Computer becoming sluggish and not running properly

View previous topic View next topic Go down

Computer becoming sluggish and not running properly

Post by Incharge on 24th August 2009, 4:38 am

Hi,
My name is Jason and I believe I may have a virus or some type of Malware (Not sure). The computer runs a little sluggish and not all programs are running correctly ie. I can no longer run CDBurnerXP anymore, 2 days ago this was fine. I think my .NET Framework software is corrupted.

I run Windows XP SP3.

Below you will find my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:13 PM, on 24/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Shield\shieldtray.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Shield\shdserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Shield\shieldclnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jason\Desktop\winlogon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 63.149.98.170:80
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [shield] C:\Program Files\Shield\shieldtray.exe
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B34CA4F-6226-4831-9A71-94C2D012530D}: NameServer = 203.0.178.191
O22 - SharedTaskScheduler: {93ac7c30-3878-4eaa-9420-7977285df5b1} - cinnamomum - (no file)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\ASTSRV.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)
O23 - Service: SHDSERV - Unknown owner - C:\Program Files\Shield\shdserv.exe
O23 - Service: Shield Client Service (ShieldClientService) - Unknown owner - C:\Program Files\Shield\shieldclnt.exe

--
End of file - 6233 bytes

Regards
Jason.

Incharge
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-08-24
Gender Gender : Male
OS OS : XP
Protection Protection : Microsoft Security Essentials
Points Points : 26805
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer becoming sluggish and not running properly

Post by Origin on 25th August 2009, 4:55 pm

Hello Incharge,

Welcome to Geek Police, my name is Origin and I will be helping you today. Please keep the following in mind:

  • If you do not get a reply from me or another helper within 2 days, please reply to your topic with the phrase BUMP
  • If you have any cracked/pirated software in your computer delete them or we will not help you.
  • Only follow advise from Geek Police Staff and not a regular member.
  • Do NOT run any tool without Geek Police supervision as it could hinder your system useless.

  • Open HijackThis.
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 63.149.98.170:80



  • Press "Fix Checked"
  • Close Hijack This.
Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer becoming sluggish and not running properly

Post by Incharge on 25th August 2009, 10:50 pm

Hi Origin,

Thanks for helping me out. I performed the step above in Hijackthis and a quick scan with Mbam.

Here is the Mbam log as requested:

Malwarebytes' Anti-Malware 1.40
Database version: 2696
Windows 5.1.2600 Service Pack 3

26/08/2009 6:40:35 AM
mbam-log-2009-08-26 (06-40-29).txt

Scan type: Quick Scan
Objects scanned: 98157
Time elapsed: 7 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\ctfmon_dw.exe.XXX (Trojan.Downloader) -> No action taken.

Cheers
Jason.

Incharge
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-08-24
Gender Gender : Male
OS OS : XP
Protection Protection : Microsoft Security Essentials
Points Points : 26805
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer becoming sluggish and not running properly

Post by Incharge on 25th August 2009, 10:53 pm

Sorry for the previous log, as this was copied before the file was actioned.

Here is the correct log:

Malwarebytes' Anti-Malware 1.40
Database version: 2696
Windows 5.1.2600 Service Pack 3

26/08/2009 6:40:40 AM
mbam-log-2009-08-26 (06-40-40).txt

Scan type: Quick Scan
Objects scanned: 98157
Time elapsed: 7 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\ctfmon_dw.exe.XXX (Trojan.Downloader) -> Quarantined and deleted successfully.

Cheers
Jason.

Incharge
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-08-24
Gender Gender : Male
OS OS : XP
Protection Protection : Microsoft Security Essentials
Points Points : 26805
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer becoming sluggish and not running properly

Post by Origin on 28th August 2009, 3:37 pm

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer becoming sluggish and not running properly

Post by Incharge on 28th August 2009, 10:27 pm

Hi Origin,

Here is my ComboFix Log:

ComboFix 09-08-28.01 - Jason 29/08/2009 6:09.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.577 [GMT 8:00]
Running from: c:\documents and settings\Jason\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jason\Application Data\inst.exe
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\Installer\20c88e7.msi
c:\windows\Installer\2858e66.msi
c:\windows\Installer\2a3989.msp
c:\windows\Installer\2cdd5.msp
c:\windows\Installer\40e11.msi
c:\windows\system\winaspi.dll
c:\windows\system\wowpost.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\UA000022.DLL
c:\windows\UA000071.DLL
c:\windows\v10neformatic.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NDISRD
-------\Service_NPF
-------\Legacy_NDISRD
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-28 )))))))))))))))))))))))))))))))
.

2009-08-28 21:52 . 2009-08-28 22:08 6736 ----a-w- c:\windows\system32\drivers\PROCEXP90.SYS
2009-08-27 13:30 . 2009-08-27 13:48 -------- d-----w- c:\windows\geswall
2009-08-27 13:29 . 2009-08-27 13:59 -------- d-----w- c:\program files\geswall
2009-08-27 10:52 . 2009-08-27 10:52 -------- d-----w- c:\documents and settings\Jason\Application Data\ImgBurn
2009-08-27 10:51 . 2009-08-27 10:52 -------- d-----w- c:\program files\ImgBurn
2009-08-27 10:01 . 2009-08-27 10:04 -------- d-----w- C:\Sue Box Creations (Complete)
2009-08-26 03:31 . 2009-08-26 03:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Princess Isabella
2009-08-25 10:54 . 2009-08-25 10:54 -------- d-----w- c:\documents and settings\All Users\Application Data\blg
2009-08-25 03:09 . 2009-08-27 13:56 117760 ----a-w- c:\documents and settings\Jason\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-25 03:08 . 2009-08-25 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-25 03:08 . 2009-08-25 03:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-25 03:08 . 2009-08-25 03:08 -------- d-----w- c:\documents and settings\Jason\Application Data\SUPERAntiSpyware.com
2009-08-25 03:08 . 2009-08-25 03:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-25 03:07 . 2009-08-25 03:07 -------- d-----w- c:\documents and settings\Jason\Application Data\Malwarebytes
2009-08-25 03:07 . 2009-08-03 05:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-25 03:07 . 2009-08-25 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-25 03:07 . 2009-08-25 03:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-25 03:07 . 2009-08-03 05:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-25 01:12 . 2009-08-25 01:12 -------- d-----w- c:\documents and settings\Jason\Application Data\blg
2009-08-25 01:11 . 2009-08-25 01:11 -------- d-----w- c:\program files\ReflexiveArcade
2009-08-24 08:27 . 2009-08-24 08:27 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-08-22 11:16 . 2009-08-22 11:16 -------- d-----w- c:\documents and settings\Jason\Application Data\Batovi
2009-08-21 11:56 . 2009-08-21 11:56 -------- d-----w- c:\documents and settings\Jason\Application Data\MA
2009-08-17 23:17 . 2009-08-17 23:17 -------- d-----w- c:\documents and settings\Jason\Application Data\PoBros
2009-08-17 23:17 . 2009-08-17 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\PoBros
2009-08-11 22:12 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-09 23:13 . 2009-08-16 23:06 -------- d-----w- c:\documents and settings\Jason\Application Data\SulusGames
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-31 12:12 . 2009-07-31 12:12 -------- d-----w- c:\documents and settings\Jason\Application Data\Little Games Company
2009-07-31 11:14 . 2009-07-31 11:14 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-30 13:42 . 2009-07-30 13:42 157184 ----a-w- c:\windows\system32\drivers\geswall.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-28 22:18 . 2009-06-25 01:35 -------- d-----w- c:\program files\Shield
2009-08-28 21:41 . 2008-04-15 10:25 -------- d-----w- c:\documents and settings\Jason\Application Data\MailWasherPro
2009-08-28 21:41 . 2005-12-08 13:26 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-27 13:39 . 2007-08-01 10:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-05 22:18 . 2009-07-29 00:47 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 04:53 . 2009-07-12 03:35 -------- d-----w- c:\program files\ABBYY FineReader 6.0 Sprint
2009-08-02 04:42 . 2009-07-12 06:46 -------- d-----w- c:\documents and settings\Jason\Application Data\Nitro PDF
2009-08-01 10:41 . 2009-07-03 08:04 -------- d-----w- c:\documents and settings\Jason\Application Data\ZEMNOTT
2009-07-29 00:47 . 2009-07-29 00:47 -------- d-----w- c:\program files\Avira
2009-07-29 00:47 . 2009-07-29 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-07-22 23:45 . 2008-06-03 13:03 -------- d-----w- c:\documents and settings\Jason\Application Data\Games
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 15:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-12 06:44 . 2009-07-12 06:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Nitro PDF
2009-07-12 06:44 . 2009-07-12 06:44 -------- d-----w- c:\program files\Common Files\Nitro PDF
2009-07-12 06:44 . 2009-07-12 06:44 -------- d-----w- c:\program files\Nitro PDF
2009-07-12 04:54 . 2009-07-12 03:51 -------- d-----w- c:\documents and settings\Jason\Application Data\Epson
2009-07-12 03:44 . 2009-07-12 03:33 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2009-07-12 03:41 . 2009-07-12 03:41 -------- d-----w- c:\program files\EpsonNet
2009-07-12 03:41 . 2005-11-29 07:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-12 03:40 . 2005-12-08 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\UDL
2009-07-12 03:39 . 2009-07-12 03:37 -------- d-----w- c:\program files\Epson Software
2009-07-12 03:39 . 2009-07-12 03:33 -------- d-----w- c:\program files\epson
2009-07-12 03:34 . 2009-07-12 03:34 -------- d-----w- c:\documents and settings\Jason\Application Data\InstallShield
2009-07-11 11:19 . 2009-07-08 22:15 -------- d-----w- c:\documents and settings\Jason\Application Data\Gamers Digital
2009-07-10 22:17 . 2009-06-10 08:51 -------- d-----w- c:\program files\FastStone Capture
2009-07-09 00:09 . 2009-07-09 00:09 -------- d-----w- c:\documents and settings\Jason\Application Data\Anabel
2009-07-07 10:00 . 2009-07-06 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Intenium
2009-07-06 23:29 . 2009-07-06 23:29 -------- d-----w- c:\documents and settings\Jason\Application Data\Island
2009-07-06 07:03 . 2009-07-03 07:44 -------- d-----w- c:\documents and settings\Jason\Application Data\V-Games
2009-07-06 00:09 . 2009-07-06 00:09 -------- d-----w- c:\documents and settings\Jason\Application Data\Aisle 5 Games, Inc
2009-07-04 10:06 . 2009-07-04 10:06 -------- d-----w- c:\program files\Rainlendar2
2009-07-03 17:09 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-02 03:31 . 2009-07-02 03:31 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-02 03:31 . 2009-07-02 03:31 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-02 03:31 . 2009-07-02 03:31 -------- d-----w- c:\program files\OpenAL
2009-07-01 17:30 . 2009-06-07 09:36 -------- d-----w- c:\documents and settings\Jason\Application Data\Artogon
2009-07-01 08:08 . 2008-12-26 08:04 -------- d-----w- c:\documents and settings\Jason\Application Data\DMCache
2009-06-30 15:40 . 2009-06-30 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-06-29 23:33 . 2009-06-29 23:16 -------- d-----w- c:\documents and settings\Jason\Application Data\Camel101
2009-06-28 09:56 . 2005-12-21 07:43 45288 ----a-w- c:\documents and settings\Jason\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-27 15:59 . 2006-06-14 11:44 42 ----a-w- c:\windows\popcinfo.dat
2009-06-25 08:25 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-24 10:56 . 2004-08-10 05:02 22816 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-24 10:55 . 2009-06-24 10:55 1663 ----a-w- c:\windows\inf\COMCF.tmp
2009-06-20 04:42 . 2009-06-20 04:42 74240 ----a-w- c:\windows\system32\zlibwapi.dll
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 08:11 . 2009-06-15 08:11 61760 ----a-w- c:\windows\system32\ASTSRV.EXE
2009-06-15 08:11 . 2009-07-12 06:45 17728 ----a-w- c:\windows\system32\nitrolocalui.dll
2009-06-15 08:10 . 2009-07-12 06:45 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll
2009-06-12 12:31 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-10 01:19 . 2004-08-10 05:01 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-09 00:52 . 2009-06-09 00:52 233472 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjstrategyui1.5a2f52359fe99e4484435bbaf8f92b30.dll
2009-06-09 00:52 . 2009-06-09 00:52 225280 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjgoldautoplayplugin.9e04124b2f25d98a562d14260b995f0c.dll
2009-06-09 00:52 . 2009-06-09 00:52 589824 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjgoldplugin.30ebac308b430f373d22851023dddb58.dll
2009-06-09 00:52 . 2009-06-09 00:52 512000 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjgoldxxx.098a7b3de069b4b076bd8c2cc92131be.dll
2009-06-09 00:51 . 2009-06-09 00:51 147456 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjstrategylogic1.cae96e5e68740973929725d2ac549cc0.dll
2009-06-09 00:51 . 2009-06-09 00:51 233472 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjgoldstatsplugin.67546387f1af1fe46f021dbce8a072f4.dll
2009-06-09 00:35 . 2009-06-09 00:35 217360 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\v\videopokersuite1.03dd648f567bef124a1d270ad208752a.dll
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2006-02-09 04:01 . 2006-02-09 04:01 339 ---ha-w- c:\program files\ulAR.cfg
2009-01-01 06:44 . 2009-01-01 06:44 61440 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2005-07-14 18:31 . 2006-05-24 16:37 27648 --sha-w- c:\windows\system32\AVSredirect.dll
.

Incharge
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-08-24
Gender Gender : Male
OS OS : XP
Protection Protection : Microsoft Security Essentials
Points Points : 26805
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer becoming sluggish and not running properly

Post by Incharge on 28th August 2009, 10:27 pm

Here is the second part:

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GeSWall]
@="{F6ACC71C-420B-4a95-905C-C7534706813C}"
[HKEY_CLASSES_ROOT\CLSID\{F6ACC71C-420B-4a95-905C-C7534706813C}]
2009-07-24 05:21 737280 ----a-w- c:\program files\geswall\gswshext.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2009-08-22 5148672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"shield"="c:\program files\Shield\shieldtray.exe" [2008-05-20 3391488]
"SmartDefrag"="c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2009-07-02 2453264]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{F6ACC71C-420B-4a95-905C-C7534706813C}"= "c:\program files\geswall\gswshext.dll" [2009-07-24 737280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 04:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\documents and settings\Jason\Desktop

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"RichVideo"=2 (0x2)
"NitroDriverReadSpool"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MimBoot"=c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe
"SigmatelSysTrayApp"=stsystra.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8014:TCP"= 8014:TCP:BitComet 8014 TCP
"8014:UDP"= 8014:UDP:BitComet 8014 UDP
"25239:TCP"= 25239:TCP:BitComet 25239 TCP
"25239:UDP"= 25239:UDP:BitComet 25239 UDP
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 GeSWall;GeSWall;c:\windows\system32\drivers\geswall.sys [30/07/2009 9:42 PM 157184]
R0 Shdbus;Shdbus;c:\windows\system32\drivers\Shdbus.sys [25/06/2009 9:37 AM 7360]
R0 Shield;Shield;c:\windows\system32\drivers\Shield.sys [25/06/2009 9:37 AM 105408]
R0 Shieldf;Shieldf;c:\windows\system32\drivers\Shieldf.sys [25/06/2009 9:37 AM 22976]
R0 Shieldm;Shieldm;c:\windows\system32\drivers\Shieldm.sys [25/06/2009 9:37 AM 30528]
R1 cloverm;cloverm;c:\windows\system32\drivers\cloverm.sys [25/06/2009 9:37 AM 477568]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [02/01/2009 6:57 PM 159600]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/08/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/08/2009 4:06 PM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [29/07/2009 8:47 AM 108289]
R2 gswserv;GeSWall service;c:\program files\geswall\gswserv.exe [29/07/2009 10:06 PM 970752]
R2 HOSTNT;HOSTNT;c:\windows\system32\drivers\hostnt.sys [12/01/2009 7:42 PM 10304]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [02/01/2009 6:57 PM 73840]
R2 ShieldClientService;Shield Client Service;c:\program files\Shield\ShieldClnt.exe [25/06/2009 9:36 AM 45056]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/08/2009 4:06 PM 7408]
S3 UsbC;SafeNet MicroDog USB Device Driver;c:\windows\system32\drivers\rcusbwdm.sys [12/01/2009 7:43 PM 65216]
S4 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [15/06/2009 4:13 PM 188736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-28 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-07-03 07:35]

2009-08-28 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2009-07-03 02:15]

2009-08-23 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-07-07 01:22]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
TCP: {4B34CA4F-6226-4831-9A71-94C2D012530D} = 203.0.178.191
FF - ProfilePath - c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\k60rf2zo.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\k60rf2zo.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-08-29 06:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{404c86c9-987d-4dcd-9b9f-ee99c6a7bd73}]
@Denied: (Full) (Everyone)
"Model"=dword:00000077
"Therad"=dword:0000001f
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d,
df,1c,2f,3b,8a,0a,32,11,89,01,b5,d8,7e,34,e4,b9,e7,af,76,c5,c9,75,58,c1,0b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):e3,db,48,85,28,34,f2,74,92,19,25,52,93,c0,44,44,30,5e,7e,c0,a0,
5f,7f,6e,56,a0,83,f4,b4,ef,67,f0,0e,53,ce,81,9c,84,e3,f7,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(836)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1868)
c:\windows\system32\WININET.dll
c:\program files\geswall\gswshext.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\ASTSRV.EXE
c:\windows\system32\Crypserv.exe
c:\program files\Shield\SHDSERV.exe
.
**************************************************************************
.
Completion time: 2009-08-28 6:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-28 22:22

Pre-Run: 215,364,993,024 bytes free
Post-Run: 215,108,517,888 bytes free

365 --- E O F --- 2009-08-11 23:23

Incharge
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-08-24
Gender Gender : Male
OS OS : XP
Protection Protection : Microsoft Security Essentials
Points Points : 26805
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer becoming sluggish and not running properly

Post by Belahzur on 29th August 2009, 6:11 pm

Hello.

Now open a new notepad file.
Input this into the notepad file:

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{404c86c9-987d-4dcd-9b9f-ee99c6a7bd73}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Computer becoming sluggish and not running properly

Post by Incharge on 30th August 2009, 2:29 am

Hi Belahzur,

Here is my new ComboFix log (part 1):

ComboFix 09-08-29.01 - Jason 30/08/2009 10:19.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.664 [GMT 8:00]
Running from: c:\documents and settings\Jason\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Jason\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-30 )))))))))))))))))))))))))))))))
.

2009-08-29 12:29 . 2009-08-29 12:32 -------- dc-h--w- c:\windows\ie8
2009-08-29 11:12 . 2009-08-29 11:12 -------- d-----w- c:\windows\geswall
2009-08-29 11:12 . 2009-08-29 11:12 -------- d-----w- c:\windows\system32\GroupPolicy
2009-08-29 11:12 . 2009-08-29 12:11 -------- d-----w- c:\program files\geswall
2009-08-29 10:50 . 2009-08-29 10:50 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-29 09:59 . 2009-08-29 11:10 -------- d-----w- c:\windows\system32\GroupPolicy(2)
2009-08-28 21:52 . 2009-08-30 02:18 6736 ----a-w- c:\windows\system32\drivers\PROCEXP90.SYS
2009-08-27 10:52 . 2009-08-27 10:52 -------- d-----w- c:\documents and settings\Jason\Application Data\ImgBurn
2009-08-27 10:51 . 2009-08-27 10:52 -------- d-----w- c:\program files\ImgBurn
2009-08-27 10:01 . 2009-08-27 10:04 -------- d-----w- C:\Sue Box Creations (Complete)
2009-08-26 03:31 . 2009-08-26 03:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Princess Isabella
2009-08-25 10:54 . 2009-08-25 10:54 -------- d-----w- c:\documents and settings\All Users\Application Data\blg
2009-08-25 03:09 . 2009-08-27 13:56 117760 ----a-w- c:\documents and settings\Jason\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-25 03:08 . 2009-08-25 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-25 03:08 . 2009-08-25 03:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-25 03:08 . 2009-08-25 03:08 -------- d-----w- c:\documents and settings\Jason\Application Data\SUPERAntiSpyware.com
2009-08-25 03:08 . 2009-08-25 03:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-25 03:07 . 2009-08-25 03:07 -------- d-----w- c:\documents and settings\Jason\Application Data\Malwarebytes
2009-08-25 03:07 . 2009-08-03 05:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-25 03:07 . 2009-08-25 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-25 03:07 . 2009-08-25 03:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-25 03:07 . 2009-08-03 05:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-25 01:12 . 2009-08-25 01:12 -------- d-----w- c:\documents and settings\Jason\Application Data\blg
2009-08-25 01:11 . 2009-08-25 01:11 -------- d-----w- c:\program files\ReflexiveArcade
2009-08-24 08:27 . 2009-08-24 08:27 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-08-22 11:16 . 2009-08-22 11:16 -------- d-----w- c:\documents and settings\Jason\Application Data\Batovi
2009-08-21 11:56 . 2009-08-21 11:56 -------- d-----w- c:\documents and settings\Jason\Application Data\MA
2009-08-17 23:17 . 2009-08-17 23:17 -------- d-----w- c:\documents and settings\Jason\Application Data\PoBros
2009-08-17 23:17 . 2009-08-17 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\PoBros
2009-08-11 22:12 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-09 23:13 . 2009-08-16 23:06 -------- d-----w- c:\documents and settings\Jason\Application Data\SulusGames
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-31 12:12 . 2009-07-31 12:12 -------- d-----w- c:\documents and settings\Jason\Application Data\Little Games Company
2009-07-31 11:14 . 2009-07-31 11:14 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-30 02:10 . 2008-04-15 10:25 -------- d-----w- c:\documents and settings\Jason\Application Data\MailWasherPro
2009-08-29 11:16 . 2005-12-08 13:26 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-29 06:10 . 2009-06-25 01:35 -------- d-----w- c:\program files\Shield
2009-08-27 13:39 . 2007-08-01 10:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-05 22:18 . 2009-07-29 00:47 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 04:53 . 2009-07-12 03:35 -------- d-----w- c:\program files\ABBYY FineReader 6.0 Sprint
2009-08-02 04:42 . 2009-07-12 06:46 -------- d-----w- c:\documents and settings\Jason\Application Data\Nitro PDF
2009-08-01 10:41 . 2009-07-03 08:04 -------- d-----w- c:\documents and settings\Jason\Application Data\ZEMNOTT
2009-07-30 13:42 . 2009-07-30 13:42 157184 ----a-w- c:\windows\system32\drivers\geswall.sys
2009-07-29 00:47 . 2009-07-29 00:47 -------- d-----w- c:\program files\Avira
2009-07-29 00:47 . 2009-07-29 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-07-22 23:45 . 2008-06-03 13:03 -------- d-----w- c:\documents and settings\Jason\Application Data\Games
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 15:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-12 06:44 . 2009-07-12 06:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Nitro PDF
2009-07-12 06:44 . 2009-07-12 06:44 -------- d-----w- c:\program files\Common Files\Nitro PDF
2009-07-12 06:44 . 2009-07-12 06:44 -------- d-----w- c:\program files\Nitro PDF
2009-07-12 04:54 . 2009-07-12 03:51 -------- d-----w- c:\documents and settings\Jason\Application Data\Epson
2009-07-12 03:44 . 2009-07-12 03:33 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2009-07-12 03:41 . 2009-07-12 03:41 -------- d-----w- c:\program files\EpsonNet
2009-07-12 03:41 . 2005-11-29 07:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-12 03:40 . 2005-12-08 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\UDL
2009-07-12 03:39 . 2009-07-12 03:37 -------- d-----w- c:\program files\Epson Software
2009-07-12 03:39 . 2009-07-12 03:33 -------- d-----w- c:\program files\epson
2009-07-12 03:34 . 2009-07-12 03:34 -------- d-----w- c:\documents and settings\Jason\Application Data\InstallShield
2009-07-11 11:19 . 2009-07-08 22:15 -------- d-----w- c:\documents and settings\Jason\Application Data\Gamers Digital
2009-07-10 22:17 . 2009-06-10 08:51 -------- d-----w- c:\program files\FastStone Capture
2009-07-09 00:09 . 2009-07-09 00:09 -------- d-----w- c:\documents and settings\Jason\Application Data\Anabel
2009-07-07 10:00 . 2009-07-06 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Intenium
2009-07-06 23:29 . 2009-07-06 23:29 -------- d-----w- c:\documents and settings\Jason\Application Data\Island
2009-07-06 07:03 . 2009-07-03 07:44 -------- d-----w- c:\documents and settings\Jason\Application Data\V-Games
2009-07-06 00:09 . 2009-07-06 00:09 -------- d-----w- c:\documents and settings\Jason\Application Data\Aisle 5 Games, Inc
2009-07-04 10:06 . 2009-07-04 10:06 -------- d-----w- c:\program files\Rainlendar2
2009-07-03 17:09 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-02 03:31 . 2009-07-02 03:31 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-02 03:31 . 2009-07-02 03:31 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-02 03:31 . 2009-07-02 03:31 -------- d-----w- c:\program files\OpenAL
2009-07-01 17:30 . 2009-06-07 09:36 -------- d-----w- c:\documents and settings\Jason\Application Data\Artogon
2009-07-01 08:08 . 2008-12-26 08:04 -------- d-----w- c:\documents and settings\Jason\Application Data\DMCache
2009-06-28 09:56 . 2005-12-21 07:43 45288 ----a-w- c:\documents and settings\Jason\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-27 15:59 . 2006-06-14 11:44 42 ----a-w- c:\windows\popcinfo.dat
2009-06-25 08:25 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-24 10:56 . 2004-08-10 05:02 22816 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-24 10:55 . 2009-06-24 10:55 1663 ----a-w- c:\windows\inf\COMCF.tmp
2009-06-20 04:42 . 2009-06-20 04:42 74240 ----a-w- c:\windows\system32\zlibwapi.dll
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 08:11 . 2009-06-15 08:11 61760 ----a-w- c:\windows\system32\ASTSRV.EXE
2009-06-15 08:11 . 2009-07-12 06:45 17728 ----a-w- c:\windows\system32\nitrolocalui.dll
2009-06-15 08:10 . 2009-07-12 06:45 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll
2009-06-12 12:31 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-10 01:19 . 2004-08-10 05:01 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-09 00:52 . 2009-06-09 00:52 233472 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjstrategyui1.5a2f52359fe99e4484435bbaf8f92b30.dll
2009-06-09 00:52 . 2009-06-09 00:52 225280 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjgoldautoplayplugin.9e04124b2f25d98a562d14260b995f0c.dll
2009-06-09 00:52 . 2009-06-09 00:52 589824 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjgoldplugin.30ebac308b430f373d22851023dddb58.dll
2009-06-09 00:52 . 2009-06-09 00:52 512000 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjgoldxxx.098a7b3de069b4b076bd8c2cc92131be.dll
2009-06-09 00:51 . 2009-06-09 00:51 147456 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjstrategylogic1.cae96e5e68740973929725d2ac549cc0.dll
2009-06-09 00:51 . 2009-06-09 00:51 233472 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjgoldstatsplugin.67546387f1af1fe46f021dbce8a072f4.dll
2009-06-09 00:35 . 2009-06-09 00:35 217360 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\v\videopokersuite1.03dd648f567bef124a1d270ad208752a.dll
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2006-02-09 04:01 . 2006-02-09 04:01 339 ---ha-w- c:\program files\ulAR.cfg
2009-01-01 06:44 . 2009-01-01 06:44 61440 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2005-07-14 18:31 . 2006-05-24 16:37 27648 --sha-w- c:\windows\system32\AVSredirect.dll

Incharge
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-08-24
Gender Gender : Male
OS OS : XP
Protection Protection : Microsoft Security Essentials
Points Points : 26805
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer becoming sluggish and not running properly

Post by Incharge on 30th August 2009, 2:31 am

Here is my new ComboFix log (part 2):

.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-29 10:42 . 2009-08-29 10:51 49228 c:\windows\system32\Restore\rstrlog.dat
+ 2009-08-29 12:38 . 2009-05-26 11:40 17272 c:\windows\ie8updates\KB972260-IE8\spmsg.dll
+ 2009-08-29 12:38 . 2009-05-26 11:40 26488 c:\windows\ie8updates\KB972260-IE8\spcustom.dll
- 2009-07-28 23:10 . 2009-03-07 20:31 55296 c:\windows\ie8updates\KB972260-IE8\msfeedsbs.dll
+ 2009-08-29 12:38 . 2009-03-07 20:31 55296 c:\windows\ie8updates\KB972260-IE8\msfeedsbs.dll
- 2009-07-28 23:10 . 2009-04-30 21:22 25600 c:\windows\ie8updates\KB972260-IE8\jsproxy.dll
+ 2009-08-29 12:38 . 2009-03-07 20:33 25600 c:\windows\ie8updates\KB972260-IE8\jsproxy.dll
+ 2009-08-29 12:31 . 2009-03-08 06:23 58464 c:\windows\ie8\spuninst\iecustom.dll
- 2009-06-26 05:43 . 2009-03-08 06:23 58464 c:\windows\ie8\spuninst\iecustom.dll
- 2009-06-26 05:41 . 2009-04-29 04:56 44544 c:\windows\ie8\pngfilt.dll
+ 2009-08-29 12:29 . 2009-04-29 04:56 44544 c:\windows\ie8\pngfilt.dll
- 2009-06-26 05:41 . 2007-08-13 10:01 48128 c:\windows\ie8\mshtmler.dll
+ 2009-08-29 12:29 . 2007-08-13 10:01 48128 c:\windows\ie8\mshtmler.dll
+ 2009-08-29 12:29 . 2007-08-13 10:32 45568 c:\windows\ie8\mshta.exe
- 2009-06-26 05:41 . 2007-08-13 10:32 45568 c:\windows\ie8\mshta.exe
- 2009-06-26 05:41 . 2009-04-29 04:55 52224 c:\windows\ie8\msfeedsbs.dll
+ 2009-08-29 12:29 . 2009-04-29 04:55 52224 c:\windows\ie8\msfeedsbs.dll
- 2009-06-26 05:41 . 2007-08-13 10:44 40960 c:\windows\ie8\licmgr10.dll
+ 2009-08-29 12:29 . 2007-08-13 10:44 40960 c:\windows\ie8\licmgr10.dll
+ 2009-08-29 12:29 . 2009-04-29 04:55 27648 c:\windows\ie8\jsproxy.dll
- 2009-06-26 05:41 . 2009-04-29 04:55 27648 c:\windows\ie8\jsproxy.dll
+ 2009-08-29 12:29 . 2007-08-13 10:39 92672 c:\windows\ie8\inseng.dll
- 2009-06-26 05:41 . 2007-08-13 10:39 92672 c:\windows\ie8\inseng.dll
- 2009-06-26 05:41 . 2007-08-13 10:36 36352 c:\windows\ie8\imgutil.dll
+ 2009-08-29 12:29 . 2007-08-13 10:36 36352 c:\windows\ie8\imgutil.dll
+ 2009-08-29 12:29 . 2007-08-13 10:39 55296 c:\windows\ie8\iesetup.dll
- 2009-06-26 05:41 . 2007-08-13 10:39 55296 c:\windows\ie8\iesetup.dll
+ 2009-08-29 12:29 . 2009-04-29 04:55 44544 c:\windows\ie8\iernonce.dll
- 2009-06-26 05:41 . 2009-04-29 04:55 44544 c:\windows\ie8\iernonce.dll
- 2009-06-26 05:41 . 2009-04-29 04:55 78336 c:\windows\ie8\ieencode.dll
+ 2009-08-29 12:29 . 2009-04-29 04:55 78336 c:\windows\ie8\ieencode.dll
- 2009-06-26 05:41 . 2009-04-28 09:05 70656 c:\windows\ie8\ie4uinit.exe
+ 2009-08-29 12:29 . 2009-04-28 09:05 70656 c:\windows\ie8\ie4uinit.exe
- 2009-06-26 05:41 . 2009-04-29 04:55 63488 c:\windows\ie8\icardie.dll
+ 2009-08-29 12:29 . 2009-04-29 04:55 63488 c:\windows\ie8\icardie.dll
+ 2009-08-29 12:29 . 2007-08-13 10:18 60416 c:\windows\ie8\hmmapi.dll
- 2009-06-26 05:41 . 2007-08-13 10:18 60416 c:\windows\ie8\hmmapi.dll
+ 2009-08-29 12:29 . 2007-08-13 10:42 17408 c:\windows\ie8\corpol.dll
- 2009-06-26 05:41 . 2007-08-13 10:42 17408 c:\windows\ie8\corpol.dll
- 2009-06-26 05:41 . 2007-08-13 10:39 71680 c:\windows\ie8\admparse.dll
+ 2009-08-29 12:29 . 2007-08-13 10:39 71680 c:\windows\ie8\admparse.dll
+ 2004-08-04 12:00 . 2009-03-07 20:33 726528 c:\windows\system32\jscript.dll
+ 2009-07-25 13:07 . 2009-07-25 13:07 867328 c:\windows\system32\GroupPolicy\geswall.dat
+ 2009-08-29 11:12 . 2009-08-29 11:12 680960 c:\windows\Installer\5b715.msi
+ 2009-08-29 12:38 . 2009-03-07 20:34 914944 c:\windows\ie8updates\KB972260-IE8\wininet.dll
+ 2009-08-29 12:38 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB972260-IE8\updspapi.dll
+ 2009-08-29 12:38 . 2009-05-26 11:40 755576 c:\windows\ie8updates\KB972260-IE8\update.exe
- 2009-07-28 23:10 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB972260-IE8\spuninst\updspapi.dll
+ 2009-08-29 12:38 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB972260-IE8\spuninst\updspapi.dll
+ 2009-08-29 12:38 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB972260-IE8\spuninst\spuninst.exe
- 2009-07-28 23:10 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB972260-IE8\spuninst\spuninst.exe
+ 2009-08-29 12:38 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB972260-IE8\spuninst.exe
+ 2009-08-29 12:38 . 2009-03-07 20:34 109568 c:\windows\ie8updates\KB972260-IE8\occache.dll
- 2009-07-28 23:10 . 2009-03-07 20:34 109568 c:\windows\ie8updates\KB972260-IE8\occache.dll
- 2009-07-28 23:10 . 2009-03-07 20:32 594432 c:\windows\ie8updates\KB972260-IE8\msfeeds.dll
+ 2009-08-29 12:38 . 2009-03-07 20:32 594432 c:\windows\ie8updates\KB972260-IE8\msfeeds.dll
- 2009-07-28 23:10 . 2009-03-07 20:31 183808 c:\windows\ie8updates\KB972260-IE8\iepeers.dll
+ 2009-08-29 12:38 . 2009-03-07 20:31 183808 c:\windows\ie8updates\KB972260-IE8\iepeers.dll
+ 2009-08-29 12:38 . 2009-03-08 06:09 391536 c:\windows\ie8updates\KB972260-IE8\iedkcs32.dll
+ 2009-08-29 12:38 . 2009-03-07 20:32 173056 c:\windows\ie8updates\KB972260-IE8\ie4uinit.exe
- 2009-07-28 23:10 . 2009-04-30 11:21 173056 c:\windows\ie8updates\KB972260-IE8\ie4uinit.exe
+ 2009-08-29 12:29 . 2009-04-29 04:56 827392 c:\windows\ie8\wininet.dll
- 2009-06-26 05:41 . 2009-04-29 04:56 827392 c:\windows\ie8\wininet.dll
+ 2009-08-29 12:29 . 2009-04-29 04:56 233472 c:\windows\ie8\webcheck.dll
- 2009-06-26 05:41 . 2009-04-29 04:56 233472 c:\windows\ie8\webcheck.dll
- 2009-06-26 05:41 . 2007-08-13 10:54 765952 c:\windows\ie8\vgx.dll
+ 2009-08-29 12:29 . 2007-08-13 10:54 765952 c:\windows\ie8\vgx.dll
- 2009-06-26 05:41 . 2007-08-13 10:54 413696 c:\windows\ie8\vbscript.dll
+ 2009-08-29 12:29 . 2007-08-13 10:54 413696 c:\windows\ie8\vbscript.dll
- 2009-06-26 05:41 . 2009-04-29 04:56 105984 c:\windows\ie8\url.dll
+ 2009-08-29 12:29 . 2009-04-29 04:56 105984 c:\windows\ie8\url.dll
+ 2009-08-29 12:31 . 2009-01-07 10:21 382496 c:\windows\ie8\spuninst\updspapi.dll
- 2009-06-26 05:43 . 2009-01-07 10:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2009-08-29 12:31 . 2009-01-07 10:20 231456 c:\windows\ie8\spuninst\spuninst.exe
- 2009-06-26 05:43 . 2009-01-07 10:20 231456 c:\windows\ie8\spuninst\spuninst.exe
- 2009-06-26 05:41 . 2006-09-06 09:43 213216 c:\windows\ie8\spuninst.exe
+ 2009-08-29 12:29 . 2006-09-06 09:43 213216 c:\windows\ie8\spuninst.exe
- 2009-06-26 05:41 . 2009-04-29 04:56 102912 c:\windows\ie8\occache.dll
+ 2009-08-29 12:29 . 2009-04-29 04:56 102912 c:\windows\ie8\occache.dll
- 2009-06-26 05:41 . 2009-04-29 04:56 671232 c:\windows\ie8\mstime.dll
+ 2009-08-29 12:29 . 2009-04-29 04:56 671232 c:\windows\ie8\mstime.dll
+ 2009-08-29 12:29 . 2009-04-29 04:56 193024 c:\windows\ie8\msrating.dll
- 2009-06-26 05:41 . 2009-04-29 04:56 193024 c:\windows\ie8\msrating.dll
- 2009-06-26 05:41 . 2007-08-13 10:54 156160 c:\windows\ie8\msls31.dll
+ 2009-08-29 12:29 . 2007-08-13 10:54 156160 c:\windows\ie8\msls31.dll
+ 2009-08-29 12:29 . 2009-04-29 04:56 477696 c:\windows\ie8\mshtmled.dll
- 2009-06-26 05:41 . 2009-04-29 04:56 477696 c:\windows\ie8\mshtmled.dll
+ 2009-08-29 12:29 . 2009-04-29 04:55 459264 c:\windows\ie8\msfeeds.dll
- 2009-06-26 05:41 . 2009-04-29 04:55 459264 c:\windows\ie8\msfeeds.dll
- 2009-06-26 05:41 . 2007-08-13 10:38 491520 c:\windows\ie8\jscript.dll
+ 2009-08-29 12:29 . 2007-08-13 10:38 491520 c:\windows\ie8\jscript.dll
+ 2009-08-29 12:29 . 2009-04-25 05:27 636088 c:\windows\ie8\iexplore.exe
- 2009-06-26 05:41 . 2009-04-25 05:27 636088 c:\windows\ie8\iexplore.exe
+ 2009-08-29 12:29 . 2007-08-13 10:54 191488 c:\windows\ie8\iepeers.dll
- 2009-06-26 05:41 . 2007-08-13 10:54 191488 c:\windows\ie8\iepeers.dll
+ 2009-08-29 12:29 . 2009-04-29 04:55 385024 c:\windows\ie8\iedkcs32.dll
- 2009-06-26 05:41 . 2009-04-29 04:55 385024 c:\windows\ie8\iedkcs32.dll
+ 2009-08-29 12:29 . 2009-04-29 04:55 383488 c:\windows\ie8\ieapfltr.dll
- 2009-06-26 05:41 . 2009-04-29 04:55 383488 c:\windows\ie8\ieapfltr.dll
- 2009-06-26 05:41 . 2009-04-25 05:26 161792 c:\windows\ie8\ieakui.dll
+ 2009-08-29 12:29 . 2009-04-25 05:26 161792 c:\windows\ie8\ieakui.dll
+ 2009-08-29 12:29 . 2009-04-29 04:55 230400 c:\windows\ie8\ieaksie.dll
- 2009-06-26 05:41 . 2009-04-29 04:55 230400 c:\windows\ie8\ieaksie.dll
- 2009-06-26 05:41 . 2009-04-29 04:55 153088 c:\windows\ie8\ieakeng.dll
+ 2009-08-29 12:29 . 2009-04-29 04:55 153088 c:\windows\ie8\ieakeng.dll
+ 2009-08-29 12:29 . 2009-04-29 04:55 214528 c:\windows\ie8\dxtrans.dll
- 2009-06-26 05:41 . 2009-04-29 04:55 214528 c:\windows\ie8\dxtrans.dll
- 2009-06-26 05:41 . 2009-04-29 04:55 347136 c:\windows\ie8\dxtmsft.dll
+ 2009-08-29 12:29 . 2009-04-29 04:55 347136 c:\windows\ie8\dxtmsft.dll
+ 2009-08-29 12:29 . 2009-04-29 04:55 124928 c:\windows\ie8\advpack.dll
- 2009-06-26 05:41 . 2009-04-29 04:55 124928 c:\windows\ie8\advpack.dll
+ 2009-08-29 12:38 . 2009-03-07 20:34 1206784 c:\windows\ie8updates\KB972260-IE8\urlmon.dll
+ 2009-08-29 12:38 . 2009-03-07 20:41 5937152 c:\windows\ie8updates\KB972260-IE8\mshtml.dll
+ 2009-08-29 12:29 . 2009-04-29 04:56 1159680 c:\windows\ie8\urlmon.dll
- 2009-06-26 05:41 . 2009-04-29 04:56 1159680 c:\windows\ie8\urlmon.dll
- 2009-06-26 05:41 . 2009-04-29 04:56 3596288 c:\windows\ie8\mshtml.dll
+ 2009-08-29 12:29 . 2009-04-29 04:56 3596288 c:\windows\ie8\mshtml.dll
+ 2009-08-29 12:29 . 2008-07-09 14:25 2455488 c:\windows\ie8\ieapfltr.dat
- 2009-06-26 05:41 . 2008-07-09 14:25 2455488 c:\windows\ie8\ieapfltr.dat
.
-- Snapshot reset to current date --
.

Incharge
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-08-24
Gender Gender : Male
OS OS : XP
Protection Protection : Microsoft Security Essentials
Points Points : 26805
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer becoming sluggish and not running properly

Post by Incharge on 30th August 2009, 2:31 am

Here is my new Combofix log (part 3):

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GeSWall]
@="{F6ACC71C-420B-4a95-905C-C7534706813C}"
[HKEY_CLASSES_ROOT\CLSID\{F6ACC71C-420B-4a95-905C-C7534706813C}]
2009-07-24 05:21 737280 ----a-w- c:\program files\geswall\gswshext.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2009-08-22 5148672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartDefrag"="c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2009-07-02 2453264]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{F6ACC71C-420B-4a95-905C-C7534706813C}"= "c:\program files\geswall\gswshext.dll" [2009-07-24 737280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 04:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\documents and settings\Jason\Desktop

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"RichVideo"=2 (0x2)
"NitroDriverReadSpool"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MimBoot"=c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe
"SigmatelSysTrayApp"=stsystra.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8014:TCP"= 8014:TCP:BitComet 8014 TCP
"8014:UDP"= 8014:UDP:BitComet 8014 UDP
"25239:TCP"= 25239:TCP:BitComet 25239 TCP
"25239:UDP"= 25239:UDP:BitComet 25239 UDP
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 GeSWall;GeSWall;c:\windows\system32\drivers\geswall.sys [30/07/2009 9:42 PM 157184]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [02/01/2009 6:57 PM 159600]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/08/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/08/2009 4:06 PM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [29/07/2009 8:47 AM 108289]
R2 gswserv;GeSWall service;c:\program files\geswall\gswserv.exe [29/07/2009 10:06 PM 970752]
R2 HOSTNT;HOSTNT;c:\windows\system32\drivers\hostnt.sys [12/01/2009 7:42 PM 10304]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [02/01/2009 6:57 PM 73840]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/08/2009 4:06 PM 7408]
S3 UsbC;SafeNet MicroDog USB Device Driver;c:\windows\system32\drivers\rcusbwdm.sys [12/01/2009 7:43 PM 65216]
S4 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [15/06/2009 4:13 PM 188736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-30 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-07-03 07:35]

2009-08-29 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-07-07 01:22]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = 63.149.98.170:80
uInternet Settings,ProxyOverride = *.local
TCP: {4B34CA4F-6226-4831-9A71-94C2D012530D} = 203.0.178.191
FF - ProfilePath - c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\k60rf2zo.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\k60rf2zo.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-08-30 10:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(4016)
c:\windows\system32\WININET.dll
c:\program files\geswall\gswshext.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-08-30 10:25
ComboFix-quarantined-files.txt 2009-08-30 02:25
ComboFix2.txt 2009-08-28 22:22

Pre-Run: 228,554,297,344 bytes free
Post-Run: 228,494,868,480 bytes free

427 --- E O F --- 2009-08-29 12:38

Incharge
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-08-24
Gender Gender : Male
OS OS : XP
Protection Protection : Microsoft Security Essentials
Points Points : 26805
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer becoming sluggish and not running properly

Post by Belahzur on 30th August 2009, 5:09 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Computer becoming sluggish and not running properly

Post by Incharge on 30th August 2009, 11:59 pm

Hi Geek Police,

Thank you very much for your time and efforts! (Origin & Belahzur) My computer is running very good now!

Regards
Jason

P.S. - Can I delete the left over files that Combofix didn't delete ie log etc.

Incharge
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-08-24
Gender Gender : Male
OS OS : XP
Protection Protection : Microsoft Security Essentials
Points Points : 26805
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Computer becoming sluggish and not running properly

Post by Belahzur on 31st August 2009, 1:44 am

Yes. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Computer becoming sluggish and not running properly

Post by Incharge on 31st August 2009, 2:28 am

Hi,

Thanks once again to Geek Police they are truly one of the best out there that's for sure!

Regards
Jason.

Incharge
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-08-24
Gender Gender : Male
OS OS : XP
Protection Protection : Microsoft Security Essentials
Points Points : 26805
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum