TechSpot

My system is really slow after I run Internet Explorer

Resolved
By jissa
Apr 6, 2012
  1. I have a Windows XP SP3 machine that is running IE8. Recently I noticed a slow down in the system after I start IE. Looking in the task manager I see multiple copies of IE running and using a lot of RAM. After I exit IE, multiple copies are still running and I get a error that IE crashed.

    I followed the 5 steps and here are my logs. Any help would be greatly appreciated.

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.04.03.03

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Johnny :: EJS1 [limited]

    4/6/2012 4:48:23 PM
    mbam-log-2012-04-06 (16-48-23).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 152236
    Time elapsed: 11 minute(s), 9 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Documents and Settings\Johnny\Local Settings\Temp\arg259881.exe (Exploit.Drop) -> Quarantined and deleted successfully.

    (end)


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-04-06 18:15:03
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-8 WDC_WD600BB-00CAA1 rev.17.07W17
    Running: 69e8ueid.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdapog.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA5236F3C]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA5236FE4]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA5237080]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA523711C]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB50C7000, 0x2C8F24, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Mozilla Firefox\firefox.exe[2356] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01219720 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2356] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 0144E21B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2356] kernel32.dll!MapViewOfFile 7C80B9A5 5 Bytes JMP 0144E1F4 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2356] GDI32.dll!CreateDIBSection 77F19E19 5 Bytes JMP 0144E17E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3264] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 106775F7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3264] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 10677589 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3264] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 1044FE0A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3264] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 104503C5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 PE file @ sector 117210303

    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Administrator at 18:16:01 on 2012-04-06
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1103 [GMT -7:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    svchost.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\WINDOWS\PixArt\PAC7302\Monitor.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\AVG\AVG2012\avgui.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.google.com
    uWindow Title = Internet Explorer, optimized for Bing and MSN
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [cdloader] "c:\documents and settings\administrator\application data\mjusbsp\cdloader2.exe" MAGICJACK
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{424F2D3C-33C4-4DCF-B208-BA5A8F3A7F33} : DhcpNameServer = 192.168.0.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\dc89d9lx.default\
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 295248]
    R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2010-4-18 13696]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-4-2 100368]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-18 135664]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 253600]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-4-18 1684736]
    S3 cpuz134;cpuz134;\??\c:\docume~1\admini~1\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\admini~1\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-18 135664]
    .
    =============== Created Last 30 ================
    .
    2012-04-06 22:58:57 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Mozilla
    2012-04-06 22:51:14 -------- d-----w- c:\documents and settings\administrator\AppData
    2012-04-06 22:31:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-04-06 22:28:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2012-04-06 22:28:53 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
    2012-04-03 06:04:10 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
    2012-04-03 04:30:53 100368 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys
    2012-04-03 04:30:10 956160 ----a-w- c:\windows\system32\ativvamv.dll
    2012-04-03 04:30:10 159744 ----a-w- c:\windows\system32\atiapfxx.exe
    2012-04-03 04:29:34 -------- d-----w- c:\program files\ATI
    2012-04-03 04:28:34 -------- d-----w- C:\AMD
    2012-04-03 04:02:10 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-04-03 03:36:03 388096 ----a-r- c:\documents and settings\administrator\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2012-04-03 03:36:02 -------- d-----w- c:\program files\Trend Micro
    2012-04-03 02:40:37 -------- d-sh--w- c:\documents and settings\administrator\IECompatCache
    2012-04-03 02:19:49 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
    2012-04-03 02:19:36 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-03 02:19:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-04-03 02:19:36 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-04-03 02:18:38 -------- d-----w- C:\downloads
    .
    ==================== Find3M ====================
    .
    2012-04-06 23:55:07 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-04-06 22:31:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-03-09 06:22:00 7586304 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
    2012-03-09 06:14:42 311296 ----a-w- c:\windows\system32\atiiiexx.dll
    2012-03-09 05:19:48 19959808 ----a-w- c:\windows\system32\atioglxx.dll
    2012-03-09 05:02:24 5358304 ----a-w- c:\windows\system32\ati3duag.dll
    2012-03-09 04:36:12 4155520 ----a-w- c:\windows\system32\ativvaxx.dll
    2012-03-09 04:24:58 638976 ----a-w- c:\windows\system32\atiok3x2.dll
    2012-03-09 04:21:52 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2012-03-09 04:20:04 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2012-03-09 04:18:40 305152 ----a-w- c:\windows\system32\ati2dvag.dll
    2012-03-09 04:12:20 65024 ----a-w- c:\windows\system32\atimpc32.dll
    2012-03-09 04:12:20 65024 ----a-w- c:\windows\system32\amdpcom32.dll
    2012-03-09 03:52:28 212992 ----a-w- c:\windows\system32\atipdlxx.dll
    2012-03-09 03:52:12 159744 ----a-w- c:\windows\system32\Oemdspif.dll
    2012-03-09 03:52:00 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
    2012-03-09 03:51:52 43520 ----a-w- c:\windows\system32\ati2edxx.dll
    2012-03-09 03:51:36 192512 ----a-w- c:\windows\system32\ati2evxx.dll
    2012-03-09 03:50:00 643072 ----a-w- c:\windows\system32\ati2evxx.exe
    2012-03-09 03:48:28 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
    2012-03-09 03:41:34 847872 ----a-w- c:\windows\system32\atikvmag.dll
    2012-03-09 03:36:30 237568 ----a-w- c:\windows\system32\atiadlxx.dll
    2012-03-09 03:36:08 17408 ----a-w- c:\windows\system32\atitvo32.dll
    2012-03-09 03:29:24 909312 ----a-w- c:\windows\system32\ati2cqag.dll
    2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
    2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
    2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    .
    ============= FINISH: 18:16:24.54 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 4/18/2010 11:56:45 AM
    System Uptime: 4/6/2012 5:02:20 PM (1 hours ago)
    .
    Motherboard: BIOSTAR Group | | TA785G3
    Processor: AMD Athlon(tm) II X3 435 Processor | CPU 1 | 2900/200mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 56 GiB total, 40.464 GiB free.
    D: is CDROM ()
    Z: is NetworkDisk (NTFS) - 458 GiB total, 170.211 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP641: 1/7/2012 10:41:42 PM - System Checkpoint
    RP642: 1/8/2012 11:41:42 PM - System Checkpoint
    RP643: 1/10/2012 12:41:42 AM - System Checkpoint
    RP644: 1/11/2012 1:41:42 AM - System Checkpoint
    RP645: 1/12/2012 2:41:39 AM - System Checkpoint
    RP646: 1/12/2012 3:00:16 AM - Software Distribution Service 3.0
    RP647: 1/13/2012 3:31:36 AM - System Checkpoint
    RP648: 1/14/2012 3:36:07 AM - System Checkpoint
    RP649: 1/15/2012 4:36:07 AM - System Checkpoint
    RP650: 1/16/2012 5:36:10 AM - System Checkpoint
    RP651: 1/17/2012 6:35:05 AM - System Checkpoint
    RP652: 1/18/2012 7:35:04 AM - System Checkpoint
    RP653: 1/19/2012 8:35:09 AM - System Checkpoint
    RP654: 1/20/2012 9:35:06 AM - System Checkpoint
    RP655: 1/21/2012 10:36:07 AM - System Checkpoint
    RP656: 1/22/2012 11:57:59 AM - System Checkpoint
    RP657: 1/23/2012 12:35:02 PM - System Checkpoint
    RP658: 1/24/2012 1:35:07 PM - System Checkpoint
    RP659: 1/25/2012 2:35:02 PM - System Checkpoint
    RP660: 1/26/2012 3:00:16 AM - Software Distribution Service 3.0
    RP661: 1/27/2012 3:21:44 AM - System Checkpoint
    RP662: 1/28/2012 4:21:44 AM - System Checkpoint
    RP663: 1/29/2012 5:21:44 AM - System Checkpoint
    RP664: 1/30/2012 6:21:47 AM - System Checkpoint
    RP665: 1/30/2012 8:48:45 PM - Removed Adobe Reader 7.0
    RP666: 1/30/2012 8:48:56 PM - Installed Adobe Reader 9.5.0.
    RP667: 1/31/2012 10:29:52 PM - System Checkpoint
    RP668: 2/1/2012 10:31:31 PM - System Checkpoint
    RP669: 2/2/2012 10:56:32 PM - System Checkpoint
    RP670: 2/3/2012 11:55:27 PM - System Checkpoint
    RP671: 2/5/2012 12:55:27 AM - System Checkpoint
    RP672: 2/6/2012 1:55:28 AM - System Checkpoint
    RP673: 2/7/2012 2:50:47 AM - System Checkpoint
    RP674: 2/8/2012 3:50:47 AM - System Checkpoint
    RP675: 2/9/2012 4:50:47 AM - System Checkpoint
    RP676: 2/10/2012 5:50:47 AM - System Checkpoint
    RP677: 2/11/2012 6:50:47 AM - System Checkpoint
    RP678: 2/12/2012 7:50:50 AM - System Checkpoint
    RP679: 2/13/2012 8:50:50 AM - System Checkpoint
    RP680: 2/14/2012 9:50:47 AM - System Checkpoint
    RP681: 2/15/2012 10:50:51 AM - System Checkpoint
    RP682: 2/16/2012 3:00:13 AM - Software Distribution Service 3.0
    RP683: 2/17/2012 3:29:26 AM - System Checkpoint
    RP684: 2/18/2012 4:29:24 AM - System Checkpoint
    RP685: 2/19/2012 5:29:26 AM - System Checkpoint
    RP686: 2/20/2012 6:29:26 AM - System Checkpoint
    RP687: 2/21/2012 7:29:24 AM - System Checkpoint
    RP688: 2/22/2012 8:29:26 AM - System Checkpoint
    RP689: 2/23/2012 9:53:07 AM - System Checkpoint
    RP690: 2/24/2012 10:29:24 AM - System Checkpoint
    RP691: 2/25/2012 11:29:26 AM - System Checkpoint
    RP692: 2/26/2012 12:53:09 PM - System Checkpoint
    RP693: 2/27/2012 1:33:13 PM - System Checkpoint
    RP694: 2/28/2012 2:29:24 PM - System Checkpoint
    RP695: 2/29/2012 3:29:24 PM - System Checkpoint
    RP696: 3/1/2012 4:41:27 PM - System Checkpoint
    RP697: 3/2/2012 5:21:08 PM - System Checkpoint
    RP698: 3/3/2012 5:29:23 PM - System Checkpoint
    RP699: 3/4/2012 6:29:23 PM - System Checkpoint
    RP700: 3/5/2012 6:36:36 PM - System Checkpoint
    RP701: 3/6/2012 7:42:56 PM - System Checkpoint
    RP702: 3/7/2012 8:29:24 PM - System Checkpoint
    RP703: 3/8/2012 9:37:48 PM - System Checkpoint
    RP704: 3/9/2012 10:29:23 PM - System Checkpoint
    RP705: 3/10/2012 11:38:42 PM - System Checkpoint
    RP706: 3/12/2012 12:29:26 AM - System Checkpoint
    RP707: 3/13/2012 1:29:27 AM - System Checkpoint
    RP708: 3/14/2012 2:29:26 AM - System Checkpoint
    RP709: 3/14/2012 3:00:15 AM - Software Distribution Service 3.0
    RP710: 3/15/2012 3:04:41 AM - System Checkpoint
    RP711: 3/16/2012 4:04:44 AM - System Checkpoint
    RP712: 3/17/2012 5:04:41 AM - System Checkpoint
    RP713: 3/18/2012 6:04:43 AM - System Checkpoint
    RP714: 3/19/2012 7:04:40 AM - System Checkpoint
    RP715: 3/20/2012 8:04:41 AM - System Checkpoint
    RP716: 3/21/2012 9:04:44 AM - System Checkpoint
    RP717: 3/22/2012 10:04:41 AM - System Checkpoint
    RP718: 3/23/2012 11:04:44 AM - System Checkpoint
    RP719: 3/24/2012 12:04:44 PM - System Checkpoint
    RP720: 3/25/2012 1:04:40 PM - System Checkpoint
    RP721: 3/26/2012 2:04:44 PM - System Checkpoint
    RP722: 3/27/2012 3:05:49 PM - System Checkpoint
    RP723: 3/28/2012 5:15:20 PM - System Checkpoint
    RP724: 3/29/2012 5:32:45 PM - System Checkpoint
    RP725: 3/30/2012 6:04:41 PM - System Checkpoint
    RP726: 3/31/2012 6:23:15 PM - System Checkpoint
    RP727: 4/1/2012 6:30:10 PM - System Checkpoint
    RP728: 4/2/2012 8:36:01 PM - Installed HiJackThis
    RP729: 4/3/2012 9:47:12 PM - System Checkpoint
    RP730: 4/4/2012 10:19:21 PM - System Checkpoint
    RP731: 4/5/2012 11:10:27 PM - System Checkpoint
    RP732: 4/6/2012 3:30:34 PM - Removed Java(TM) 6 Update 20
    RP733: 4/6/2012 3:30:44 PM - Installed Java(TM) 6 Update 31
    RP734: 4/6/2012 3:51:49 PM - PC Decrapifier Restore Point
    .
    ==== Installed Programs ======================
    .
    7-Zip 4.65
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.0
    AMD Catalyst Install Manager
    AMD Processor Driver
    ATI Catalyst Control Center
    ATI Parental Control & Encoder
    AVG 2012
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-preinstall
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Compatibility Pack for the 2007 Office system
    Eusing Free Registry Cleaner
    Foxit Reader 5.1
    Google Update Helper
    High Definition Audio Driver Package - KB888111
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Java Auto Updater
    Java(TM) 6 Update 31
    magicJack
    Malwarebytes Anti-Malware version 1.60.1.1000
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Office 2000 Premium
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox 11.0 (x86 en-US)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    PC Camera
    PrimoPDF -- brought to you by Nitro PDF Software
    QuickBooks Product Listing Service
    QuickBooks Simple Start Edition
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2183461)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360131)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2416400)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2482017)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2497640)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2530548)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544521)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Skins
    Skype™ 3.8
    Spybot - Search & Destroy
    SupportSoft Assisted Service
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB980182)
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 8
    Windows XP Service Pack 3
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/2/2012 10:27:34 PM, error: TermServDevices [1111] - Driver Microsoft Shared Fax Driver required for printer Fax is unknown. Contact the administrator to install the driver before you log in again.
    4/2/2012 10:27:34 PM, error: TermServDevices [1111] - Driver HP Universal Printing PS required for printer HP Laserjet 1200 PS is unknown. Contact the administrator to install the driver before you log in again.
    4/2/2012 10:27:34 PM, error: TermServDevices [1111] - Driver Bullzip PDF Printer required for printer Bullzip PDF Printer is unknown. Contact the administrator to install the driver before you log in again.
    .
    ==== End Of File ===========================
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I'll be glad to help you check the system, but before I even look at the logs, understand this:

    1. "Slow" can have many reasons other than malware.
    2. It is normal to have more than one iexplore.exe with IE8 and later versions.
    3. Noticing 'slow' after launching IE might indicate that there is an excess of add-ons in IE.
    4. A message that IE has crashed might be caused by a lack of having enough RAM.>>How much RAM is installed?
    ====================================
    FYI:
    1. uWindow Title = Internet Explorer, optimized for Bing and MSN>> this may not be the best setting.
    2. You have both FoxIt and the Adobe Reader. You only need 1 PDF Reader. If FoxIt is running okay and current, suggest you go to Add/Remove Programs and uninstall the Adobe Reader. When finished, use Windows Explorer to access My Computer> Local Drive(CC)> Programs> find Adobe Reader program folder and do right click> Delete.
    ======================================
    I'd like you to run Combofix- but it won't run with AVG. You will need to temporarily uninstall AVG as follows:

    Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.

    Temporary AV: Use one:
    Microsoft Security Essentials
    Comodo AV
    Avast! Free Antivirus
    =============================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Before you run the Combofix scan, please disable any security software you have running.

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ==========================================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ===========================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    Threads are closed after 5 days if there is no reply.

    I will finish checking these logs while you do the above.
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Comments and suggestions for you:
    1. Uninstall Eusing Free Registry Cleaner> We do not recommend that anyone use a registry cleaner. The risk is greater than you benefit you may get.
    2. Uninstall HiJackThis. It's not installed correctly. I'll give you a link and instruction to install correctly when we get to it.
    3. If you installed the PC Decrapifier, done it's job and are now finished, remove it. I note it set a Restore Point.
    4. Obviously you're not using this now to disable/remove the.SupportSoft Assisted Service
    5. Resetting Services: Click on Start> Run> type in services.msc> Enter> Find each of the following Services> Double click to open and set as instructed:
      [o] FAX: Set Startup type to Manual, Stop the Service
      [o] Plug and Play> Set Startup type to Automatic
      [o] Print Spooler> Set Startup type to Automatic
      [o] Telephony> Set Startup type to Automatic
      Exit Services
    6. Remove process from Start Menu:]Click on Start> Run> type in msconfig> enter>
      [​IMG]
      [o]Click on Selective Startup
      [o]Choose the Startup tab:
      [​IMG]
      [o]Uncheck any FAX
      [o] Click on Apply> OK when finished.
    NOTE:
    When you reboot the system the first time after making changes using the msconfig utility, a nag message comes up that can be ignored and closed after checking 'don't show this message again.' Remain in Selective Startup to retain those changes.
    -------------------------------------------
    Additional note for uninstalling old programs:
    The system is looking to load a process for the HP Laserjet 1200 PS I do not see thin in your installed programs nor do I see any related entries for it.
    If you previously had but no longer have this printer:
    1. Uninstall it in Add/Remove Programs
    2. Check Services for any corresponding Service. If there is one, change Startup type to Disabled and Stop the Service
    3. Check the Startup menu for any related entries and uncheck them
    Follow the same paths I gave for Startup menu, Services
    4. Use Windows Explorer to find and delete the program folder.
    If you still have and use this printer:
    1. Check Services and make sure this Service is set to Manual
    2. Stop the Service if you are not actively using the printer now.
    3. Uncheck any HP related processes on the Startup menu. The printer does not need to start on boot.
    =====================================
    Excess PDF Printer? The system is looking for the following driver and not finding it. I do not see this installed or any related processes. Unless this is suppose to do some kind of PDF printing that FoxIt can't do, you should remove the program in Add/Remove, uncheck any related process on the Startup menu and delete the program file. Same direction paths as for HP Laser printer:
    (Driver Bullzip PDF Printer required for printer Bullzip PDF Printer is unknown.)
    ====================================
    You had a big jump from Java v6u20 to the current Java v6u31> You will most likely have malware in the Java cache, so we will clear it:
    To clear the Java Plug-in cache:

    • [1]. Click Start > Control Panel.
      [2]. Double-click the Java icon in the control panel. [​IMG] The Java Control Panel appears.
      [​IMG]
      [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
      [​IMG]
      [4] Click Delete Files.The Delete Temporary Files dialog box appears.
      [​IMG]
      [5]. Click OK on Delete Temporary Files window.
      Note: This deletes all the Downloaded Applications and Applets from the cache.
      [6]. Click Apply> OK on Temporary Files Settings window.
    Images courtesy java.com
     
  4. jissa

    jissa TS Rookie Topic Starter

    Steps so far

    When I say it slows down I mean that I see that IE grows to a large size by itself or it opens a large number of blank pages. I currently have 1.8 gb or RAM installed in the system.

    Every scan I did using AVG, Spybot says I am not infected. I was wondering if re-installing IE8 could solve the problem.

    I am not sure how to modify IE from being optimized for Bing and MSN.

    I uninstalled Eusing Registry cleaner
    I uninstalled HiJackThis.
    I do has the LJ printer and it is using a printer server

    I have run combofix and the log is

    ComboFix 12-04-07.04 - Administrator 04/08/2012 10:49:16.1.3 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1213 [GMT -7:00]
    Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\dllcache\dlimport.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-08 to 2012-04-08 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-08 17:30 . 2012-04-08 17:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Foxit Software
    2012-04-06 22:58 . 2012-04-06 22:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
    2012-04-06 22:51 . 2012-04-06 22:51 -------- d-----w- c:\documents and settings\Administrator\AppData
    2012-04-06 22:31 . 2012-04-06 22:31 -------- d-----w- c:\program files\Common Files\Java
    2012-04-06 22:31 . 2012-04-06 22:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-04-03 06:04 . 2012-04-08 17:24 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
    2012-04-03 04:30 . 2011-12-20 07:39 100368 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys
    2012-04-03 04:30 . 2012-03-09 04:51 956160 ----a-w- c:\windows\system32\ativvamv.dll
    2012-04-03 04:30 . 2012-03-09 03:46 159744 ----a-w- c:\windows\system32\atiapfxx.exe
    2012-04-03 04:29 . 2012-04-03 04:29 -------- d-----w- c:\program files\ATI
    2012-04-03 04:28 . 2012-04-03 04:28 -------- d-----w- C:\AMD
    2012-04-03 04:02 . 2012-04-06 23:55 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-04-03 03:36 . 2012-04-03 03:36 -------- d-----w- c:\program files\Trend Micro
    2012-04-03 02:40 . 2012-04-03 02:40 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
    2012-04-03 02:19 . 2012-04-03 02:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2012-04-03 02:19 . 2012-04-03 02:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-04-03 02:19 . 2012-04-03 02:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-04-03 02:19 . 2011-12-10 22:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-03 02:18 . 2012-04-06 22:45 -------- d-----w- C:\downloads
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-06 23:55 . 2011-07-16 15:59 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-04-06 22:31 . 2010-04-19 02:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-03-09 06:22 . 2009-06-26 02:22 7586304 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
    2012-03-09 06:14 . 2009-06-26 01:40 311296 ----a-w- c:\windows\system32\atiiiexx.dll
    2012-03-09 05:19 . 2009-06-26 01:26 19959808 ----a-w- c:\windows\system32\atioglxx.dll
    2012-03-09 05:02 . 2009-06-26 01:36 5358304 ----a-w- c:\windows\system32\ati3duag.dll
    2012-03-09 04:36 . 2009-06-26 01:23 4155520 ----a-w- c:\windows\system32\ativvaxx.dll
    2012-03-09 04:24 . 2009-06-26 00:57 638976 ----a-w- c:\windows\system32\atiok3x2.dll
    2012-03-09 04:21 . 2009-06-26 00:59 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2012-03-09 04:20 . 2009-06-26 02:08 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2012-03-09 04:18 . 2009-06-26 02:07 305152 ----a-w- c:\windows\system32\ati2dvag.dll
    2012-03-09 04:12 . 2009-06-26 01:06 65024 ----a-w- c:\windows\system32\atimpc32.dll
    2012-03-09 04:12 . 2009-06-26 01:06 65024 ----a-w- c:\windows\system32\amdpcom32.dll
    2012-03-09 03:52 . 2009-06-26 01:47 212992 ----a-w- c:\windows\system32\atipdlxx.dll
    2012-03-09 03:52 . 2009-06-26 01:47 159744 ----a-w- c:\windows\system32\Oemdspif.dll
    2012-03-09 03:52 . 2009-06-26 01:47 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
    2012-03-09 03:51 . 2009-06-26 01:46 43520 ----a-w- c:\windows\system32\ati2edxx.dll
    2012-03-09 03:51 . 2009-06-26 01:46 192512 ----a-w- c:\windows\system32\ati2evxx.dll
    2012-03-09 03:50 . 2009-06-26 01:45 643072 ----a-w- c:\windows\system32\ati2evxx.exe
    2012-03-09 03:48 . 2009-06-26 01:43 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
    2012-03-09 03:41 . 2009-06-26 01:02 847872 ----a-w- c:\windows\system32\atikvmag.dll
    2012-03-09 03:36 . 2009-06-26 01:00 237568 ----a-w- c:\windows\system32\atiadlxx.dll
    2012-03-09 03:36 . 2009-06-26 01:00 17408 ----a-w- c:\windows\system32\atitvo32.dll
    2012-03-09 03:29 . 2009-06-26 00:53 909312 ----a-w- c:\windows\system32\ati2cqag.dll
    2012-02-03 09:22 . 2004-08-04 08:17 1860096 ----a-w- c:\windows\system32\win32k.sys
    2012-01-11 19:06 . 2012-02-16 03:12 3072 ------w- c:\windows\system32\iacenc.dll
    2012-03-13 04:39 . 2012-04-06 22:54 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
    "cdloader"="c:\documents and settings\Administrator\Application Data\mjusbsp\cdloader2.exe" [2011-08-23 50592]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304]
    "RTHDCPL"="RTHDCPL.EXE" [2009-08-04 18702336]
    "PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
    QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Documents and Settings\\Administrator\\Application Data\\mjusbsp\\magicJack.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    .
    R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [4/18/2010 12:10 PM 13696]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [4/2/2012 9:30 PM 100368]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/18/2010 3:08 PM 135664]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/2/2012 9:02 PM 253600]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/18/2010 12:23 PM 1684736]
    S3 cpuz134;cpuz134;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/18/2010 3:08 PM 135664]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-08 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 23:55]
    .
    2012-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-18 22:08]
    .
    2012-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-18 22:08]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dc89d9lx.default\
    FF - prefs.js: network.proxy.type - 0
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-04-08 10:52
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-448539723-261478967-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,2b,e8,ce,c6,74,17,44,8a,0b,d9,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,2b,e8,ce,c6,74,17,44,8a,0b,d9,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(732)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\atiadlxx.dll
    .
    Completion time: 2012-04-08 10:53:35
    ComboFix-quarantined-files.txt 2012-04-08 17:53
    .
    Pre-Run: 43,889,668,096 bytes free
    Post-Run: 44,749,463,552 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
    .
    - - End Of File - - 691107CE3AECA508418D775D6E57C78A

    And ran eset online scanner and this is the log

    C:\Documents and Settings\Johnny\Local Settings\Temp\11.tmp a variant of Win32/Kryptik.ADVT trojan
    C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\CXM7233S\cn_download[1].htm HTML/ScrInject.B.Gen virus
    C:\downloads\Euse Registry repair\AdvancedPCTweaker_Setup.exe a variant of Win32/Adware.AdvPCTweak application


    Thanks for all your help.
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Let' try doing this to see if it helps pick up a bit of speed:

    How to Clear Your Browser Cache in Internet Explorer 8
    1. Click the Start> select "Control Panel."
    2. Click "Network and Internet" and select "> Internet Options."> Press the "Safety" button.
    3. Click "Delete Browsing History" and click the check boxes next to the various categories of stored information you want deleted.If the info shown similar to below, uncheck the IECompatCache
      [o]C:\Documents and Settings\User Name\IECompatCache<<< Uncheckl
      [o]C:\Documents and Settings\User Name\IETldCache
      [o]C:\Documents and Settings\User Name\PrivacIE
    4. Put a check in the "Preserve Favorites Website Data" to keep any cookies or files associated with the Web sites in your Internet Explorer's "Favorites" list.
    5. Click the "Delete" button to clear Internet Explorer 8's cache.
    ==========================================
    Did you opt in to receive updates for the Compatibility list. An excess of these may slow you down.
    =======================================
    Anytime you uninstall a program, you also need to use Windows explorer to access Computer> Local Drive(C)> Programs> find the program folder and do a Right Click> Delete.
    ======================================
    Please download OTMovit by Old Timer and save to your desktop
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files 
      C:\Documents and Settings\Johnny\Local Settings\Temp\11.tmp 
      C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\CXM7233S\cn_download[1].htm 
      C:\downloads\Euse Registry repair\AdvancedPCTweaker_Setup.exe
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    --------------------------------
    Report of the HTML/ScrInject.B.Gen virus is a False Positive and should have been fixed by now. But since it came up on temporry internet files, we'll go ahead and remove it.
    ===============================================
    The system is looking pretty good at this point- let me know how it's running when you finish the above.
    ==============================================
    If the IE8 problems continue, visit THIS page and read through the affected changes in resetting IE8. If you are comfortable with this, scroll down about half way and click on To reset Internet Explorer 8 manually. and follow.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.