11:35 pm

Good evening teajay,

The log should be located here:
C:\Program Files\ESET\EsetOnlineScanner\log.txt
It should include ESET name, other information, files scanned, path to that file I mentioned is what I need. We may use a second online scan for a second opinion.
Thanks

Turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Slow Video over internet, slow system

Unread postby teajay » October 24th, 2010, 4:11 pm

turtledove,

This scan has been going 18 hours. When do we decide it is hung up ? If it is hung up how would you like me to restart the system ?

Thanks
teajay
teajay
Regular Member
 
Posts: 42
Joined: October 11th, 2010, 4:25 pm

Re: Slow Video over internet, slow system

Unread postby turtledove » October 24th, 2010, 6:56 pm

Good day teajay,

If ESET doesn't progress in a bit, please try the following scan. I planned running it anyway, and it should be left to run with nothing else open, you may wish to set screen saver to none as well and let the scan run overnight. It will take several hours as your drive is pretty full.

If possible, move any music, pictures, documents to an external drive or to CDs/DVD and do scan them before placing back on main computer. This will give you better available space on C: Drive.



OTC

Download OTC by Old Timer and save it to your Desktop. This tool will remove all the tools we used to clean your pc.

  • Double-click OTC.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Please Reboot the computer if TFC did not ask to do so.



Kaspersky Online Scan
Do an online scan with >Kaspersky Online Scanner<
  • Read through the requirements and privacy statement and click on Accept button
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
  • When the downloads have finished, click on Settings
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan
  • Once the scan is complete, it will display the results. Click on View Scan Report
  • You will see a list of infected items there. Click on Save Report As...
  • Save this report to your desktop as KasScanlog; Change the Files of type to Text file (.txt) before clicking on the Save button
  • Please post this log in your next reply


Post
The kasScan.txt
If you do a search on the net, do you get any redirects to sites you didn't search for? If so, is it in Internet Explorer and another browser as well?
Any other odd behavior besides ATI driver?

Thanks.

turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 49 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware