We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Slow pc, hijack this log, can anyone advise please???

Options
2»

Comments

  • TheGiggsLady
    TheGiggsLady Posts: 83 Forumite
    Ok, this is the COMBOFIX log. Is there anything else I need to do now?

    ComboFix 10-05-03.01 - User 03/05/2010 19:27:24.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.991.457 [GMT 1:00]
    Running from: c:\documents and settings\User\My Documents\QWERTY.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\documents and settings\User\Application Data\.#
    c:\documents and settings\User\Application Data\alot
    c:\program files\WindowsUpdate
    D:\Autorun.inf
    .
    ((((((((((((((((((((((((( Files Created from 2010-04-03 to 2010-05-03 )))))))))))))))))))))))))))))))
    .
    2010-05-03 10:54 . 2010-05-03 10:54 388096 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-05-03 10:54 . 2010-05-03 10:54
    d
    w- c:\program files\Trend Micro
    2010-05-03 10:11 . 2010-05-03 10:11
    d
    w- c:\documents and settings\User\Application Data\Malwarebytes
    2010-05-03 10:11 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-05-03 10:11 . 2010-05-03 10:11
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2010-05-03 10:11 . 2010-05-03 10:11
    d
    w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-05-03 10:11 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-28 05:31 . 2010-02-12 10:03 293376
    w- c:\windows\system32\browserchoice.exe
    2010-04-21 08:16 . 2010-04-21 08:16 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
    2010-04-21 08:11 . 2010-04-21 08:11 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
    2010-04-18 06:17 . 2010-02-23 13:04 1664256 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
    2010-04-18 06:02 . 2010-04-18 06:02 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
    2010-04-18 05:50 . 2010-04-18 05:50 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-04-18 05:50 . 2010-04-21 08:15 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-04-18 05:49 . 2010-04-18 05:49 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-04-18 05:49 . 2010-04-18 05:49 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-04-18 05:49 . 2010-05-03 18:10
    d
    w- c:\windows\system32\drivers\Avg
    2010-04-18 05:49 . 2010-04-18 06:17
    d
    w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
    2010-04-18 05:48 . 2010-04-18 05:48
    d
    w- c:\program files\AVG
    2010-04-18 05:48 . 2010-05-03 18:09
    d
    w- c:\documents and settings\All Users\Application Data\avg9
    2010-04-15 02:37 . 2010-04-15 02:37
    d
    w- c:\documents and settings\LocalService\Application Data\Yahoo!
    2010-04-03 19:49 . 2010-04-03 19:49
    d
    w- c:\documents and settings\LocalService\Application Data\McAfee
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-05-03 10:46 . 2009-03-08 10:30
    d
    w- c:\documents and settings\LocalService\Application Data\WTablet
    2010-05-03 09:14 . 2009-03-04 09:07
    d
    w- c:\documents and settings\All Users\Application Data\Google Updater
    2010-04-26 14:58 . 2009-08-15 10:11
    d
    w- c:\documents and settings\Tomas\Application Data\yoclient
    2010-04-25 09:52 . 2009-08-14 14:48 70712 ----a-w- c:\documents and settings\Tomas\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-04-18 05:53 . 2009-09-10 09:47
    d
    w- c:\program files\Yahoo!
    2010-04-15 09:30 . 2009-03-04 09:07
    d
    w- c:\program files\Google
    2010-04-15 02:20 . 2009-03-03 15:54
    d
    w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-04-12 12:39 . 2009-10-18 09:11
    d
    w- c:\program files\CCleaner
    2010-04-12 06:23 . 2009-03-03 12:51
    d
    w- c:\program files\Common Files\Adobe
    2010-04-01 10:55 . 2009-12-25 16:26
    d--h--w- c:\program files\InstallShield Installation Information
    2010-03-31 13:24 . 2010-03-31 13:24
    d
    w- c:\program files\Atari Classics Evolved
    2010-03-31 13:19 . 2010-03-31 13:19
    dc-h--w- c:\documents and settings\All Users\Application Data\{6A2985A6-8A0D-4229-B71E-31258E64DF37}
    2010-03-31 13:18 . 2010-03-31 13:18
    d
    w- c:\program files\Atari Classics Evolved-Asteroids
    2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-02-25 06:24 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-22 09:26 . 2010-02-22 09:26 33558 ----a-w- c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\Firefox_Toolbar_Uninstaller.exe
    2010-02-17 08:10 . 2004-08-04 12:00 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 13:25 . 2004-08-03 22:59 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-12 04:33 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2010-02-11 12:02 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
    [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2010-02-23 13:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-04 68856]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "S3TRAY2"="S3tray2.exe" [2003-02-25 69632]
    "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
    "VTPreset"="VTPreset.exe" [2004-02-24 45056]
    "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-11-29 122880]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
    c:\documents and settings\Tomas\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    c:\documents and settings\Bronwyn\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-04-18 05:50 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    2005-09-09 01:18 57344 ----a-w- c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2009-08-13 15:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
    2009-11-29 08:50 122880 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-07-25 04:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-03-04 09:07 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\SPSSInc\\SPSS16\\spss.exe"=
    "c:\\Program Files\\SPSSInc\\SPSS16\\spss.com"=
    "c:\\Program Files\\SPSSInc\\SPSS16\\SPSSWinWrapIDE.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [18/04/2010 06:49 216200]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [18/04/2010 06:50 242896]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [18/04/2010 06:48 308064]
    R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [07/03/2009 17:46 3032360]
    S2 gupdate1c99ca8a188e774;Google Update Service (gupdate1c99ca8a188e774);c:\program files\Google\Update\GoogleUpdate.exe [04/03/2009 10:07 133104]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [18/04/2010 06:49 369920]
    S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [07/03/2009 17:47 15144]
    .
    Contents of the 'Scheduled Tasks' folder
    2010-05-03 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-04 10:07]
    2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-04 09:07]
    2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-04 09:07]
    2010-05-03 c:\windows\Tasks\User_Feed_Synchronization-{E8B3F91B-CBBF-45D5-811C-1AFDEB60F747}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
    .
    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.msn.co.uk/
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
    FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\4g9l5l5a.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/
    FF - prefs.js: browser.search.selectedEngine - Web Search
    FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&q=
    FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    - - - - ORPHANS REMOVED - - - -
    WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
    MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe

    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-05-03 19:35
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    msnmsgr = "c:\program files\Windows Live\Messenger\msnmsgr.exe" /background??s
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    Completion time: 2010-05-03 19:37:53
    ComboFix-quarantined-files.txt 2010-05-03 18:37
    Pre-Run: 14,891,167,744 bytes free
    Post-Run: 15,237,271,552 bytes free
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    - - End Of File - - 63919D1A2033BB5AC9304617F54CAFE1
    ;)May Grocery Challenge - £350.00 ;)
    £213.76/£350.00
    ;)
  • closed
    closed Posts: 10,886 Forumite
    edited 3 May 2010 at 10:09PM
    How much ram do you have now?

    https://forums.moneysavingexpert.com/discussion/2436849
    !!
    > . !!!! ----> .
  • TheGiggsLady
    TheGiggsLady Posts: 83 Forumite
    Hi, thanks for replying and for the link, it is really helpful. I have opened Task Manager and CPU Usage is at 0% until I sign in to Messenger when it jumps around 30%. Physical Memory is 991MB and the Commit Charge total is 383MB.

    My computer is now much faster
    Thanks Everyone.
    TheGiggsLady
    ;)May Grocery Challenge - £350.00 ;)
    £213.76/£350.00
    ;)
  • closed
    closed Posts: 10,886 Forumite
    There's little point adding any more ram to it.
    !!
    > . !!!! ----> .
  • TheGiggsLady
    TheGiggsLady Posts: 83 Forumite
    Ok,Thanks for your help everyone.
    ;)May Grocery Challenge - £350.00 ;)
    £213.76/£350.00
    ;)
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 351K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.6K Spending & Discounts
  • 244K Work, Benefits & Business
  • 598.9K Mortgages, Homes & Bills
  • 176.9K Life & Family
  • 257.3K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture