Slow Loading

Blind_Pew · Joined: Oct 27, 2006 Posts: 168

Malwarebytes' Anti-Malware 1.34
Database version: 1809
Windows 5.1.2600 Service Pack 3

2/27/2009 11:34:08 AM
mbam-log-2009-02-27 (11-34-0 Cool

.txt (face showed up on its own}

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 89723
Time elapsed: 16 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
--------------------------------------------------------
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/27/2009 at 07:27 PM

Application Version : 4.25.1014

Core Rules Database Version : 3778
Trace Rules Database Version: 1737

Scan type : Complete Scan
Total Scan Time : 00:19:03

Memory items scanned : 394
Memory threats detected : 0
Registry items scanned : 3965
Registry threats detected : 0
File items scanned : 13478
File threats detected : 0
-----------------------------------------------

"Scan ""Scan whole computer"" was finished."
"No infection was found during this scan"
"Folders selected for scanning:";"Scan whole computer"
"Scan started:";"Friday, February 27, 2009, 9:13:29 PM"
"Scan finished:";"Friday, February 27, 2009, 10:12:33 PM (59 minute(s) 3 second(s))"
"Total object scanned:";"310506"
"User who launched the scan:";"Cliff"

"Warnings"
"File";"Infection";"Result"
"C:\Documents and Settings\Cliff\Cookies\cliff@ad.yieldmanager[2].txt";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Cliff\Cookies\cliff@ad.yieldmanager[2].txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Cliff\Cookies\cliff@ad.yieldmanager[2].txt:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Documents and Settings\Cliff\Cookies\cliff@tribalfusion[1].txt";"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
"C:\Documents and Settings\Cliff\Cookies\cliff@tribalfusion[1].txt:\tribalfusion.com.dcc03271";"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
--------------------------------------------------------------------------

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-02-27 21:09:00
PROTECTIONS: 1
MALWARE: 2
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Anti-Virus Free 8.0 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Cliff\Cookies\cliff@tribalfusion[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Cliff\Cookies\cliff@ad.yieldmanager[2].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location e
;===================================================================================================================================================================================
No E:\AAA_download\exe._files\Cross_loop_Remote_assist\crossloopsetup.exe e
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description e
;===================================================================================================================================================================================
;===================================================================================================================================================================================

---------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:18 PM, on 2/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Security\AVG\avgwdsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
E:\Security\AVG\avgrsx.exe
E:\Security\AVG\avgemc.exe
E:\Security\AVG\avgnsx.exe
E:\Security\AVG\avgcsrvx.exe
E:\Security\AVG\avgtray.exe
C:\Program Files\Razer\Lachesis\razerhid.exe
C:\Program Files\Razer\Lachesis\OSD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\hphmon04.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Razer\Lachesis\razerofa.exe
E:\Security\Super\SUPERAntiSpyware.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=0&l=dir
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Security\AVG\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\Security\Spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\java\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\java\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\java\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AVG8_TRAY] E:\Security\AVG\avgtray.exe
O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "e:\Adobe\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Security\Super\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Security\Spybot\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Security\Spybot\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cli.../wuweb_
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Security\AVG\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - E:\Security\Super\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\Security\AVG\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\Security\AVG\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\java\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5927 bytes

I could close everything in system tray except disconnect for card reader HP printer.

System goes through post fine when it gets to Loading XP slows down and once it gets to desk top slow in loading Icons. Programs are slow in responding

Thanks B_P

greyknight17 · Joined: Feb 03, 2003 Posts: 5674 Location: Brooklyn, NY

I don't see anything suspicious here. Let's see if the following tool can show us anything else that may help:

Go to http://www.bleepingcomputer.com/combofix/how-to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.

Blind_Pew · Joined: Oct 27, 2006 Posts: 168

Thanks Greyknight for getting back so fast good to see nothing bad so far.
Here is Combo log.

ComboFix 09-02-27.02 - Cliff 2009-02-28 13:26:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1604 [GMT -5:00]
Running from: c:\documents and settings\Cliff\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\w32apiw.dll

.
((((((((((((((((((((((((( Files Created from 2009-01-28 to 2009-02-28 )))))))))))))))))))))))))))))))
.

2009-02-28 10:10 . 2009-02-28 10:11 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-02-28 10:10 . 2009-02-28 10:10 <DIR> d-------- c:\program files\AVG
2009-02-28 10:10 . 2009-02-28 10:10 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-02-28 10:10 . 2009-02-28 10:10 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-02-28 10:10 . 2009-02-28 10:10 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-02-28 09:53 . 2009-02-28 09:53 <DIR> d-------- c:\program files\Razer
2009-02-28 09:53 . 2009-02-28 09:53 <DIR> d-------- c:\documents and settings\Cliff\Application Data\InstallShield
2009-02-28 09:53 . 2007-08-08 09:51 249,856 --a------ c:\windows\system32\Lachesis.cpl
2009-02-28 01:01 . 2009-02-28 01:01 <DIR> d-------- c:\windows\nview
2009-02-28 01:01 . 2008-08-15 23:22 453,152 --a------ c:\windows\system32\nvudisp.exe
2009-02-28 01:01 . 2009-02-28 13:22 199,104 --a------ c:\windows\system32\nvapps.xml
2009-02-28 01:01 . 2008-08-15 23:22 18,335 --a------ c:\windows\system32\nvdisp.nvu
2009-02-28 01:00 . 2008-08-06 07:51 453,152 --a------ c:\windows\system32\NVUNINST.EXE
2009-02-27 21:16 . 2009-02-27 21:16 <DIR> d--h----- C:\$AVG8.VAULT$
2009-02-27 19:38 . 2009-02-27 19:38 <DIR> d-------- c:\program files\Panda Security
2009-02-27 19:38 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-02-27 19:05 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-27 19:05 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-27 10:55 . 2009-02-27 19:06 <DIR> d-------- c:\documents and settings\Cliff\Application Data\SUPERAntiSpyware.com
2009-02-27 10:55 . 2009-02-27 10:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-27 10:54 . 2009-02-27 10:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-27 10:05 . 2009-02-27 10:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Quicksys
2009-02-27 09:43 . 2009-02-27 09:43 <DIR> d-------- c:\documents and settings\Cliff\Application Data\TuneUp Software
2009-02-26 12:17 . 2009-02-26 12:22 <DIR> d-------- c:\documents and settings\Cliff\Application Data\Stellarium
2009-02-20 09:01 . 2009-02-20 09:01 2,208 --a------ c:\windows\system32\drivers\nxsIO32.sys
2009-02-20 08:59 . 2009-02-20 08:59 56,045 --a------ c:\windows\Run32A50.mch
2009-02-20 08:58 . 2009-02-20 08:58 <DIR> d-------- c:\windows\A5W_DATA
2009-02-20 08:58 . 2009-02-20 08:58 35 --a------ c:\windows\A5W.INI
2009-02-18 09:02 . 2009-02-18 09:02 <DIR> d-------- c:\windows\system32\Adobe
2009-02-18 09:00 . 2009-02-18 09:00 <DIR> d-------- c:\program files\Common Files\Adobe
2009-02-11 14:16 . 2009-02-28 08:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-09 13:18 . 2009-02-09 13:18 401,408 --a------ c:\windows\system32\nvcuvid.dll
2009-02-04 14:26 . 2009-02-28 00:11 137,992 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2009-02-04 13:05 . 2009-02-28 11:37 217 --a------ c:\windows\wininit.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-28 15:10 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
2009-02-28 14:53 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-28 05:10 201,816 ----a-w c:\windows\system32\PnkBstrB.exe
2009-02-28 00:06 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-14 18:21 --------- d-----w c:\documents and settings\Cliff\Application Data\gtk-2.0
2009-02-04 19:26 682,280 ----a-w c:\windows\system32\pbsvc.exe
2009-02-04 19:26 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-02-04 19:26 22,328 ----a-w c:\documents and settings\Cliff\Application Data\PnkBstrK.sys
2009-01-26 23:57 --------- d-----w c:\documents and settings\Cliff\Application Data\Inkscape
2009-01-21 12:49 118,656 ----a-w c:\windows\system32\drivers\Rtnicxp.sys
2009-01-21 04:32 --------- d-----w c:\documents and settings\All Users\Application Data\Razer
2009-01-16 19:45 73,728 ----a-w c:\windows\system32\RtNicProp32.dll
2009-01-14 20:10 --------- d-----w c:\documents and settings\Cliff\Application Data\GlarySoft
2009-01-07 17:00 118,784 ------w c:\windows\SeaMonkeyUninstall.exe
2009-01-07 17:00 118,784 ------w c:\windows\GREUninstall.exe
2008-12-31 18:51 --------- d-----w c:\documents and settings\All Users\Application Data\Saitek
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="e:\security\Super\SUPERAntiSpyware.exe" [2009-02-17 1830128]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lachesis"="c:\program files\Razer\Lachesis\razerhid.exe" [2007-09-12 172032]
"AVG8_TRAY"="e:\security\AVG\avgtray.exe" [2009-02-28 1261336]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-15 13570048]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-15 86016]
"HPHUPD04"="c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-11-22 49152]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-11-22 348160]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]
"Adobe Reader Speed Launcher"="e:\adobe\Reader\Reader_sl.exe" [2008-06-12 34672]
"nwiz"="nwiz.exe" [2008-08-15 c:\windows\system32\nwiz.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 c:\windows\system32\Ctxfihlp.exe]
"CTHelper"="CTHELPER.EXE" [2006-08-11 c:\windows\CTHELPER.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 e:\security\Super\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-28 10:10 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CoreCenter.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SB Audigy 2 Startup Menu
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\EAGames\\2142\\BF2142.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Security\\AVG\\avgemc.exe"=
"e:\\Security\\AVG\\avgupd.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-02-27 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-28 97928]
R1 SASDIFSV;SASDIFSV;e:\security\Super\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;e:\security\Super\SASKUTIL.SYS [2009-02-17 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;e:\security\AVG\avgemc.exe [2009-02-28 875288]
R2 avg8wd;AVG Free8 WatchDog;e:\security\AVG\avgwdsvc.exe [2009-02-28 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-28 76040]
R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\system32\drivers\nxsIO32.sys [2009-02-20 2208]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2008-10-30 12032]
R3 SaiH0464;SaiH0464;c:\windows\system32\drivers\SaiH0464.sys [2008-10-30 136832]
R3 SASENUM;SASENUM;e:\security\Super\SASENUM.SYS [2009-02-17 7408]
S3 uisp;Freescale USB JW32 driver;c:\windows\system32\drivers\Usbicp.sys [2008-10-30 14592]
.
Contents of the 'Scheduled Tasks' folder

2009-02-27 c:\windows\Tasks\1-Click Maintenance.job
- e:\registry\Tuneup\SystemOptimizer.exe []

2009-02-26 c:\windows\Tasks\GlaryInitialize.job
- e:\security\Glary\Glary Utilities\initialize.exe [2008-12-29 12:51]

2009-02-28 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\hp photosmart 11\printer\Hphusg04.exe [2002-11-22 14:50]

2009-02-28 c:\windows\Tasks\HP Usg Login.job
- c:\program files\hp photosmart 11\printer\Hphusg04.exe [2002-11-22 14:50]
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=0&l=dir
Trusted Zone: aol.com\free
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-28 13:26:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\avgrsstx.dll
e:\security\Super\SASWINLO.dll

- - - - - - - > 'lsass.exe'(788)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2009-02-28 13:27:50
ComboFix-quarantined-files.txt 2009-02-28 18:27:46

Pre-Run: 32,698,814,464 bytes free
Post-Run: 32,688,676,864 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

172 --- E O F --- 2009-02-25 14:22:11

greyknight17 · Joined: Feb 03, 2003 Posts: 5674 Location: Brooklyn, NY

Delete this file:

c:\windows\Tasks\1-Click Maintenance.job

Double click on c:\windows\wininit.ini to open it up in Notepad. Copy and paste the contents of that file here and then delete all those lines. Copy and paste the following two lines back into the file and save it:

[rename]
nul=

Restart the computer. Is it still slow now in loading? If so, try running the Windows disk defragmenter to see if it helps.

You can also download and install BootVis. Run it and do a trace and reboot to see what's causing the slowdown. It should decrease the load time a little after it reboots the computer.

Blind_Pew · Joined: Oct 27, 2006 Posts: 168

[rename]
c:\tempjunk4013.tmp=C:\WINDOWS\SchedLgU.Txt
nul=c:\tempjunk7048.tmp
c:\tempjunk7333.tmp=C:\WINDOWS\SchedLgU.Txt
c:\tempjunk7424.tmp=C:\WINDOWS\SchedLgU.Txt
c:\tempjunk7048.tmp=C:\WINDOWS\SchedLgU.Txt

System definitely loads quicker now .

The one click maintenance you had me delete does that have to do with Glary utilities? If so I have no problem uninstalling the program if needed.

Also ran Bootvis part of it said write caching disabled first part of graph but then dropped down. Checked drives and under policies it shows check mark next to write caching. So should it be enabled ?

greyknight17 · Joined: Feb 03, 2003 Posts: 5674 Location: Brooklyn, NY

That 1-click maintenance is from a program called System Optimizer from TuneUp. It looks like the program was already removed which is why I asked you to delete it (no use having it point no where Wink

).

You may leave it alone if your system is running back at normal speed again. I usually suggest BootVis since it can decrease load times (for most computers)...even if it's just a few seconds. If you still need help on that, please ask in the Windows board for more assistance.

Good job. Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.

Blind_Pew · Joined: Oct 27, 2006 Posts: 168

Thanks again greyknight everything is running back to normal