1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: PC running slowly.....!!!

Discussion in 'Virus & Other Malware Removal' started by Paul001, Apr 15, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. Paul001

    Paul001 Thread Starter

    Joined:
    Dec 5, 2006
    Messages:
    33
    My PC seems to be running slow all of a sudden + When at user log in screen it always says i have '1 program running', even though as far as i can see i dont!

    Below is a HJT logfile, could someone please take a look :)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:57:31, on 15/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\ATI-CPanel\atiptaxx.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\WINDOWS\system32\LVComsX.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.autosport.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [EPSON Stylus Photo R800] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9YE.EXE /FU "C:\WINDOWS\TEMP\E_S1DB.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
    O16 - DPF: ConferenceRoom Java Client - http://chat.strictlyhosting.com:8080/java/cr.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
    O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f007.mail.lycos.co.uk/app/uploader/FileUploader.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    --
    End of file - 9805 bytes
     
  2. Paul001

    Paul001 Thread Starter

    Joined:
    Dec 5, 2006
    Messages:
    33
    Can anyone help?????
     
  3. Paul001

    Paul001 Thread Starter

    Joined:
    Dec 5, 2006
    Messages:
    33
    I have attached an AVG history log. It seems to have found lots of trojans / viruses lately........ How do i know if system is clean now..... has AVG removed everything it has found?
    :confused:
     
  4. Paul001

    Paul001 Thread Starter

    Joined:
    Dec 5, 2006
    Messages:
    33
    Attached the log in txt file, too long to paste!!
     

    Attached Files:

  5. Jintan

    Jintan

    Joined:
    Oct 3, 2007
    Messages:
    1,164
    Hello Paul001,

    Unfortunately adding more posts in your own new request gives it the appearance a response has been received. I truly only checked this on a hunch myself. No infection is showing here though. I don't work from attachment logs due to time and awkwardness of those - did AVG actually locate any infection active there?

    Post back on that and let's take this additional other look as well.

    Go Here and download Silent Runners to your desktop. Run it, and post back here the log it creates. If your AV queries the script, allow it to run. It's not malicious. It will create a file named Startup Programs, and will notify when the scan is complete. Copy the log from the Startup Programs file back here.
     
  6. Paul001

    Paul001 Thread Starter

    Joined:
    Dec 5, 2006
    Messages:
    33
    I have run silent runners scan, but cant find the logfile...... any ideas?

    I dont think i have any active bugs, but there are a few in avg vault.... is there any safe way to remove them?
     
  7. Jintan

    Jintan

    Joined:
    Oct 3, 2007
    Messages:
    1,164
    The log it creates will be in the same location as the Silent Runners.vbs file you clicked to run the scan.
     
  8. Paul001

    Paul001 Thread Starter

    Joined:
    Dec 5, 2006
    Messages:
    33
    Log File.....

    "Silent Runners.vbs", revision 56, http://www.silentrunners.org/
    Operating System: Windows XP SP2
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:
    ---------------------------------

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "LogitechSoftwareUpdate" = ""C:\Program Files\Logitech\Video\ManifestEngine.exe" boot" ["Logitech Inc."]
    "swg" = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ["Google Inc."]
    "updateMgr" = ""C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9" [file not found]
    "H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\wcescomm.exe"" [MS]
    "EPSON Stylus Photo R800" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9YE.EXE /FU "C:\WINDOWS\TEMP\E_S1DB.tmp" /EF "HKCU"" ["SEIKO EPSON CORPORATION"]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "Wizard" = (empty string)
    "ATIPTA" = "C:\ATI-CPanel\atiptaxx.exe" ["ATI Technologies, Inc."]
    "SoundMAXPnP" = "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" ["Analog Devices, Inc."]
    "SoundMAX" = ""C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray" ["Analog Devices, Inc."]
    "FirstSteps" = (empty string)
    "Logitech Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech Inc."]
    "AVG7_CC" = "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
    "LogitechVideoTray" = "C:\Program Files\Logitech\Video\LogiTray.exe" ["Logitech Inc."]
    "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
    "StartCCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"" [null data]
    "Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
    \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
    {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"
    -> {HKLM...CLSID} = "BitComet Helper"
    \InProcServer32\(Default) = "C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll" ["BitComet"]
    {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" [null data]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "SSVHelper Class"
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]
    {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Windows Live Sign-in Helper"
    \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Google Toolbar Helper"
    \InProcServer32\(Default) = "c:\program files\google\googletoolbar4.dll" ["Google Inc."]
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
    \InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll" ["Google Inc."]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
    -> {HKLM...CLSID} = "Display Panning CPL Extension"
    \InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
    -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
    "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
    "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
    -> {HKLM...CLSID} = "RealOne Player Context Menu Class"
    \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
    "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
    -> {HKLM...CLSID} = "Outlook File Icon Extension"
    \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
    "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    "{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"
    -> {HKLM...CLSID} = "My Logitech Pictures"
    \InProcServer32\(Default) = "C:\Program Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."]
    "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
    -> {HKLM...CLSID} = "AVG7 Shell Extension Class"
    \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
    "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
    -> {HKLM...CLSID} = "AVG7 Find Extension Class"
    \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
    "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
    -> {HKLM...CLSID} = "My Sharing Folders"
    \InProcServer32\(Default) = "C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll" [MS]
    "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
    -> {HKLM...CLSID} = "iTunes"
    \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
    "{03DAACC5-10BA-4E3E-9D54-2A569F6B4B87}" = "Sony Ericsson File Manager"
    -> {HKLM...CLSID} = "Sony Ericsson File Manager"
    \InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile2\File Manager\FM.dll" ["Popwire AB"]
    "{738D66C6-0149-4D40-84E4-A7BB2D0CE949}" = "Sony Ericsson File Manager"
    -> {HKLM...CLSID} = "Sony Ericsson File Manager"
    \InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile2\File Manager\FM.dll" ["Popwire AB"]
    "{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universal Plug and Play Devices"
    -> {HKLM...CLSID} = "Universal Plug and Play Devices"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]
    "{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device"
    -> {HKLM...CLSID} = "Mobile Device"
    \InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\Wcesview.dll" [MS]
    "{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.65 Context Menu Shell Extension"
    -> {HKLM...CLSID} = "WinAceContext Menu Extension"
    \InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
    "{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.65 DragDrop Shell Extension"
    -> {HKLM...CLSID} = "WinAceDrag-Drop Extension"
    \InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
    "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.65 Context Menu Shell Extension"
    -> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
    \InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
    "{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.65 Property Sheet Shell Extension"
    -> {HKLM...CLSID} = "WinAceProperty Sheet Extension"
    \InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
    "{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
    -> {HKLM...CLSID} = "SimpleShlExt Class"
    \InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll" [null data]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
    "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
    -> {HKLM...CLSID} = "WPDShServiceObj Class"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    <<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

    HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
    {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
    -> {HKLM...CLSID} = "PDF Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

    HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
    AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
    -> {HKLM...CLSID} = "AVG7 Shell Extension Class"
    \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
    EPPShellEx\(Default) = "{509FE1AF-ADD5-49EC-BC55-7CF81FD16E78}"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\EPSON\Creativity Suite\Easy Photo Print\EPPShell.dll" ["SEIKO EPSON CORPORATION"]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
    -> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
    \InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]

    HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
    -> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
    \InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]

    HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
    AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
    -> {HKLM...CLSID} = "AVG7 Shell Extension Class"
    \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]


    Group Policies {policy setting}:
    --------------------------------

    Note: detected settings may not have any effect.

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

    "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
    {Shutdown: Allow system to be shut down without having to log on}

    "undockwithoutlogon" = (REG_DWORD) dword:0x00000001
    {Devices: Allow undock without having to log on}


    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop may be disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
    HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
    "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

    Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
    HKCU\Control Panel\Desktop\
    "Wallpaper" = "C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp"


    Startup items in "Paul" & "All Users" startup folders:
    ------------------------------------------------------

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    "Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
    "Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\KEM.exe" ["Logitech Inc."]


    Enabled Scheduled Tasks:
    ------------------------

    "AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."]


    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    Transport Service Providers

    HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 23
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
    -> {HKLM...CLSID} = "&Google"
    \InProcServer32\(Default) = "c:\program files\google\googletoolbar4.dll" ["Google Inc."]

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
    -> {HKLM...CLSID} = "&Google"
    \InProcServer32\(Default) = "c:\program files\google\googletoolbar4.dll" ["Google Inc."]

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
    -> {HKLM...CLSID} = "&Google"
    \InProcServer32\(Default) = "c:\program files\google\googletoolbar4.dll" ["Google Inc."]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
    {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
    "ButtonText" = "Create Mobile Favorite"
    "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
    -> {HKLM...CLSID} = "Create Mobile Favorite"
    \InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\INetRepl.dll" [MS]

    {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
    "MenuText" = "Create Mobile Favorite..."
    "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
    -> {HKLM...CLSID} = "Create Mobile Favorite"
    \InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\INetRepl.dll" [MS]

    {D18A0B52-D63C-4ED0-AFC6-C1E3DC1AF43A}\
    "ButtonText" = "BitComet"
    "Script" = "res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206" ["BitComet"]


    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
    AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe" ["GRISOFT, s.r.o."]
    AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe" ["GRISOFT, s.r.o."]
    EPSON V3 Service4(01), EPSON_PM_RPCV4_01, "C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE" ["SEIKO EPSON CORPORATION"]
    Messenger Sharing Folders USN Journal Reader service, usnjsvc, ""C:\Program Files\Windows Live\Messenger\usnsvc.exe"" [MS]
    SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]


    Print Monitors:
    ---------------

    HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
    CutePDF Writer Monitor\Driver = "cpwmon2k.dll" [null data]
    EPSON Stylus Photo R800 32MonitorBE\Driver = "E_FLB9YE.DLL" ["SEIKO EPSON CORPORATION"]
    hpzlnt04\Driver = "hpzlnt04.dll" ["HP"]
    Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]


    ---------- (launch time: 2008-04-25 22:37:13)
    <<!>>: Suspicious data at a malware launch point.

    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + The search for DESKTOP.INI DLL launch points on all local fixed drives
    took 150 seconds.
    ---------- (total run time: 198 seconds)
     
  9. Jintan

    Jintan

    Joined:
    Oct 3, 2007
    Messages:
    1,164
    No infection showing in that. The logs do show you have an ATI Technologies winlogon as well as a startup. I can see in web searches it is used for applying your preset hotkeys and a few other ATI utility functions. Not sure how this might come into play as far as slowness if it has been there for any length of time though. If you do not use the hotkey functions you can try disabling the service for that function by going to Start - Run, type services.msc and OK. Then double click on Ati Hotkey Poller if it is listed there, and change the Startup type to disabled. Take note before you do that of what type of startup it is set for already. Apply/OK and reboot to check for change or improvement. Any issues occur you can always reverse the steps by changing the service back to it's original settings.

    You can also run Cleanup (Start - Run, type cleanmgr and OK) to remove any stored temp items that might slow things down. If no improvements with either of those you may want to post a request on this in the TSG XP forum.
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Solved running slowly
  1. larryslade
    Replies:
    9
    Views:
    1,005
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/704079

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice