Slowdown after my search removal.

hersnab · #1 (**permalink**) 17-08-2007, 01:09 AM

Hi everybody,
My fiance downloaded some advert software that installed an extra toolbar that linked to My Search. I knew this was spy/adware so removed the application then scanned with Spybot which found 3 entries. I removed these then scanned again which came up clean. Since then however my computer is running really slow and at times locks up. If I'm running winamp the songs will stutter and everything will ground to a halt. I check in task manager and at the bottom it says the CPU usage differs around 50% - 80% while in the processes tab it claims nothing is happening and the System Idle Process is at 98%!
I own an Intel core2duo E6600 and before this it would sit idle at around 2% - 10%. Under the performance tab in task manager inside the CPU Usage History are 2 graphs, (I assume these are for the seperate cores) the left graph is always at the top while the computer has these 'moments'. I have scanned with my Mcafee software and Adaware both come up clean, any help to get my computer running like it did would be greatly appreciated.
My Hijack This log follow:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:54:38, on 17/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\TBPanel.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\ccxgui\ccXservice.exe
C:\Program Files\ccxgui\ccxstream.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Winamp\winamp.exe
C:\Hijack This\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZJfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5EC27948-1814-4593-9E8E-BBF513DB4C19}: NameServer = 192.168.0.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ccXgui - [XC]D-Ice - C:\Program Files\ccxgui\ccXservice.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8661 bytes

hersnab · #2 (**permalink**) 17-08-2007, 01:28 AM

I've also included a Combofix log:

ComboFix 07-08-14.4 - "user" 2007-08-17 1:17:42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2485 [GMT 1:00]
* Created a new restore point

((((((((((((((((((((((((( Files Created from 2007-07-17 to 2007-08-17 )))))))))))))))))))))))))))))))

2007-08-17 01:16 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-17 00:53 <DIR> d-------- C:\Hijack This
2007-08-16 23:40 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-08-16 18:18 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-16 18:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-16 18:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-16 15:56 8,576 --a------ C:\WINDOWS\system32\drivers\KProcWatch.sys
2007-08-16 15:56 <DIR> d-------- C:\Program Files\HiddenFinder
2007-08-16 15:42 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-08-15 11:28 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-08-12 20:12 <DIR> d-------- C:\Program Files\Western Digital Technologies
2007-08-12 19:15 <DIR> d-------- C:\Program Files\Geometry Wars
2007-08-07 12:59 <DIR> d-------- C:\Program Files\Riva
2007-08-01 01:32 <DIR> d-------- C:\Kontiki
2007-07-30 20:02 <DIR> d-------- C:\Program Files\zFTPServer Administration
2007-07-30 14:20 <DIR> d-------- C:\Program Files\QuickTime
2007-07-30 14:20 <DIR> d-------- C:\Program Files\Apple Software Update
2007-07-30 14:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-29 23:46 <DIR> d-------- C:\Program Files\Kontiki
2007-07-29 23:46 <DIR> d-------- C:\Program Files\Channel4
2007-07-29 23:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kontiki
2007-07-21 16:18 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\McAfee
2007-07-21 16:10 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-07-21 16:10 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-07-21 16:10 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-07-21 16:10 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-07-21 16:10 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-07-21 16:10 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-07-21 16:09 <DIR> d-------- C:\Program Files\McAfee.com
2007-07-21 16:09 <DIR> d-------- C:\Program Files\McAfee
2007-07-21 16:09 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-07-21 16:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-07-21 15:00 <DIR> d-------- C:\Program Files\PowerISO
2007-07-18 17:12 <DIR> d-------- C:\Program Files\VideoVision8

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-08-17 01:18 --------- d-------- C:\Program Files\PeerGuardian2
2007-08-17 01:18 --------- d-------- C:\DOCUME~1\user\APPLIC~1\Azureus
2007-08-17 00:44 --------- d-------- C:\DOCUME~1\user\APPLIC~1\Skype
2007-08-16 17:40 --------- d-------- C:\Program Files\Maxthon
2007-08-14 20:33 --------- d-------- C:\Program Files\MSN Messenger
2007-08-12 16:13 --------- d-------- C:\Program Files\eMule
2007-08-12 16:10 --------- d-------- C:\Program Files\Soulseek
2007-08-07 13:38 --------- d-------- C:\DOCUME~1\user\APPLIC~1\Sony
2007-08-07 13:29 --------- d-------- C:\Program Files\Sony
2007-08-07 12:59 --------- d-------- C:\Program Files\Common Files\SWF Studio
2007-07-16 03:46 --------- d-------- C:\Program Files\Skype
2007-07-16 03:18 --------- d-------- C:\DOCUME~1\user\APPLIC~1\Apple Computer
2007-07-05 19:21 --------- d-------- C:\DOCUME~1\user\APPLIC~1\uTorrent
2007-07-05 17:43 --------- d-------- C:\Program Files\MagicISO
2007-07-02 17:16 --------- d-------- C:\Program Files\Raven
2007-06-29 01:54 356352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-06-29 01:54 356352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-06-29 00:43 8466432 --a------ C:\WINDOWS\system32\nvcpl.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvmctray.dll
2007-06-29 00:43 753664 --a------ C:\WINDOWS\system32\nvcplui.exe
2007-06-29 00:43 6807328 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-06-29 00:43 6729728 --a------ C:\WINDOWS\system32\nvoglnt.dll
2007-06-29 00:43 6234112 --a------ C:\WINDOWS\system32\nvdisps.dll
2007-06-29 00:43 5690624 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-06-29 00:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-06-29 00:43 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2007-06-29 00:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-06-29 00:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcodins.dll
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcod.dll
2007-06-29 00:43 360448 --a------ C:\WINDOWS\system32\nvapi.dll
2007-06-29 00:43 3518464 --a------ C:\WINDOWS\system32\nvvitvs.dll
2007-06-29 00:43 3321856 --a------ C:\WINDOWS\system32\nvgames.dll
2007-06-29 00:43 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll
2007-06-29 00:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-06-29 00:43 2330624 --a------ C:\WINDOWS\system32\nvwss.dll
2007-06-29 00:43 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2007-06-29 00:43 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2007-06-29 00:43 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-06-29 00:43 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-06-29 00:43 155716 --a------ C:\WINDOWS\system32\nvsvc32.exe
2007-06-29 00:43 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-06-29 00:43 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2007-06-29 00:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-06-29 00:43 1142784 --a------ C:\WINDOWS\system32\nvmobls.dll
2007-06-29 00:43 1073152 --a------ C:\WINDOWS\system32\nvcpluir.dll
2007-06-29 00:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-06-29 00:43 1018772 --a------ C:\WINDOWS\system32\nvucode.bin
2007-06-27 00:25 --------- d-------- C:\Program Files\Nokia
2007-06-27 00:25 --------- d-------- C:\Program Files\Common Files\Nokia
2007-06-27 00:23 --------- d-------- C:\DOCUME~1\user\APPLIC~1\Nokia
2007-06-26 16:13 851968 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 15:35 665600 --a--c--- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 07:08 1104896 --a--c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-26 07:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-21 01:53 32768 --a------ C:\WINDOWS\system32\mf.dll
2007-06-19 14:37 282112 --a--c--- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-19 14:37 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-15 09:12 96256 --a--c--- C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-15 09:12 616960 --a--c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-15 09:12 55808 --a--c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-15 09:12 532480 --a--c--- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-15 09:12 474112 --a--c--- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-15 09:12 449024 --a--c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-15 09:12 39424 --a--c--- C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-15 09:12 357888 --a--c--- C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-15 09:12 3064320 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-15 09:12 251904 --a--c--- C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-15 09:12 205824 --a--c--- C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-15 09:12 16384 --a--c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-15 09:12 151040 --a--c--- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-15 09:12 1498112 --a--c--- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-15 09:12 146432 --a--c--- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-15 09:12 1054208 --a--c--- C:\WINDOWS\system32\dllcache\danim.dll
2007-06-15 09:12 1022976 --a--c--- C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-14 11:32 18432 --a--c--- C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 12:26 1033216 --a--c--- C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 12:26 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-11 23:51 10834944 --a--c--- C:\WINDOWS\system32\dllcache\wmp.dll
2007-06-03 19:48 14 --a------ C:\WINDOWS\system32\systeminfo.dll
2007-05-17 12:28 549376 --a--c--- C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-05-17 12:28 549376 --a------ C:\WINDOWS\system32\oleaut32.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-17 02:04 C:\WINDOWS\SkyTel.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]
"nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 08:47]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2006-01-12 23:40]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 07:12]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 21:20]
"Gainward"="C:\WINDOWS\TBPanel.exe" [2006-08-31 10:47]
"Acronis True Image Monitor"="C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" [2007-05-11 14:45]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-05-11 14:45]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 23:03 C:\WINDOWS\RTHDCPL.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [2007-06-29 00:43]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 04:05]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
"C:\Program Files\Kontiki\KHost.exe" -all

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
C:\Program Files\Kontiki\KHost.exe -all

R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
R0 timounter;Acronis TrueImage Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys
R2 ccXgui;ccXgui;C:\Program Files\ccxgui\ccXservice.exe
R2 TBPanel;TBPanel;C:\WINDOWS\system32\drivers\TBPane l.sys
R2 tifsfilter;Acronis TrueImage FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
R3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys
S3 AF05BDA;AF9005 BDA Device;C:\WINDOWS\system32\drivers\AF05BDA.sys
S3 GMSIPCI;GMSIPCI;\??\F:\INSTALL\GMSIPCI.SYS
S3 KProcWatch;KProcWatch;\??\C:\WINDOWS\system32\driv ers\KProcWatch.sys
S3 ProtoWall;ProtoWall Network Service;C:\WINDOWS\system32\DRIVERS\ProtoWall.sys
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21;C:\WINDOWS\system32\DRIVERS\xusb21.sys

*Newly Created Service* - PGFILTER

Contents of the 'Scheduled Tasks' folder
2007-08-15 01:12:14 C:\WINDOWS\Tasks\McDefragTask.job - C:\WINDOWS\system32\defrag.exe
2007-08-01 00:00:07 C:\WINDOWS\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe

************************************************** ************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-17 01:18:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Completion time: 2007-08-17 1:19:12

--- E O F ---

hersnab · #3 (**permalink**) 17-08-2007, 11:15 AM

Hi,
Well, well, what a day it has been, if you use (or used to) Skype like me you may aswell go back to bed. Found that the problem with my CPU was a program I had long forgotton I'd installed called Diskeeper. I went through a frenzy of uninstalling and clipping my program list in a hope it would reclaim some speed. As soon as Diskeeper was removed *bingo* service as normal. Shame when it worked well that was a worthwhile purchase.(I set it then I forget it) I think it must of become currupted because of the massive amount of data I've been shifting from drive to drive. Must have confused the poor blighter. Well thats, that sussed then. Let me know please if there is anything suspect in my log files but other than that Im all good now. Thanks for reading and hope this helps someone sometime.

VopThis · #4 (**permalink**) 17-08-2007, 01:18 PM

POSSIBLE EXPLANATION:

Quote:

2007-08-15 01:12:14 C:\WINDOWS\Tasks\McDefragTask.job - C:\WINDOWS\system32\defrag.exe

The above defragmentation task (from McAfee) may have been in conflict with the always on ?? DiskKeeper.