Slow computer - Malware suspected - Logs inside

**confused10** · #1 1st Feb 2009, 07:15

Hi,

I am experiencing problems with my computer and hope you guys can help and try and improve its performance.

The thing is running extremely slowly for the last few months and appears to be getting worse. It take an age for the computer to load and opening any program seems to be a considerable task. Once the program is open it runs ok. I haven’t experienced any problems getting access to the web but like everything else it takes and age to open but I haven’t got any pop ups or hijacks.

I have tried to go through the various steps detailed on the website before I have posted this log but have experienced problems with the Malwarebytes' Anti-Malware and AVG scan. Both scans fail towards the latter end of the scan and reboot the machine without fully completing the scan.

As such I haven’t posted a log of the results and I have tried to complete the scan a couple of times to no avail.

I hope you can help with the above and thank you for your time and efforts.

Kind regards,

Andy

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:58:22, on 01/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Roxio Creator 2009 Special Edition\5.0\CPMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\Go ogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\AOL 8.0\aoltray.exe
C:\Program Files\ClickToConvert\C2CMonitor.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Works\wkswp.exe
C:\Program Files\Microsoft Works\MSWorks.exe
C:\Program Files\Microsoft Works\wkgdcach.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\sniper.exe\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.d ll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TBSB09819 - {DC77F23E-1D48-4238-9776-B705F92073FB} - C:\Program Files\DesktopFun Toolbar\desktopfuntoolbar.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe"
O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files\Roxio Creator 2009 Special Edition\5.0\CPMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\Go ogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O4 - Global Startup: C2CMonitor.lnk = C:\Program Files\ClickToConvert\C2CMonitor.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor...n/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1158237510484
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1158237495468
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Tiscali Music Downloads) - http://sib1.od2.com/common/musicmana...agerPlugin.CAB
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{92E99A06-0D41-4AE1-A464-070CAFEB81DD}: NameServer = 212.139.132.57 212.139.132.56
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Firewall - Network Associates, Inc. - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Unknown owner - C:\Program Files\Intel\NCS\Sync\NetSvc.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUPnPRenderer11.exe
O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUpnpService11.exe
O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe
O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe
O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
--
End of file - 10600 bytes

Malwarebytes' Anti-Malware 1.33
Database version: 1712
Windows 5.1.2600 Service Pack 2
31/01/2009 14:01:52
mbam-log-2009-01-31 (14-01-52).txt
Scan type: Quick Scan
Objects scanned: 61813
Time elapsed: 11 minute(s), 54 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

**sjb007** · #2 1st Feb 2009, 08:23

Hi there Confused...

Please download DDS and save it to your desktop.

Disable any script blocking protection
Double click dds.scr to run the tool.
When done, DDS.txt will open.
Click Yes at the next prompt for Optional Scan.
Save both reports to your desktop.
post both logs back in your next reply

Once done...

Download GMER Rootkit Scanner from here or here.

Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- Sections
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt"
Save it where you can easily find it, such as your desktop and copy and paste the results in your next reply

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please remember to post back with:

The two logs from DDS
The log from GMER

**confused10** · #3 1st Feb 2009, 10:22

Hi sjb007,

Thanks for the reply and your help with this matter.

Hopefully I have completed the scans correctly and I have pasted the results below.

Regards,

Andy

DDS (Ver_09-02-01.01) - NTFSx86
Run by Andy at 16:05:33.53 on 01/02/2009
Internet Explorer: 6.0.2900.2180
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.tiscali.co.uk/broadband
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.tiscali.co.uk/broadband
uCustomizeSearch =
BHO: Yahoo! Companion BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_5_7_0.d ll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: TBSB09819 Class: {dc77f23e-1d48-4238-9776-b705f92073fb} - c:\program files\desktopfun toolbar\desktopfuntoolbar.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_5_7_0.d ll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\1.0.720.3640\Go ogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [adiras] adiras.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\11.0\sharedcom\RoxWatchTray11.exe"
mRun: [CPMonitor] "c:\program files\roxio creator 2009 special edition\5.0\CPMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - {88B2EE0B-4EE5-46C0-A377-31D5C329B3EA} - c:\program files\yahoo!\browser\ysidebarIE.dll
LSP: c:\windows\system32\CSLSP.DLL
Trusted Zone: thomsonfly.com\www
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
DPF: {3334504D-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {556DDE35-E955-11D0-A707-000000521957} - hxxp://www.xblock.com/download/xclean_micro.exe
DPF: {56393399-041A-4650-94C7-13DFCB1F4665} - hxxp://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158237510484
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158237495468
DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - hxxp://www.bitdefender.com/scan/Msie/bitdefender.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {A3009861-330C-4E10-822B-39D16EC8829D} - hxxp://www.ravantivirus.com/scan/ravonline.cab
DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} - hxxp://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} - hxxp://www.pcpitstop.com/antivirus/PitPav.cab
TCP: {92E99A06-0D41-4AE1-A464-070CAFEB81DD} = 212.139.132.57 212.139.132.56
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll
============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================
2009-01-31 13:11 73,728 a------- c:\windows\system32\javacpl.cpl
2009-01-31 13:11 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-30 16:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Uninstall
2009-01-30 16:02 <DIR> --d----- c:\program files\InterActual
2009-01-30 15:44 <DIR> --d----- c:\program files\common files\Sonic Shared
2009-01-30 15:38 <DIR> --d----- c:\program files\Roxio Creator 2009 Special Edition
2009-01-30 15:38 <DIR> --d----- c:\program files\SmartSound Software
2009-01-30 15:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SmartSound Software Inc
2009-01-30 15:35 261,480 a------- c:\windows\system32\xactengine2_7.dll
2009-01-30 15:35 1,123,696 a------- c:\windows\system32\D3DCompiler_33.dll
2009-01-30 15:35 443,752 a------- c:\windows\system32\d3dx10_33.dll
2009-01-30 15:35 3,495,784 a------- c:\windows\system32\d3dx9_33.dll
2009-01-30 15:35 255,848 a------- c:\windows\system32\xactengine2_6.dll
2009-01-30 15:28 <DIR> --d----- c:\windows\system32\XPSViewer
2009-01-30 15:27 14,048 -------- c:\windows\system32\spmsg2.dll
2009-01-30 15:19 <DIR> --d----- c:\program files\MSXML 6.0
2009-01-26 12:36 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-01-26 12:35 93,544 a------- c:\windows\system32\drivers\StarPortLite.sys
2009-01-26 12:35 <DIR> --d----- c:\program files\Rocket Division Software
2009-01-25 16:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Philips Intelligent Agent
2009-01-25 11:28 176,235 a------- c:\windows\system32\Primomonnt.dll
2009-01-25 11:27 <DIR> --d----- c:\windows\PrimoPDF4
2009-01-25 11:27 <DIR> --d----- c:\program files\activePDF
2009-01-13 21:57 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-01-13 17:14 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-13 17:14 97,928 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-13 17:14 76,040 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-13 17:13 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-01-13 17:13 <DIR> --d----- c:\program files\AVG
2009-01-13 17:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
==================== Find3M ====================
2009-01-14 16:11 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 16:11 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-15 20:32 79,247 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-12 17:33 3,060,224 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 11:57 333,184 a------- c:\windows\system32\drivers\srv.sys
2008-12-11 11:57 333,184 -------- c:\windows\system32\dllcache\srv.sys
2008-09-07 16:15 872,696 a------- c:\program files\.auctionsolutions.com__chrlogin__tmp__temp13 2d3py_setup.amsorm.exe
2008-07-30 19:37 13,628,416 a------- c:\program files\epson28015eu.exe
2006-08-24 13:56 715 a------- c:\program files\andy list.txt
2006-08-19 09:07 7,557 a------- c:\program files\hijackthis25.txt
2006-08-19 09:07 7,557 a------- c:\program files\hijackthis.log
2006-08-17 18:20 318 a------- c:\program files\fixit.reg
2006-08-15 18:24 1,845 a------- c:\program files\help.txt
2006-07-11 17:12 9,889 a------- c:\program files\hijackthis2.txt
2005-08-14 17:30 0 a------- c:\documents and settings\andy\7.dat
2005-08-14 17:30 0 a------- c:\documents and settings\andy\6.dat
2005-08-14 17:30 0 a------- c:\documents and settings\andy\4.dat
2005-05-18 18:55 6,619 a------- c:\program files\hijackthis1.txt
2005-05-09 17:52 302 a------- c:\program files\12.mov
2005-05-09 17:51 302 a------- c:\program files\11.mov
============= FINISH: 16:10:27.46 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-02-01.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 10/01/2004 14:23:30
System Uptime: 02/01/2009 10:05:20 (726 hours ago)
Motherboard: Dell Computer Corp. | | 0N2828
Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz | Microprocessor | 2660/533mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 24.553 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================

ABBYY FineReader 5.0 Sprint Plus
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 6.0.1
Adobe Shockwave Player
AOL UK
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
Astro Gemini Screensaver Manager 1.2
Auction Client
AutoCAD LT 98
AVG Free 8.0
AviSynth 2.5
Bonjour
BT Yahoo! Applications
BT Yahoo! Internet Connection Manager 4.5
BTopenworld help
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities File Viewer Utility 1.2
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture 2.7
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
Christmas Time 3D Screensaver 1.0
Classic PhoneTools
Click to Convert / PDF Toolbox
Conexant SmartHSFi V.9x 56K Speakerphone PCI Modem
Costco Desktop Kiosk
DAO
Dell Media Experience
Dell Picture Studio - Dell Image Expert
Dell Solution Center
DesktopFun Toolbar
Digital Line Detect
DirectX 9 Runtime
DVDSentry
EMC 11 Content
EPSON CardMonitor
EPSON Copy Utility
EPSON Photo Print
EPSON PhotoQuicker3.5
EPSON PhotoStarter3.1
EPSON PRINT Image Framer Tool2.1
EPSON Printer Software
EPSON Scan
EPSON Smart Panel
ESCX6400 Operation Guide
ESCX6400 Reference Guide
ESCX6400 Software Guide
Express Burn
File Viewer Utility 1.2.2
Google Earth
Google Toolbar for Internet Explorer
Help and Support Customization
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
iPod for Windows 2005-09-23
iPod for Windows 2006-03-23
iTunes
Java(TM) 6 Update 11
Jedi Screensaver
Kaspersky Online Scanner
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
McAfee Firewall
McAfee QuickClean
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
Modem Helper
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Music Manager
Nero 7 Essentials
neroxml
NetWaiting
NVIDIA Windows 2000/XP Display Drivers
Paint Shop Pro 7
Panda ActiveScan
Panda ActiveScan 2.0
PCPitstop Panda AntiVirus Scan (remove only)
PDF Toolbox 6.0
Philips Intelligent Agent
PIF DESIGNER2.1
PowerDVD
PrimoPDF
Prism Video Converter
QuickTime
RealPlayer
RemoteCapture 2.7.2
Roxio Activation Module
Roxio Central
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Creator 2009 Special Edition
SAGEM F@st 800-840
ScanToWeb
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
SmartSound Quicktracks Plugin
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
SpywareGuard v2.2
StarBurn Version 10.5 (Build 0x20081020)
SUPERAntiSpyware Free Edition
Switch
Tiscali 10.0
Tiscali Music Downloads
Update for Windows XP (KB898461)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB925720)
Update for Windows XP (KB955839)
Videora iPod Converter 3.07
Viewpoint Media Player
Virgin Atlantic Alerts (remove only)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WordSearcher
XML Paper Specification Shared Components Pack 1.0
Yahoo! Anti-Spy
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
27/01/2009 12:15:54, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The attempted operation is not supported for the type of object referenced.
27/01/2009 12:15:54, error: Service Control Manager [7000] - The SSPORT service failed to start due to the following error: The system cannot find the file specified.
27/01/2009 12:15:54, error: Service Control Manager [7000] - The General Purpose USB Driver (adildr.sys) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
30/01/2009 10:31:07, error: System Error [1003] - Error code 1000007f, parameter1 00000008, parameter2 80042000, parameter3 00000000, parameter4 00000000.
30/01/2009 22:08:26, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
30/01/2009 22:08:26, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
==== End Of File ===========================

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-01 17:18:12
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.14 ----
SSDT sprp.sys ZwCreateKey [0xF91400E0]
SSDT sprp.sys ZwEnumerateKey [0xF915ECA2]
SSDT sprp.sys ZwEnumerateValueKey [0xF915F030]
SSDT sprp.sys ZwOpenKey [0xF91400C0]
SSDT sprp.sys ZwQueryKey [0xF915F108]
SSDT sprp.sys ZwQueryValueKey [0xF915EF88]
SSDT sprp.sys ZwSetValueKey [0xF915F19A]
INT 0x62 ? 81B0FBF8
INT 0x82 ? 81B0FBF8
INT 0x94 ? FEF89DD4
INT 0xB4 ? 819D3BF8
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Ntfs \Ntfs 81B0D1F8
Device \FileSystem\Fastfat \FatCdrom FF3BA1F8
Device \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbuhci \Device\USBPDO-0 819801F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{92E99A06-0D41-4AE1-A464-070CAFEB81DD} FFAAE500
Device \Driver\usbuhci \Device\USBPDO-1 819801F8
Device \Driver\usbuhci \Device\USBPDO-2 819801F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{E9FAFFA7-EC60-4BCB-88E8-D66DD5933C11} FFAAE500
Device \Driver\usbuhci \Device\USBPDO-3 819801F8
Device \Driver\usbehci \Device\USBPDO-4 FFBA01F8
Device \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Ftdisk \Device\HarddiskVolume1 81B101F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 81B101F8
Device \Driver\Cdrom \Device\CdRom0 FFAA53F8
Device \Driver\Cdrom \Device\CdRom1 FFAA53F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 81B0F1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 81B0F1F8
Device \Driver\atapi \Device\Ide\IdePort0 81B0F1F8
Device \Driver\atapi \Device\Ide\IdePort1 81B0F1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f 81B0F1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export FFAAE500
Device \Driver\NetBT \Device\NetbiosSmb FFAAE500
Device \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbuhci \Device\USBFDO-0 819801F8
Device \Driver\usbuhci \Device\USBFDO-1 819801F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver FF9AA500
Device \Driver\Tcpip \Device\IPMULTICAST avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbuhci \Device\USBFDO-2 819801F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector FF9AA500
Device \Driver\usbuhci \Device\USBFDO-3 819801F8
Device \Driver\usbehci \Device\USBFDO-4 FFBA01F8
Device \Driver\Ftdisk \Device\FtControl 81B101F8
Device \FileSystem\Fastfat \Fat FF3BA1F8
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs FF8981F8
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
---- EOF - GMER 1.0.14 ----

**sjb007** · #4 1st Feb 2009, 11:49

Hi Andy

Im not seeing anything immediate in the logs you have provided.

I want you to run an online scan at Kaspersky, first let clear out some unwanted system junk

Download and scan with CCleaner Slim
1.Double click the file and install ccleaner
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:

Clean all entries in the "Internet Explorer" section.
Clean all the entries in the "Windows Explorer" section.
Clean all entries in the "System" section.
Clean all entries in the "Advanced" section.
Clean any others that you choose.

In the Applications Tab:

Clean all in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner.
Click Accept, when prompted to download and install the program files and database of malware definitions.

Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View scan report at the bottom.
Click the Save Report As... button.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

This animation will guide you through the process:

**Note**
To optimize scanning time and produce a more sensible report for review:
Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan. You may disconnect from the internet once you begin the scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
Post back with the Kaspersky log

**confused10** · #5 3rd Feb 2009, 02:43

Hi sjb007,

Sorry for the delay in my response.

I have now ran both programs as requested but unfortunately neither has improved the situation and the scan didn’t identify any problems while the clean out has seemed to slow down performance as web pages take longer to download. I include a copy of the logs as requested.

Thanks

Andy

KASPERSKY ONLINE SCANNER 7 REPORT Tuesday, February 3, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, February 02, 2009 21:11:29
Records in database: 1738310
Scan settingsScan using the following databaseextendedScan archivesyesScan mail databasesyesScan areaMy ComputerA:\
C:\
D:\
E:\ Scan statisticsFiles scanned74716Threat name0Infected objects0Suspicious objects0Duration of the scan02:54:38
No malware has been detected. The scan area is clean.The selected area was scanned.

**sjb007** · #6 3rd Feb 2009, 03:02

Hi there Andy

Your logs appear clear of any malware related items. How much memory do you have in the system?

Lets cut down on start up items...

Open up HJT and select the second entry - Do a system scan only
Place a checkmark next to these entries:

O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O4 - Global Startup: C2CMonitor.lnk = C:\Program Files\ClickToConvert\C2CMonitor.exe

Make sure all browser and open windows/programs are closed and select "Fix checked"

Once done, reboot your computer, how are things now, any better...

**confused10** · #7 3rd Feb 2009, 03:37

Hi sjb007,

Thanks again for your help with this matter.

I have removed the start up items but unfortunately I haven’t noticed an improvement in the performance.

I have 256MB of memory which has been fine since I bought the computer. Its only during the last 12 months were I have noticed the drop in performance and I haven’t loaded any more significant software.

Regards,

Andy

**sjb007** · #8 3rd Feb 2009, 04:19

Hi there Andy

I feel that a boost of memory will help the slowdown. Although 265Mb of memory was fine when you purchased the computer it will soon be swallowed up by todays requirement in no time. As software is added, extra services are created, plus software upgrades eating up more memory. With memory prices as they are I would advise that you upgrade, if this was my own personal system I would think of taking the memory up to a minimum of 1Gb.

As regards to the scans being unable to complete I have a feeling it could possibly be down to a couple of bad sectors on your hard drive that crashes the scan once they hit that point on the drive. I would advise that you run a check for bad sectors. You can check for any bad sectors by following this guide as laid out by Microsoft - How to perform disk error checking in Windows XP

As I feel this is not a malware related issue I think you would now be better posting in the Windows Operating Systems area of the forum where experts there can help you with your remaining issues, feel free to point them towards this thread for reference. I wish you luck in resolving this issue.

Regards - Steve

**confused10** · #9 3rd Feb 2009, 12:31

Hi Steve,

Thanks for your help with this. I have followed the disc error instructions and I can now complete the scans. They too show the all clear for malware so I will post back in the windows operating section as instructed.

Thanks again for your efforts on this one.

Regards,

Andy

**sjb007** · #10 3rd Feb 2009, 16:26

Not a problem, only too glad to help