My computer is acting very slow. I've done the necessary spyware scanning (Spyrware Blaster, Spybot, Super Antispyware, Ad-Aware, Bit Defender, and virus scanning (McAfee) but nothing was found. Following is the Hijackthis file:
Anything there?
Thanks
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:44 PM, on 11/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Quark\QuarkXPress 6.1\QuarkXPress.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\SYSTEM32\TwcToolbarBho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\SYSTEM32\TwcToolbarIe7.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CCleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicr...scan/as4web.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{403051BB-ED55-4571-BBE9-1B9F9E024C7F}: NameServer = 10.128.10.21,10.128.10.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{403051BB-ED55-4571-BBE9-1B9F9E024C7F}: NameServer = 10.128.10.21,10.128.10.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{403051BB-ED55-4571-BBE9-1B9F9E024C7F}: NameServer = 10.128.10.21,10.128.10.22
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
--
End of file - 9374 bytes
1
Very Slow Computer
Started by tommyk, Nov 21 2007 05:57 PM
5 replies to this topic
#2 OFFLINE
-
- Spyware Moderators
-
- 1,821 posts
Power Member
- Gender:Male
- Location:Manchester. UK
- Interests:Music, Movies, Website Building & Design, Malware Testing/Research and spending time with friends & family.
Posted 22 November 2007 - 04:05 AM
Hi tommy,
Your log looks good, can you run these scans to see if they show any problems
Visit PCPitStop
Login/Register then click Test this system, it then may prompt you to install a ActiveX control , click Install if you get the option, then click Let's Go. When the tests are complete, a results page will pop up. Click Share these results with TechExpress on the menu then copy the URL provided and post it back, It should look like this:
Download this file - combofix.exe and save it to your desktop.
Double click combofix.exe & follow the prompts.
When it's finished, it will produce a log of what it found. Please post the contents of that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running as it may cause it to stall
Please then post back the PC Pitstop link and the Combofix log, let us know if you have any problems
Cheers
Andy
Your log looks good, can you run these scans to see if they show any problems
Visit PCPitStop
Login/Register then click Test this system, it then may prompt you to install a ActiveX control , click Install if you get the option, then click Let's Go. When the tests are complete, a results page will pop up. Click Share these results with TechExpress on the menu then copy the URL provided and post it back, It should look like this:
Quote
Download this file - combofix.exe and save it to your desktop.
Double click combofix.exe & follow the prompts.
When it's finished, it will produce a log of what it found. Please post the contents of that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running as it may cause it to stall
Please then post back the PC Pitstop link and the Combofix log, let us know if you have any problems
Cheers
Andy
#3 OFFLINE
-
- Members
-
- 176 posts
Advanced Member
Posted 26 November 2007 - 02:17 PM
AndyManchesta, on Nov 22 2007, 04:05 AM, said:
Hi tommy,
Your log looks good, can you run these scans to see if they show any problems
Visit PCPitStop
Login/Register then click Test this system, it then may prompt you to install a ActiveX control , click Install if you get the option, then click Let's Go. When the tests are complete, a results page will pop up. Click Share these results with TechExpress on the menu then copy the URL provided and post it back, It should look like this:
Download this file - combofix.exe and save it to your desktop.
Double click combofix.exe & follow the prompts.
When it's finished, it will produce a log of what it found. Please post the contents of that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running as it may cause it to stall
Please then post back the PC Pitstop link and the Combofix log, let us know if you have any problems
Cheers
Andy
Your log looks good, can you run these scans to see if they show any problems
Visit PCPitStop
Login/Register then click Test this system, it then may prompt you to install a ActiveX control , click Install if you get the option, then click Let's Go. When the tests are complete, a results page will pop up. Click Share these results with TechExpress on the menu then copy the URL provided and post it back, It should look like this:
Download this file - combofix.exe and save it to your desktop.
Double click combofix.exe & follow the prompts.
When it's finished, it will produce a log of what it found. Please post the contents of that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running as it may cause it to stall
Please then post back the PC Pitstop link and the Combofix log, let us know if you have any problems
Cheers
Andy
Here's the result from PC Pitstop (is this what you wanted?):
TechExpress link for your current results:
http://www.pcpitstop...QGZSW07LWVSBXVV
#4 OFFLINE
-
- Members
-
- 176 posts
Advanced Member
Posted 26 November 2007 - 07:53 PM
AndyManchesta, on Nov 22 2007, 04:05 AM, said:
Hi tommy,
Your log looks good, can you run these scans to see if they show any problems
Visit PCPitStop
Login/Register then click Test this system, it then may prompt you to install a ActiveX control , click Install if you get the option, then click Let's Go. When the tests are complete, a results page will pop up. Click Share these results with TechExpress on the menu then copy the URL provided and post it back, It should look like this:
Download this file - combofix.exe and save it to your desktop.
Double click combofix.exe & follow the prompts.
When it's finished, it will produce a log of what it found. Please post the contents of that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running as it may cause it to stall
Please then post back the PC Pitstop link and the Combofix log, let us know if you have any problems
Cheers
Andy
Your log looks good, can you run these scans to see if they show any problems
Visit PCPitStop
Login/Register then click Test this system, it then may prompt you to install a ActiveX control , click Install if you get the option, then click Let's Go. When the tests are complete, a results page will pop up. Click Share these results with TechExpress on the menu then copy the URL provided and post it back, It should look like this:
Download this file - combofix.exe and save it to your desktop.
Double click combofix.exe & follow the prompts.
When it's finished, it will produce a log of what it found. Please post the contents of that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running as it may cause it to stall
Please then post back the PC Pitstop link and the Combofix log, let us know if you have any problems
Cheers
Andy
Here's the combofix results:
ComboFix 07-11-19.4 - S Taylor 2007-11-26 14:48:32.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.134 [GMT -5:00]
Running from: C:\Documents and Settings\S Taylor\Local Settings\Temporary Internet Files\Content.IE5\4P30VI5I\ComboFix[1].exe
.
((((((((((((((((((((((((( Files Created from 2007-10-26 to 2007-11-26 )))))))))))))))))))))))))))))))
.
2007-11-26 09:21 <DIR> d-------- C:\Program Files\PCPitstop
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-26 13:02 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-11-26 13:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-26 12:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-26 12:58 --------- d-----w C:\Program Files\SpywareBlaster
2007-11-26 12:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-11-21 17:49 --------- d-----w C:\Program Files\Trend Micro
2007-11-15 14:56 --------- d-----w C:\Documents and Settings\S Taylor\Application Data\SiteAdvisor
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-10-25 17:29 --------- d-----w C:\Program Files\Network Associates
2007-10-25 17:26 --------- d-----w C:\Program Files\Common Files\Network Associates
2007-10-25 17:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-25 17:25 --------- d-----w C:\Program Files\McAfee
2007-10-25 17:25 --------- d-----w C:\Program Files\Common Files\McAfee
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-03-16 06:51]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-11 09:39]
"CCleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2007-11-22 11:10]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 13:06]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 09:36]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 09:31]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" [2006-11-17 12:39]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"StatusClient 2.6"="C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-27 12:29]
"TomcatStartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-05-20 11:40]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-01-07 12:02]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-03-08 20:13]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-03-30 10:42]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2007-02-22 19:50]
"PC Pitstop Optimize Scheduler"="C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" [2007-11-06 09:58]
"PCPitstop Optimize Registration Reminder"="C:\Program Files\PCPitstop\Optimize\Reminder.exe" [2007-11-06 09:58]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2007-07-11 07:24:15]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-11 09:39:18]
[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys
R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
R1 UDFReadr;UDFReadr;C:\WINDOWS\system32\drivers\UDFReadr.sys
R2 BASFND;BASFND;\??\C:\WINDOWS\System32\Drivers\BASFND.sys
R3 mfeapfk;McAfee Inc.;C:\WINDOWS\system32\drivers\mfeapfk.sys
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-11-26 12:58:27 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-26 14:50:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-26 14:51:17
C:\ComboFix2.txt ... 2007-11-26 09:33
.
--- E O F ---
#5 OFFLINE
-
- Members
-
- 176 posts
Advanced Member
Posted 27 November 2007 - 04:26 PM
AndyManchesta, on Nov 22 2007, 04:05 AM, said:
Hi tommy,
Your log looks good, can you run these scans to see if they show any problems
Visit PCPitStop
Login/Register then click Test this system, it then may prompt you to install a ActiveX control , click Install if you get the option, then click Let's Go. When the tests are complete, a results page will pop up. Click Share these results with TechExpress on the menu then copy the URL provided and post it back, It should look like this:
Download this file - combofix.exe and save it to your desktop.
Double click combofix.exe & follow the prompts.
When it's finished, it will produce a log of what it found. Please post the contents of that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running as it may cause it to stall
Please then post back the PC Pitstop link and the Combofix log, let us know if you have any problems
Cheers
Andy
Your log looks good, can you run these scans to see if they show any problems
Visit PCPitStop
Login/Register then click Test this system, it then may prompt you to install a ActiveX control , click Install if you get the option, then click Let's Go. When the tests are complete, a results page will pop up. Click Share these results with TechExpress on the menu then copy the URL provided and post it back, It should look like this:
Download this file - combofix.exe and save it to your desktop.
Double click combofix.exe & follow the prompts.
When it's finished, it will produce a log of what it found. Please post the contents of that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running as it may cause it to stall
Please then post back the PC Pitstop link and the Combofix log, let us know if you have any problems
Cheers
Andy
According to my Pitstop results:
My receive buffer size is currently set to system default. The default value usually does not provide the best performance.
Windows X not optimized for broadband internet . . . optimzed for dial up.
Can this be correct?
If so how do I set it up for broadband?
#6 OFFLINE
-
- Spyware Moderators
-
- 1,821 posts
Power Member
- Gender:Male
- Location:Manchester. UK
- Interests:Music, Movies, Website Building & Design, Malware Testing/Research and spending time with friends & family.
Posted 06 December 2007 - 04:33 PM
Thanks for your patience Tommy,
I wasnt able to get on the PC for afew days then ended up well behind on my emails so Im just starting to catchup
Your logs look fine, PC Pitstop didn't show any significant problems but you could follow their suggested solutions to see if it makes any improvements, its showing alot of versions of Java on your system and there only needs to be one installed, older versions can be vulnerable to some infections so its best to remove them and update to the latest version. Goto the Add/Remove screen (Start > Control Panel > Add or Remove Programs) and remove all versions of Java Runtime Environment (J2SE), once they are removed get the latest version from Sun's website here
http://www.java.com/...nload/index.jsp
Regarding the TCP Receive Buffer size, if you wanted to adjust the size it does explain how that can be done manually at the bottom of the page
If it was something you wanted to adjust to see if it improves the speed it maybe easier to use the TCP Optimizer program from here
http://www.speedguid...t/downloads.php
When you first run the program you can goto File on the top bar and choose Backup Current Settings and then save the file to your system before making any changes then if you wanted to restore them at a later stage you can go back to File on the top bar and choose Restore Backed Up Settings to return them to the way they are now or restore them to Microsofts default settings by choosing Restore Windows Default Settings,
Let us know if the speed is still a issue or if there's any remaining problems
Thanks
Andy
I wasnt able to get on the PC for afew days then ended up well behind on my emails so Im just starting to catchup
Your logs look fine, PC Pitstop didn't show any significant problems but you could follow their suggested solutions to see if it makes any improvements, its showing alot of versions of Java on your system and there only needs to be one installed, older versions can be vulnerable to some infections so its best to remove them and update to the latest version. Goto the Add/Remove screen (Start > Control Panel > Add or Remove Programs) and remove all versions of Java Runtime Environment (J2SE), once they are removed get the latest version from Sun's website here
http://www.java.com/...nload/index.jsp
Regarding the TCP Receive Buffer size, if you wanted to adjust the size it does explain how that can be done manually at the bottom of the page
Quote
Solutions
The change recommended below will usually increase performance for broadband users that have the default Windows settings.
Warning! Incorrectly editing the registry can cause your system to become unbootable. Back up any valuable data on the computer before changing the registry.
If you are running Windows XP, first set a system restore point:
Select Start | Help and Support | Undo changes to your computer with System Restore.
In the System Restore window select Create a restore point and click Next.
Give the restore point a name and click Create.
This manual adjustment changes the TCP Receive Window size and is recommended only for cable modem or DSL users running Windows XP or Windows 2000. To adjust more settings, or if you are running Windows 98 or Windows Me, we suggest using a software application like PC Pitstop Optimize to make sure all settings are adjusted properly.
To change your TCP Receive Window size:
Launch window registry editor by clicking on Start | Run .
Click in the Open dropdown box and type in regedit.exe then click OK .
Back up your registry by selecting File | Export type in a meaningful file name, in the export range section select All and save to your hard drive. To restore your old registry you simply import this file.
Next you need to create a new registry key. On the left side you need to go to the directory HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Select Edit | New | DWORD Value .
Rename the new registry key to TcpWindowSize.
Modify the registry setting for TcpWindowSize by double clicking on the key.
Change the Base Setting to Decimal.
Enter the value 64240 and click OK, then exit RegEdit.
For these settings to take effect you need to close all your open applications and reboot your system.
The change recommended below will usually increase performance for broadband users that have the default Windows settings.
Warning! Incorrectly editing the registry can cause your system to become unbootable. Back up any valuable data on the computer before changing the registry.
If you are running Windows XP, first set a system restore point:
Select Start | Help and Support | Undo changes to your computer with System Restore.
In the System Restore window select Create a restore point and click Next.
Give the restore point a name and click Create.
This manual adjustment changes the TCP Receive Window size and is recommended only for cable modem or DSL users running Windows XP or Windows 2000. To adjust more settings, or if you are running Windows 98 or Windows Me, we suggest using a software application like PC Pitstop Optimize to make sure all settings are adjusted properly.
To change your TCP Receive Window size:
Launch window registry editor by clicking on Start | Run .
Click in the Open dropdown box and type in regedit.exe then click OK .
Back up your registry by selecting File | Export type in a meaningful file name, in the export range section select All and save to your hard drive. To restore your old registry you simply import this file.
Next you need to create a new registry key. On the left side you need to go to the directory HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Select Edit | New | DWORD Value .
Rename the new registry key to TcpWindowSize.
Modify the registry setting for TcpWindowSize by double clicking on the key.
Change the Base Setting to Decimal.
Enter the value 64240 and click OK, then exit RegEdit.
For these settings to take effect you need to close all your open applications and reboot your system.
If it was something you wanted to adjust to see if it improves the speed it maybe easier to use the TCP Optimizer program from here
http://www.speedguid...t/downloads.php
When you first run the program you can goto File on the top bar and choose Backup Current Settings and then save the file to your system before making any changes then if you wanted to restore them at a later stage you can go back to File on the top bar and choose Restore Backed Up Settings to return them to the way they are now or restore them to Microsofts default settings by choosing Restore Windows Default Settings,
Let us know if the speed is still a issue or if there's any remaining problems
Thanks
Andy
