Author Topic: [Resolved] Slow performance - lots of hard drive activity  (Read 5870 times)

Offline adf1962

  • Bronze Member
  • Posts: 67
[Resolved] Slow performance - lots of hard drive activity
« on: December 06, 2010, 10:51:39 PM »
I notice that if I disconnect a session on my Windows XP but have left a browser open . . .I come back later with a lot of hard drive activity and then it takes forever to stop.  My machine becomes very slow.

I don't know if it's a Windows security setting that's doing a lot of scanning or what but it has become annoying.  

Below is a HJT scan.  Any advice on how I can stop whatever it is from tying up my computer.

Thanks in advance, you guys always have the answers.

T.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:18 PM, on 12/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe
C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\OpenVPN\bin\openvpn-gui.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sndvol32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-3860373334-2885350956-181780697-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Rosina')
O4 - HKUS\S-1-5-21-3860373334-2885350956-181780697-1007\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Rosina')
O4 - HKUS\S-1-5-21-3860373334-2885350956-181780697-1007\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Rosina')
O4 - HKUS\S-1-5-21-3860373334-2885350956-181780697-1007\..\Run: [A00F3AEF026.exe] C:\DOCUME~1\Rosina\LOCALS~1\Temp\_A00F3AEF026.exe (User 'Rosina')
O4 - HKUS\S-1-5-21-3860373334-2885350956-181780697-1007\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (User 'Rosina')
O4 - Global Startup: Event Planner Reminder.lnk = C:\Program Files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Tony\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} (IBM Lotus iNotes 8.5 Control) - https://webmail.us.publicisgroupe.net/dwa85W.cab
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} (Domino Web Access 8 Control) - https://webmail.us.publicisgroupe.net/dwa8W.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://webmail.us-resources.com/dwa7W.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://blacks.pnimedia.com/upload/activex/v2_0_0_12/PCAXSetupv2.0.0.12.cab?
O17 - HKLM\System\CCS\Services\Tcpip\..\{9541D7A2-AEB9-4B63-8C25-CD1FB2433AF1}: NameServer = 192.168.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AbelService - Unknown owner - C:\Program Files\AbelCam\AbelService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files\DynDNS Updater\DynDNS.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (roxliveshare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: sasrfc Service (sasrfcService) - Unknown owner - C:\Program Files\SAS Institute\SAS\V8\access\sasexe\sasrfc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 14102 bytes
« Last Edit: December 07, 2010, 08:47:34 AM by Hoov »

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27147
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Slow performance - lots of hard drive activity
« Reply #1 on: December 07, 2010, 08:56:27 AM »
You have been here and have been helped before, so you know how we work. Is this computer the same computer that you had help with the other times you have gotten help?


Please run ccleaner to remove temporary files from your system, and to improve the scanning time of the other scans we may be running. Then please run Malwarebytes' Anti-Malware to check for malware. Both sets of instructions are below

1.Download and scan with CCleaner
When you get to the website, there is a dark grey box on the left side with two tabs along the top. Inside this Dark Grey box is a light grey box. Below that light grey box is where the download links are at. The pay amount is for paid support.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:

    • Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
    • Clean all the entries in the "Windows Explorer" section.
    • Clean all entries in the "System" section.
    • Clean all entries in the "Advanced" section.
    • Clean any others that you choose.


    In the Applications Tab
      • Clean all except cookies in the Firefox/Mozilla section if you use it.
      • Clean all in the Opera section if you use it.
      • Clean Sun Java in the Internet Section.
      • Clean any others that you choose.


      4. Click the "Run Cleaner" button.
      5. A pop up box will appear advising this process will permanently delete files from your system.
      6. Click "OK" and it will scan and clean your system.
      7. Click "exit" when done.


      Please download Malwarebytes Anti-Malware and save it to your desktop.
      alternate download link 1
      alternate download link 2

      MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
      • Make sure you are connected to the Internet.
      • Double-click on mbam-setup.exe to install the application.
      • When the installation begins, follow the prompts and do not make any changes to default settings.
      • When installation has finished, make sure you leave both of these checked:
        • Update Malwarebytes' Anti-Malware
        • Launch Malwarebytes' Anti-Malware
        • Then click Finish.
        MBAM will automatically start and you will be asked to update the program before performing a scan.
        • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
        • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
        On the Scanner tab:
        • Make sure the "Perform Quick Scan" option is selected.
        • Then click on the Scan button.
        • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
        • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
        • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
        • Click OK to close the message box and continue with the removal process.
        Back at the main Scanner screen:
        • Click on the Show Results button to see a list of any malware that was found.
        • Make sure that everything is checked, and click Remove Selected.
        • When removal is completed, a log report will open in Notepad.
        • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
        • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
        • Exit MBAM when done.
        Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

        Former Consumer Security MVP
        2011-2014

        If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

        Offline adf1962

        • Bronze Member
        • Posts: 67
        Re: [In Progress] Slow performance - lots of hard drive activity
        « Reply #2 on: December 07, 2010, 10:32:23 AM »
        Thanks Hoov.

        Indeed I do remember how you guys work.  Yes, it is the same computer you've helped me with in the past.  I won't be able to get to get to that computer for another 12 hours so don't expect a reply until then.

        ADF

        Offline adf1962

        • Bronze Member
        • Posts: 67
        Re: [In Progress] Slow performance - lots of hard drive activity
        « Reply #3 on: December 07, 2010, 11:28:13 PM »
        I downloaded ccleaner (i had an old version but replaced it with the new one).  i clicked everything except for the following in the Advanced section.

        Menu Order Cache
        Tray Notifications Cache
        Window Size/Location Cache
        User Assist History

        ccleaner got rid of about 1.2 GB of files.

        I already had MalwareBytes so I updated the definitions and did a quick scan, below are the results.


        Malwarebytes' Anti-Malware 1.50
        www.malwarebytes.org

        Database version: 5268

        Windows 5.1.2600 Service Pack 3
        Internet Explorer 7.0.5730.13

        12/8/2010 12:21:08 AM
        mbam-log-2010-12-08 (00-21-08).txt

        Scan type: Quick scan
        Objects scanned: 208484
        Time elapsed: 16 minute(s), 2 second(s)

        Memory Processes Infected: 0
        Memory Modules Infected: 0
        Registry Keys Infected: 0
        Registry Values Infected: 0
        Registry Data Items Infected: 0
        Folders Infected: 0
        Files Infected: 0

        Memory Processes Infected:
        (No malicious items detected)

        Memory Modules Infected:
        (No malicious items detected)

        Registry Keys Infected:
        (No malicious items detected)

        Registry Values Infected:
        (No malicious items detected)

        Registry Data Items Infected:
        (No malicious items detected)

        Folders Infected:
        (No malicious items detected)

        Files Infected:
        (No malicious items detected)


        What's next?

        ADf

        Offline Hoov

        • Malware Removal Mentors
        • Administrator
        • Diamond Member
        • Posts: 27147
        • Unwilling part owner of Gov't. Motors and Chrysler
          • Hoov's Personal Site
        Re: [In Progress] Slow performance - lots of hard drive activity
        « Reply #4 on: December 08, 2010, 09:13:00 AM »
        Please read carefully and follow these steps.
        • Download TDSSKiller and save it to your Desktop.
        • Extract its contents to your desktop.
        • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.





        • If an infected file is detected, the default action will be Cure, click on Continue.





        • If a suspicious file is detected, the default action will be Skip, click on Continue.





        • It may ask you to reboot the computer to complete the process. Click on Reboot Now.





        • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
        • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

        Former Consumer Security MVP
        2011-2014

        If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

        Offline adf1962

        • Bronze Member
        • Posts: 67
        Re: [In Progress] Slow performance - lots of hard drive activity
        « Reply #5 on: December 08, 2010, 09:01:02 PM »
        No infection found.

        Contents of log file:


        2010/12/08 21:56:14.0265   TDSS rootkit removing tool 2.4.11.0 Dec  8 2010 14:46:40
        2010/12/08 21:56:14.0265   ================================================================================
        2010/12/08 21:56:14.0265   SystemInfo:
        2010/12/08 21:56:14.0265   
        2010/12/08 21:56:14.0265   OS Version: 5.1.2600 ServicePack: 3.0
        2010/12/08 21:56:14.0265   Product type: Workstation
        2010/12/08 21:56:14.0265   ComputerName: DIFELICE
        2010/12/08 21:56:14.0265   UserName: Tony
        2010/12/08 21:56:14.0265   Windows directory: C:\WINDOWS
        2010/12/08 21:56:14.0265   System windows directory: C:\WINDOWS
        2010/12/08 21:56:14.0265   Processor architecture: Intel x86
        2010/12/08 21:56:14.0265   Number of processors: 2
        2010/12/08 21:56:14.0265   Page size: 0x1000
        2010/12/08 21:56:14.0265   Boot type: Normal boot
        2010/12/08 21:56:14.0265   ================================================================================
        2010/12/08 21:56:15.0375   Initialize success
        2010/12/08 21:57:04.0906   ================================================================================
        2010/12/08 21:57:04.0906   Scan started
        2010/12/08 21:57:04.0906   Mode: Manual;
        2010/12/08 21:57:04.0906   ================================================================================
        2010/12/08 21:57:05.0156   61883           (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
        2010/12/08 21:57:05.0203   abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
        2010/12/08 21:57:05.0234   ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
        2010/12/08 21:57:05.0265   ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
        2010/12/08 21:57:05.0281   adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
        2010/12/08 21:57:05.0312   aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
        2010/12/08 21:57:05.0359   AFD             (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
        2010/12/08 21:57:05.0406   agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
        2010/12/08 21:57:05.0421   agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
        2010/12/08 21:57:05.0437   Aha154x         (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
        2010/12/08 21:57:05.0453   aic78u2         (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
        2010/12/08 21:57:05.0468   aic78xx         (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
        2010/12/08 21:57:05.0484   AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
        2010/12/08 21:57:05.0515   alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
        2010/12/08 21:57:05.0546   amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
        2010/12/08 21:57:05.0578   amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
        2010/12/08 21:57:05.0625   Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
        2010/12/08 21:57:05.0640   asc             (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
        2010/12/08 21:57:05.0656   asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
        2010/12/08 21:57:05.0671   asc3550         (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
        2010/12/08 21:57:05.0718   AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
        2010/12/08 21:57:05.0750   atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
        2010/12/08 21:57:05.0796   ati2mtag        (afb591955258dec2deb6de0137876800) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
        2010/12/08 21:57:05.0859   Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
        2010/12/08 21:57:05.0890   audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
        2010/12/08 21:57:05.0921   Avc             (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
        2010/12/08 21:57:05.0937   b57w2k          (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
        2010/12/08 21:57:05.0984   BANTExt         (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
        2010/12/08 21:57:06.0000   Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
        2010/12/08 21:57:06.0078   cbidf           (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
        2010/12/08 21:57:06.0093   cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
        2010/12/08 21:57:06.0140   CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
        2010/12/08 21:57:06.0171   cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
        2010/12/08 21:57:06.0203   Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
        2010/12/08 21:57:06.0250   Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
        2010/12/08 21:57:06.0265   Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
        2010/12/08 21:57:06.0296   CmdIde          (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
        2010/12/08 21:57:06.0312   Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
        2010/12/08 21:57:06.0343   dac2w2k         (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
        2010/12/08 21:57:06.0359   dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
        2010/12/08 21:57:06.0375   Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
        2010/12/08 21:57:06.0437   dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
        2010/12/08 21:57:06.0484   dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
        2010/12/08 21:57:06.0484   dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
        2010/12/08 21:57:06.0531   DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
        2010/12/08 21:57:06.0562   dot4            (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
        2010/12/08 21:57:06.0625   Dot4Print       (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
        2010/12/08 21:57:06.0656   Dot4Scan        (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
        2010/12/08 21:57:06.0687   dot4usb         (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
        2010/12/08 21:57:06.0718   dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
        2010/12/08 21:57:06.0750   drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
        2010/12/08 21:57:06.0796   drvmcdb         (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
        2010/12/08 21:57:06.0812   drvnddm         (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
        2010/12/08 21:57:06.0875   E100B           (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
        2010/12/08 21:57:07.0000   eeCtrl          (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
        2010/12/08 21:57:07.0062   ENDETECT        (ff29df2387459d7fb4dfda0b6750b5a7) C:\PROGRA~1\Bell\ACCESS~1\app\ENDETECT.SYS
        2010/12/08 21:57:07.0140   ENETNT5         (b6a0b5b85cda1ed38c27a83fd5208ce8) C:\WINDOWS\system32\DRIVERS\enetnt.sys
        2010/12/08 21:57:07.0218   ENTECH          (fd9fc82f134b1c91004ffc76a5ae494b) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
        2010/12/08 21:57:07.0296   EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
        2010/12/08 21:57:07.0406   Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
        2010/12/08 21:57:07.0484   Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
        2010/12/08 21:57:07.0531   Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
        2010/12/08 21:57:07.0562   Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
        2010/12/08 21:57:07.0609   FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
        2010/12/08 21:57:07.0625   Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
        2010/12/08 21:57:07.0640   Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
        2010/12/08 21:57:07.0687   GEARAspiWDM     (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\drivers\gearaspiwdm.sys
        2010/12/08 21:57:07.0718   GMFilter        (0d4a527ad506662b5c512ad8441cef40) C:\WINDOWS\system32\Drivers\GMFilter.sys
        2010/12/08 21:57:07.0750   Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
        2010/12/08 21:57:07.0812   HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
        2010/12/08 21:57:07.0843   hpn             (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
        2010/12/08 21:57:07.0906   HPZid412        (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
        2010/12/08 21:57:07.0937   HPZipr12        (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
        2010/12/08 21:57:07.0953   HPZius12        (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
        2010/12/08 21:57:08.0000   HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
        2010/12/08 21:57:08.0031   i2omgmt         (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
        2010/12/08 21:57:08.0062   i2omp           (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
        2010/12/08 21:57:08.0093   i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
        2010/12/08 21:57:08.0125   Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
        2010/12/08 21:57:08.0156   ini910u         (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
        2010/12/08 21:57:08.0171   IntelIde        (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
        2010/12/08 21:57:08.0218   intelppm        (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
        2010/12/08 21:57:08.0250   Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
        2010/12/08 21:57:08.0281   IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
        2010/12/08 21:57:08.0296   IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
        2010/12/08 21:57:08.0343   IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
        2010/12/08 21:57:08.0375   IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
        2010/12/08 21:57:08.0390   IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
        2010/12/08 21:57:08.0421   isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
        2010/12/08 21:57:08.0453   Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
        2010/12/08 21:57:08.0500   kbdhid          (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
        2010/12/08 21:57:08.0531   kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
        2010/12/08 21:57:08.0562   KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
        2010/12/08 21:57:08.0640   LVUSBSta        (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys
        2010/12/08 21:57:08.0671   mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
        2010/12/08 21:57:08.0718   Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
        2010/12/08 21:57:08.0750   Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
        2010/12/08 21:57:08.0796   mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
        2010/12/08 21:57:08.0828   MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
        2010/12/08 21:57:08.0875   mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
        2010/12/08 21:57:08.0953   MREMPR5         (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
        2010/12/08 21:57:09.0015   MRENDIS5        (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
        2010/12/08 21:57:09.0062   MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
        2010/12/08 21:57:09.0109   MRxSmb          (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
        2010/12/08 21:57:09.0171   MSDV            (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
        2010/12/08 21:57:09.0203   Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
        2010/12/08 21:57:09.0218   MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
        2010/12/08 21:57:09.0265   MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
        2010/12/08 21:57:09.0281   MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
        2010/12/08 21:57:09.0328   mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
        2010/12/08 21:57:09.0343   MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
        2010/12/08 21:57:09.0359   Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
        2010/12/08 21:57:09.0390   NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
        2010/12/08 21:57:09.0484   NAVENG          (49d802531e5984cf1fe028c6c129b9d8) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101203.003\naveng.sys
        2010/12/08 21:57:09.0546   NAVEX15         (158676a5758c1fa519563b3e72fbf256) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101203.003\navex15.sys
        2010/12/08 21:57:09.0687   NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
        2010/12/08 21:57:09.0734   NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
        2010/12/08 21:57:09.0765   NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
        2010/12/08 21:57:09.0781   Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
        2010/12/08 21:57:09.0812   NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
        2010/12/08 21:57:09.0828   NDProxy         (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
        2010/12/08 21:57:09.0859   NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
        2010/12/08 21:57:09.0890   NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
        2010/12/08 21:57:09.0937   NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
        2010/12/08 21:57:09.0968   nm              (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
        2010/12/08 21:57:10.0000   NPF             (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys
        2010/12/08 21:57:10.0031   Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
        2010/12/08 21:57:10.0062   Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
        2010/12/08 21:57:10.0171   NTSTPL1         (a74296903f9eb2888a3548807c0c0410) C:\PROGRA~1\Bell\ACCESS~1\app\NTSTPL1.SYS
        2010/12/08 21:57:10.0187   NTSTPL2         (a74296903f9eb2888a3548807c0c0410) C:\PROGRA~1\Bell\ACCESS~1\app\NTSTPL2.SYS
        2010/12/08 21:57:10.0265   Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
        2010/12/08 21:57:10.0390   nv              (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
        2010/12/08 21:57:10.0515   NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
        2010/12/08 21:57:10.0546   NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
        2010/12/08 21:57:10.0578   ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
        2010/12/08 21:57:10.0609   Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
        2010/12/08 21:57:10.0625   PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
        2010/12/08 21:57:10.0640   ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
        2010/12/08 21:57:10.0671   pavboot         (210a628a0d7b3f45257850efbff27538) C:\WINDOWS\system32\drivers\pavboot.sys
        2010/12/08 21:57:10.0687   PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
        2010/12/08 21:57:10.0734   PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
        2010/12/08 21:57:10.0750   Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
        2010/12/08 21:57:10.0765   perc2           (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
        2010/12/08 21:57:10.0781   perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
        2010/12/08 21:57:10.0843   Point32         (e552d6598670b1e7655cb73d562e0cd9) C:\WINDOWS\system32\DRIVERS\point32.sys
        2010/12/08 21:57:10.0890   PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
        2010/12/08 21:57:10.0921   PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
        2010/12/08 21:57:10.0984   Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
        2010/12/08 21:57:11.0031   PxHelp20        (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
        2010/12/08 21:57:11.0109   QCMerced        (9a155d31b8e52f41b258282092cc93a7) C:\WINDOWS\system32\DRIVERS\LVCM.sys
        2010/12/08 21:57:11.0203   ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
        2010/12/08 21:57:11.0203   Ql10wnt         (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
        2010/12/08 21:57:11.0218   ql12160         (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
        2010/12/08 21:57:11.0250   ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
        2010/12/08 21:57:11.0265   ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
        2010/12/08 21:57:11.0296   RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
        2010/12/08 21:57:11.0343   Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
        2010/12/08 21:57:11.0375   RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
        2010/12/08 21:57:11.0390   Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
        2010/12/08 21:57:11.0468   RAWESR          (5c230107a4c742f744c7bc9f215ee272) C:\PROGRA~1\Bell\ACCESS~1\app\RAWESR.SYS
        2010/12/08 21:57:11.0515   Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
        2010/12/08 21:57:11.0546   RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
        2010/12/08 21:57:11.0578   rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
        2010/12/08 21:57:11.0640   RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
        2010/12/08 21:57:11.0671   redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
        2010/12/08 21:57:11.0718   RimUsb          (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
        2010/12/08 21:57:11.0765   RimVSerPort     (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
        2010/12/08 21:57:11.0796   ROOTMODEM       (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
        2010/12/08 21:57:11.0937   SAVRT           (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys
        2010/12/08 21:57:11.0984   SAVRTPEL        (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
        2010/12/08 21:57:12.0046   Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
        2010/12/08 21:57:12.0093   senfilt         (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
        2010/12/08 21:57:12.0171   serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
        2010/12/08 21:57:12.0218   Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
        2010/12/08 21:57:12.0281   Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
        2010/12/08 21:57:12.0328   sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
        2010/12/08 21:57:12.0375   skbusenum       (3d6728e159ee39e61a3598977448a5f0) C:\WINDOWS\system32\DRIVERS\skbusenum.sys
        2010/12/08 21:57:12.0406   SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
        2010/12/08 21:57:12.0437   smwdm           (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
        2010/12/08 21:57:12.0500   SONYPVU1        (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
        2010/12/08 21:57:12.0531   Sparrow         (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
        2010/12/08 21:57:12.0625   SPBBCDrv        (677b10906838d3bfb1c07ac9087e4bf7) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
        2010/12/08 21:57:12.0671   splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
        2010/12/08 21:57:12.0703   sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
        2010/12/08 21:57:12.0765   Srv             (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
        2010/12/08 21:57:12.0796   sscdbhk5        (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
        2010/12/08 21:57:12.0828   ssrtln          (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
        2010/12/08 21:57:12.0875   streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
        2010/12/08 21:57:12.0906   swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
        2010/12/08 21:57:12.0953   swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
        2010/12/08 21:57:13.0000   symc810         (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
        2010/12/08 21:57:13.0015   symc8xx         (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
        2010/12/08 21:57:13.0125   SymEvent        (de6d1102d55926354171ae4e73936725) C:\Program Files\Symantec\SYMEVENT.SYS
        2010/12/08 21:57:13.0187   SYMREDRV        (6c0a85982f4e0d672b85a2bfb50a24b5) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
        2010/12/08 21:57:13.0203   SYMTDI          (cdda3ba3f7d5b63ff9f85cb478c11473) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
        2010/12/08 21:57:13.0234   sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
        2010/12/08 21:57:13.0250   sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
        2010/12/08 21:57:13.0312   sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
        2010/12/08 21:57:13.0343   tap0801         (846b7c0e3f6370cdcce157a5b36e70cd) C:\WINDOWS\system32\DRIVERS\tap0801.sys
        2010/12/08 21:57:13.0390   tap0901         (1e89de7a4fb7a854ebb241d0aa8996dd) C:\WINDOWS\system32\DRIVERS\tap0901.sys
        2010/12/08 21:57:13.0468   TAPBIND         (d94e7c67e184d55bc77917c570653ce3) C:\PROGRA~1\Bell\ACCESS~1\app\TAPBIND1.SYS
        2010/12/08 21:57:13.0515   Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
        2010/12/08 21:57:13.0562   TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
        2010/12/08 21:57:13.0593   TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
        2010/12/08 21:57:13.0625   TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
        2010/12/08 21:57:13.0718   tfsnboio        (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
        2010/12/08 21:57:13.0734   tfsncofs        (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
        2010/12/08 21:57:13.0765   tfsndrct        (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
        2010/12/08 21:57:13.0781   tfsndres        (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
        2010/12/08 21:57:13.0812   tfsnifs         (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
        2010/12/08 21:57:13.0843   tfsnopio        (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
        2010/12/08 21:57:13.0875   tfsnpool        (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
        2010/12/08 21:57:13.0875   tfsnudf         (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
        2010/12/08 21:57:13.0906   tfsnudfa        (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
        2010/12/08 21:57:13.0984   tmcomm          (df8444a8fa8fd38d8848bdd40a8403b3) C:\WINDOWS\system32\drivers\tmcomm.sys
        2010/12/08 21:57:14.0000   TosIde          (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
        2010/12/08 21:57:14.0062   Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
        2010/12/08 21:57:14.0093   ultra           (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
        2010/12/08 21:57:14.0156   Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
        2010/12/08 21:57:14.0203   USBAAPL         (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
        2010/12/08 21:57:14.0218   usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
        2010/12/08 21:57:14.0265   usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
        2010/12/08 21:57:14.0296   usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
        2010/12/08 21:57:14.0343   usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
        2010/12/08 21:57:14.0390   usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
        2010/12/08 21:57:14.0421   usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
        2010/12/08 21:57:14.0468   USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
        2010/12/08 21:57:14.0484   usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
        2010/12/08 21:57:14.0515   VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
        2010/12/08 21:57:14.0562   viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
        2010/12/08 21:57:14.0625   ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
        2010/12/08 21:57:14.0671   VirtualK        (db4792814b15864211a3da338727db02) C:\WINDOWS\system32\drivers\VirtualK.sys
        2010/12/08 21:57:14.0687   VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
        2010/12/08 21:57:14.0734   Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
        2010/12/08 21:57:14.0750   wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
        2010/12/08 21:57:14.0828   WmBEnum         (1abfd1399436e81c9d857f5fc76eaf98) C:\WINDOWS\system32\drivers\WmBEnum.sys
        2010/12/08 21:57:14.0859   WmFilter        (b3cfcbcc91ff61ef82fc693b8b57e7f0) C:\WINDOWS\system32\drivers\WmFilter.sys
        2010/12/08 21:57:14.0921   WmVirHid        (a40d2dd0f019423ef6c363f1295eb38d) C:\WINDOWS\system32\drivers\WmVirHid.sys
        2010/12/08 21:57:14.0937   WmXlCore        (2bf505424f469155cd90d7b3301d7adc) C:\WINDOWS\system32\drivers\WmXlCore.sys
        2010/12/08 21:57:14.0984   WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
        2010/12/08 21:57:15.0015   WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
        2010/12/08 21:57:15.0062   WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
        2010/12/08 21:57:15.0093   WUDFRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
        2010/12/08 21:57:15.0250   ================================================================================
        2010/12/08 21:57:15.0250   Scan finished
        2010/12/08 21:57:15.0250   ================================================================================

        Offline Hoov

        • Malware Removal Mentors
        • Administrator
        • Diamond Member
        • Posts: 27147
        • Unwilling part owner of Gov't. Motors and Chrysler
          • Hoov's Personal Site
        Re: [In Progress] Slow performance - lots of hard drive activity
        « Reply #6 on: December 08, 2010, 09:24:43 PM »
        What happens if you close IE instead of just closing the webpages?

        Former Consumer Security MVP
        2011-2014

        If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

        Offline adf1962

        • Bronze Member
        • Posts: 67
        Re: [In Progress] Slow performance - lots of hard drive activity
        « Reply #7 on: December 08, 2010, 11:06:13 PM »
        just closing the web pages didn't make much of a difference.  i used to have to close down IE entirely . . .and then wait.  sometimes i wonder if Windows Defender(or something else) was doing a scan after I logged in which made a mess of things.
        i tend to use Firefox a lot.
        I haven't noticed any problems since I cleaned things up yesterday.

        Offline Hoov

        • Malware Removal Mentors
        • Administrator
        • Diamond Member
        • Posts: 27147
        • Unwilling part owner of Gov't. Motors and Chrysler
          • Hoov's Personal Site
        Re: [In Progress] Slow performance - lots of hard drive activity
        « Reply #8 on: December 09, 2010, 10:11:25 AM »
        How often does the problem show up?

        Former Consumer Security MVP
        2011-2014

        If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

        Offline adf1962

        • Bronze Member
        • Posts: 67
        Re: [In Progress] Slow performance - lots of hard drive activity
        « Reply #9 on: December 09, 2010, 12:44:50 PM »
        It used to happen 80% of the time I would have a browser up and then leave for a few hours.  When I get back to the computer, I hear it crunching away . . .some times it settles down after a few minutes . . some times it takes longer.  If I decide to simply power off then I run the risk that when I turn it back on, it does a security scan (or so I'm assuming) which sometimes could take about 10 minutes.

        Offline Hoov

        • Malware Removal Mentors
        • Administrator
        • Diamond Member
        • Posts: 27147
        • Unwilling part owner of Gov't. Motors and Chrysler
          • Hoov's Personal Site
        Re: [In Progress] Slow performance - lots of hard drive activity
        « Reply #10 on: December 09, 2010, 12:56:09 PM »
        The next time this happens, can you physically disconnect your internet connection? If the computer is still busy, it will mean it is something on your computer only.

        Also please follow the instructions below.

        I need you to go to the administration tools in XP. They are in the Control Panel. Open the Admin tools, then open the event viewer. Over on the left hand side and click on System. Then up at the top click on Action and then click on Save Events As, type in system as the file name,  make sure file type EVT is selected, and then navigate so it will save the file to your desktop, then click save. Over on the left hand side and click on Application. Then up at the top click on Action and then click on Save Events As, type in application as the file name,  make sure file type EVT is selected, and then navigate so it will save the file to your desktop, then click save. Zip them both up into a single zip file, post them back here in your next reply as attachments.

        Former Consumer Security MVP
        2011-2014

        If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

        Offline adf1962

        • Bronze Member
        • Posts: 67
        Re: [In Progress] Slow performance - lots of hard drive activity
        « Reply #11 on: December 09, 2010, 09:37:30 PM »
        I launched both IE and Firefox several hours ago.

        Attached is the zip file you requested.

        I'm going to leave IE and Firefox up until tomorrow to see if I can reproduce the problem.

        ADF

        Offline Hoov

        • Malware Removal Mentors
        • Administrator
        • Diamond Member
        • Posts: 27147
        • Unwilling part owner of Gov't. Motors and Chrysler
          • Hoov's Personal Site
        Re: [In Progress] Slow performance - lots of hard drive activity
        « Reply #12 on: December 09, 2010, 09:41:30 PM »
        Did this start around the second of December?

        Former Consumer Security MVP
        2011-2014

        If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

        Offline adf1962

        • Bronze Member
        • Posts: 67
        Re: [In Progress] Slow performance - lots of hard drive activity
        « Reply #13 on: December 09, 2010, 10:42:37 PM »
        it's been going on for a few months.  i haven't been able to figure it out on my own so that's when i decided to get some help.

        ADF

        Offline Hoov

        • Malware Removal Mentors
        • Administrator
        • Diamond Member
        • Posts: 27147
        • Unwilling part owner of Gov't. Motors and Chrysler
          • Hoov's Personal Site
        Re: [In Progress] Slow performance - lots of hard drive activity
        « Reply #14 on: December 09, 2010, 11:23:42 PM »
        Your event viewer logs only go back to December 2 that is why I ask. There is a problem with the  Decomposer Engine of the Symantec AV scanner. Basically it can't open zipped files or CAB's, that sort of thing. Take a look in the logs, if there are any for that far back, in the scanner and see if that problem shows up back then.

        Former Consumer Security MVP
        2011-2014

        If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!