TechSpot

Computer became slow 1 day ago, can't complete 8 step virus protocol

By mylittlefriend
Feb 14, 2011
  1. hello,

    my laptop became extremely slow 1 day ago. i noticed that the mouse was "catching" on the screen, not smooth at all and the load time for starting the computer was longer than i have ever seen it. It is a comaq r4000 with wind. xp. I use eset nod32 anti-virus. i ran the full scan nothing showed up. I checked the resources usage and it is spiking every 20 seconds or so to about 90 percent even without me running anything. I went onto your website and the 8 step virus tool you have and the problem that i am facing is that i cannot keep it from crashing/freezing before i even complete a scan. also i did download spyware doctor and it also did not find anything. the mbam was not able to finish its scan because the screen just froze. i have tried a couple of times along with disabling the anti-virus protection hoping that some resources would be freed up but to no avail am i able to run mbam completely. can someone guide me through this problem.
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! This in itself doesn't mean you have malware> unless the system is massively infected.

    In order to evaluate this, prepare the system for shutdown> close any active Windows and email, but don't shutdown. Do a right click on the Taskbar> Task Manager> Double click on the top frame of the CPU column to sort in Descending order. The only processes you should see using CPU now are: System, System Idle and taskmgr. These 3 should add up to !00% of the CPU. You may have a process with 1-2 in the CPU column but you can ignore that.

    Have a look at that and let me know if you see any other high CPU users.

    Please tell me how much RAM you have installed and the size of the Hard Drive. You can find this info in the Control Panel> System Properties.

    I would also like to know if you have recently downloaded a program or app, music, photos, etc.
     
  3. mylittlefriend

    mylittlefriend TS Rookie Topic Starter

    thanks for the reply back

    hello thanks once again. here is what you asked for.

    when i get the computer ready for shut down 99 is going for system idle with the odd time that taskmgr gets a few points. those seem to be the only ones using cpu resources. however if i sit and watch it for two minutes i notice that explorer.exe will get up to 12, something called alg.exe will get 8 and jqs.exe gets anywhere from 8-15. that happens sporadically over about a 1 minute period.

    i have a 1.77gHz 1.00 GB of RAM with 75 GB HD. it is split into 35 and 40 for storage. I use utorrent but i have had that program on for a while, with no new downloads in a few weeks. no new programs added. the last time i used it when it was fine was streaming some videos, i do not know if anyone else used the computer cuz i left it on in the common room for a day or so.

    i was able to run mbam, gmer and dds. i am attaching the logs here. i hope this is ok, i haven't used a forum such as this to post items. let me know.

    thanks

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5762

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    2/14/2011 2:36:11 PM
    mbam-log-2011-02-14 (14-36-11).txt

    Scan type: Quick scan
    Objects scanned: 143738
    Time elapsed: 35 minute(s), 39 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)



    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-02-14 15:07:13
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9808211A rev.3.02
    Running: twp3y8nb.exe; Driver: C:\DOCUME~1\GUESTA~1\LOCALS~1\Temp\ugtdypob.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
    AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    ---- EOF - GMER 1.0.15 ----


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by guest account at 15:08:14.78 on Mon 02/14/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.665 [GMT -5:00]

    AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\guest account\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    mSearchAssistant = hxxp://www.google.com/ie
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
    mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
    mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\guesta~1\applic~1\mozilla\firefox\profiles\cimzn3rz.default\
    FF - prefs.js: browser.startup.homepage - yahoo.ca
    FF - component: c:\program files\pc tools security\bdt\firefox\platform\winnt_x86-msvc\components\libheuristic.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

    ============= SERVICES / DRIVERS ===============

    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-11-16 108792]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-11-16 96408]
    R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-11-16 735960]
    R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2008-2-3 200192]

    =============== Created Last 30 ================

    2011-02-14 18:32:56 -------- d-----w- c:\docume~1\guesta~1\applic~1\Malwarebytes
    2011-02-14 18:32:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-02-14 18:32:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2011-02-14 18:31:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-02-14 18:31:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-02-13 21:48:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
    2011-01-21 14:44:37 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll
    2011-01-18 03:38:52 -------- d-----w- c:\documents and settings\guest account\FreePhoneLine
    2011-01-18 03:38:43 -------- d-----w- c:\program files\FreePhoneLine
    2011-01-18 03:38:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-01-18 03:38:05 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2011-01-18 03:38:05 411368 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    2011-01-17 18:04:12 -------- d-sh--w- c:\documents and settings\guest account\PrivacIE
    2011-01-17 18:04:08 -------- d-----w- c:\docume~1\guesta~1\locals~1\applic~1\Google
    2011-01-16 16:17:54 -------- d-----w- c:\docume~1\guesta~1\locals~1\applic~1\Identities

    ==================== Find3M ====================

    2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
    2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
    2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
    2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2010-12-09 13:38:47 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-12-09 13:07:05 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
    2008-02-04 04:11:00 1491592 ----a-w- c:\program files\install_flash_player.exe
    2005-08-24 00:26:00 73728 ----a-w- c:\program files\CheckVer.exe
    2005-08-24 00:26:00 151552 ----a-w- c:\program files\AtiCim.bin
    2005-08-24 00:26:00 110592 ----a-w- c:\program files\AtiCimUn.exe
    2004-11-29 18:35:54 567000 ----a-w- c:\program files\Setup.exe
    2004-11-29 18:29:02 561152 ----a-w- c:\program files\HXFSetup.exe
    2004-11-23 18:57:56 280192 ----a-w- c:\program files\camchal.sys
    2004-11-23 18:56:40 34048 ----a-w- c:\program files\camcaud.sys
    2004-11-23 18:55:40 28672 ----a-w- c:\program files\CIAunWDM.exe
    2004-10-27 15:35:44 85 ----a-w- c:\program files\Install.bat
    2004-10-20 11:55:58 5952 ----a-w- c:\program files\Dublin_EQ_Final.reg
    2004-08-20 18:54:30 417 ----a-w- c:\program files\layout.bin
    2004-06-28 14:35:24 69760 ----a-w- c:\program files\Rtlnicxp.sys
    2004-06-28 14:35:06 68992 ----a-w- c:\program files\Rtlnic.sys
    2004-04-29 18:07:54 32248 ----a-w- c:\program files\caudinst.dll

    ============= FINISH: 15:09:56.73 ===============


    this is the attach file, not sure if you needed it or not.

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/3/2008 9:17:31 PM
    System Uptime: 2/14/2011 2:53:39 PM (1 hours ago)

    Motherboard: Hewlett-Packard | | 3085
    Processor: AMD Athlon(tm) 64 Processor 3500+ | U23 | 994/mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 39 GiB total, 17.273 GiB free.
    D: is FIXED (NTFS) - 35 GiB total, 25.484 GiB free.
    E: is CDROM ()
    F: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Realtek RTL8139/810x Family Fast Ethernet NIC
    Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_3085103C&REV_10\4&13826118&0&30A4
    Manufacturer: Realtek Semiconductor Corp.
    Name: Realtek RTL8139/810x Family Fast Ethernet NIC
    PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_3085103C&REV_10\4&13826118&0&30A4
    Service: RTL8023xp

    ==== System Restore Points ===================

    RP256: 12/16/2010 9:26:57 PM - Software Distribution Service 3.0
    RP257: 12/29/2010 12:27:37 PM - System Checkpoint
    RP258: 12/31/2010 6:46:45 PM - System Checkpoint
    RP259: 1/11/2011 1:17:18 AM - System Checkpoint
    RP260: 1/12/2011 2:05:24 AM - System Checkpoint
    RP261: 1/13/2011 3:19:43 PM - System Checkpoint
    RP262: 1/14/2011 10:57:17 AM - Software Distribution Service 3.0
    RP263: 1/16/2011 2:27:02 PM - System Checkpoint
    RP264: 1/17/2011 3:34:42 PM - System Checkpoint
    RP265: 1/17/2011 10:37:41 PM - Installed Java(TM) 6 Update 20
    RP266: 1/17/2011 10:38:42 PM - Installed FreePhoneLine
    RP267: 1/19/2011 12:53:00 AM - System Checkpoint
    RP268: 1/20/2011 3:54:31 PM - System Checkpoint
    RP269: 1/21/2011 11:09:38 PM - System Checkpoint
    RP270: 1/22/2011 11:41:17 PM - System Checkpoint
    RP271: 1/24/2011 1:07:45 PM - System Checkpoint
    RP272: 1/26/2011 9:32:35 AM - System Checkpoint
    RP273: 1/27/2011 1:42:43 PM - System Checkpoint
    RP274: 1/28/2011 2:18:55 PM - System Checkpoint
    RP275: 1/29/2011 4:35:11 PM - System Checkpoint
    RP276: 1/31/2011 3:35:30 PM - System Checkpoint
    RP277: 2/1/2011 6:29:00 PM - System Checkpoint
    RP278: 2/2/2011 9:13:03 PM - System Checkpoint
    RP279: 2/3/2011 11:37:47 PM - System Checkpoint
    RP280: 2/5/2011 1:14:31 AM - System Checkpoint
    RP281: 2/6/2011 2:39:51 AM - System Checkpoint
    RP282: 2/7/2011 10:19:24 AM - System Checkpoint
    RP283: 2/9/2011 9:25:09 PM - Software Distribution Service 3.0
    RP284: 2/11/2011 9:53:43 AM - System Checkpoint
    RP285: 2/12/2011 1:04:59 PM - System Checkpoint
    RP286: 2/13/2011 1:16:57 PM - System Checkpoint

    ==== Installed Programs ======================

    ĀµTorrent
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe Reader 9.4.1
    ATI - Software Uninstall Utility
    ATI Control Panel
    ATI Display Driver
    Broadcom 802.11 Wireless LAN Adapter
    CCleaner
    Conexant AC-Link Audio
    Data Fax SoftModem with SmartCP
    ESET NOD32 Antivirus
    FileMaker Pro 5.5
    FreePhoneLine
    Google Toolbar for Internet Explorer
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Java Auto Updater
    Java(TM) 6 Update 20
    K-Lite Codec Pack 4.1.7 (Full)
    Malwarebytes' Anti-Malware
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Mozilla Firefox (3.6.3)
    Octoshape add-in for Adobe Flash Player
    REALTEK Gigabit and Fast Ethernet NIC Driver
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Spelling Dictionaries Support For Adobe Reader 9
    Synaptics Pointing Device Driver
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Internet Explorer 8 (KB980302)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    WebFldrs XP
    Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3

    ==== Event Viewer Messages From Past Week ========

    2/14/2011 9:30:36 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/14/2011 9:30:34 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
    2/14/2011 3:00:04 PM, error: System Error [1003] - Error code 100000c5, parameter1 00083d60, parameter2 00000002, parameter3 00000000, parameter4 805446b2.
    2/14/2011 2:47:44 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
    2/14/2011 1:20:01 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
    2/14/2011 1:20:01 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
    2/14/2011 1:20:01 PM, error: Service Control Manager [7034] - The PC Tools Auxiliary Service service terminated unexpectedly. It has done this 1 time(s).
    2/14/2011 1:20:01 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    2/14/2011 1:20:01 PM, error: Service Control Manager [7034] - The Browser Defender Update Service service terminated unexpectedly. It has done this 1 time(s).
    2/14/2011 1:20:01 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
    2/14/2011 1:20:01 PM, error: Service Control Manager [7022] - The PC Tools Security Service service hung on starting.
    2/13/2011 11:49:21 AM, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.
    2/12/2011 12:34:14 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    2/12/2011 12:33:33 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

    ==== End Of File ===========================
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    jqs.exe is Java Quick Starter. I'll have you disable the Service.
    explorer.exe is the Windows File System Manager and Desktop
    alg.exe is the Abstraction Layer Gateway. This file provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
    These are all legitimate processes. But as we say, malware can hide behind almost any process name.
    Moderate increases in any of these is nothing to be worried about.
    But I will promise you something: If you sit and watch the processes in the Task Manager for extended periods, you will most likely lose part of your mind!

    I think I might wonder about this one: FreePhoneLine
    And no matter how you whitewash uTorrent or any other files sharing programs, they are still a major contributor of malware.
    ====================================
    I wonder how it was that you could run the scans after all? I'd like you to do 2 more:

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard)
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the clipboard, you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ==============================
    Download Combofix to your desktop from one of these locations:
    Link 1
    Link 2
    • Double click combofix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Query- Recovery Console image
      [​IMG]
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes it will open a text window. Please paste that log in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
     
  5. mylittlefriend

    mylittlefriend TS Rookie Topic Starter

    eset and combofix follow-up

    hello

    i removed both freephoneline and utorrent from the laptop. in order to get the scans to work what i did was, keep in mind i do not even know if what i did would ahve worked, so what i did was to diasable my antivirus, disconnect from the internet and run the computer in safemode. that was the only way because as i had mentioned earlier the computer was freezing. as you instructed i ran eset online scanner and combofix here are the results. one thing though is that i already use eset nod32 as my antivirus, but i still did the online scanner.

    once again i appreciate your time and help very much as this has become quite frustating. if there is anything else required please do let me know. thanks once again.


    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6419
    # api_version=3.0.2
    # EOSSerial=b5ab2af698cf3043afa6a75d87f2193f
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-02-17 03:22:28
    # local_time=2011-02-17 10:22:28 (-0500, Eastern Standard Time)
    # country="United States"
    # lang=9
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=8199 39157157 100 100 0 38656636 0 0
    # scanned=45386
    # found=0
    # cleaned=0
    # scan_time=5349
    # nod_component=V3 Build:0x30000000


    ComboFix 11-02-16.05 - guest account 02/17/2011 10:53:18.1.1 - x86
    Running from: c:\documents and settings\guest account\Desktop\ComboFix.exe
    AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Setup.exe

    .
    ((((((((((((((((((((((((( Files Created from 2011-01-17 to 2011-02-17 )))))))))))))))))))))))))))))))
    .

    2011-02-14 18:32 . 2011-02-14 18:32 -------- d-----w- c:\documents and settings\guest account\Application Data\Malwarebytes
    2011-02-14 18:32 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-02-14 18:32 . 2011-02-14 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-02-14 18:31 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-02-14 18:31 . 2011-02-14 18:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-02-13 21:53 . 2011-02-14 19:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2011-02-13 21:48 . 2011-02-14 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2011-01-21 14:44 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-21 14:44 . 2001-08-23 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-18 03:37 . 2011-01-18 03:38 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-01-18 03:37 . 2011-01-18 03:38 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2011-01-07 14:09 . 2001-08-23 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10 . 2001-08-23 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
    2010-12-22 12:34 . 2001-08-23 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-20 23:59 . 2001-08-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-12-20 23:59 . 2001-08-23 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-12-20 23:59 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-12-20 17:26 . 2001-08-23 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2010-12-20 12:55 . 2008-02-04 02:55 385024 ----a-w- c:\windows\system32\html.iec
    2010-12-09 15:15 . 2001-08-23 12:00 718336 ----a-w- c:\windows\system32\ntdll.dll
    2010-12-09 14:30 . 2001-08-23 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2010-12-09 13:38 . 2001-08-23 12:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-12-09 13:07 . 2001-08-17 13:48 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2008-02-04 04:11 . 2008-02-04 04:10 1491592 ----a-w- c:\program files\install_flash_player.exe
    2005-08-24 00:26 . 2005-08-24 00:26 73728 ----a-w- c:\program files\CheckVer.exe
    2005-08-24 00:26 . 2005-08-24 00:26 151552 ----a-w- c:\program files\AtiCim.bin
    2005-08-24 00:26 . 2005-08-24 00:26 110592 ----a-w- c:\program files\AtiCimUn.exe
    2004-11-29 18:29 . 2004-11-29 18:29 561152 ----a-w- c:\program files\HXFSetup.exe
    2004-11-23 18:57 . 2004-11-23 18:57 280192 ----a-w- c:\program files\camchal.sys
    2004-11-23 18:56 . 2004-11-23 18:56 34048 ----a-w- c:\program files\camcaud.sys
    2004-11-23 18:55 . 2004-11-23 18:55 28672 ----a-w- c:\program files\CIAunWDM.exe
    2004-10-27 15:35 . 2004-10-27 15:35 85 ----a-w- c:\program files\Install.bat
    2004-10-20 11:55 . 2004-10-20 11:55 5952 ----a-w- c:\program files\Dublin_EQ_Final.reg
    2004-08-20 18:54 . 2004-08-20 18:54 417 ----a-w- c:\program files\layout.bin
    2004-06-28 14:35 . 2004-06-28 14:35 69760 ----a-w- c:\program files\Rtlnicxp.sys
    2004-06-28 14:35 . 2004-06-28 14:35 68992 ----a-w- c:\program files\Rtlnic.sys
    2004-04-29 18:07 . 2004-04-29 18:07 32248 ----a-w- c:\program files\caudinst.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=

    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11/16/2009 8:03 AM 108792]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [11/16/2009 8:06 AM 96408]
    R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11/16/2009 8:04 AM 735960]
    R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2/3/2008 9:44 PM 200192]
    .
    .
    ------- Supplementary Scan -------
    .
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Where is the rest of the Combofix log?
     
  7. mylittlefriend

    mylittlefriend TS Rookie Topic Starter

    combofix follow-up

    sorry don't know how the complete log was not attached.
    here it is thanks

    ComboFix 11-02-19.02 - guest account 02/20/2011 9:23.2.1 - x86
    Running from: c:\documents and settings\guest account\Desktop\ComboFix.exe
    AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    .

    ((((((((((((((((((((((((( Files Created from 2011-01-20 to 2011-02-20 )))))))))))))))))))))))))))))))
    .

    2011-02-14 18:32 . 2011-02-14 18:32 -------- d-----w- c:\documents and settings\guest account\Application Data\Malwarebytes
    2011-02-14 18:32 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-02-14 18:32 . 2011-02-14 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-02-14 18:31 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-02-14 18:31 . 2011-02-14 18:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-02-13 21:53 . 2011-02-14 19:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2011-02-13 21:48 . 2011-02-14 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2011-01-21 14:44 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-21 14:44 . 2001-08-23 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-18 03:37 . 2011-01-18 03:38 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-01-18 03:37 . 2011-01-18 03:38 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2011-01-07 14:09 . 2001-08-23 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10 . 2001-08-23 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
    2010-12-22 12:34 . 2001-08-23 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-20 23:59 . 2001-08-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-12-20 23:59 . 2001-08-23 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-12-20 23:59 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-12-20 17:26 . 2001-08-23 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2010-12-20 12:55 . 2008-02-04 02:55 385024 ----a-w- c:\windows\system32\html.iec
    2010-12-09 15:15 . 2001-08-23 12:00 718336 ----a-w- c:\windows\system32\ntdll.dll
    2010-12-09 14:30 . 2001-08-23 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2010-12-09 13:38 . 2001-08-23 12:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-12-09 13:07 . 2001-08-17 13:48 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2008-02-04 04:11 . 2008-02-04 04:10 1491592 ----a-w- c:\program files\install_flash_player.exe
    2005-08-24 00:26 . 2005-08-24 00:26 73728 ----a-w- c:\program files\CheckVer.exe
    2005-08-24 00:26 . 2005-08-24 00:26 151552 ----a-w- c:\program files\AtiCim.bin
    2005-08-24 00:26 . 2005-08-24 00:26 110592 ----a-w- c:\program files\AtiCimUn.exe
    2004-11-29 18:29 . 2004-11-29 18:29 561152 ----a-w- c:\program files\HXFSetup.exe
    2004-11-23 18:57 . 2004-11-23 18:57 280192 ----a-w- c:\program files\camchal.sys
    2004-11-23 18:56 . 2004-11-23 18:56 34048 ----a-w- c:\program files\camcaud.sys
    2004-11-23 18:55 . 2004-11-23 18:55 28672 ----a-w- c:\program files\CIAunWDM.exe
    2004-10-27 15:35 . 2004-10-27 15:35 85 ----a-w- c:\program files\Install.bat
    2004-10-20 11:55 . 2004-10-20 11:55 5952 ----a-w- c:\program files\Dublin_EQ_Final.reg
    2004-08-20 18:54 . 2004-08-20 18:54 417 ----a-w- c:\program files\layout.bin
    2004-06-28 14:35 . 2004-06-28 14:35 69760 ----a-w- c:\program files\Rtlnicxp.sys
    2004-06-28 14:35 . 2004-06-28 14:35 68992 ----a-w- c:\program files\Rtlnic.sys
    2004-04-29 18:07 . 2004-04-29 18:07 32248 ----a-w- c:\program files\caudinst.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2011-02-17_15.59.24 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-02-20 14:09 . 2011-02-20 14:09 16384 c:\windows\Temp\Perflib_Perfdata_7fc.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=

    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11/16/2009 8:03 AM 108792]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [11/16/2009 8:06 AM 96408]
    R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11/16/2009 8:04 AM 735960]
    R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2/3/2008 9:44 PM 200192]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\guest account\Application Data\Mozilla\Firefox\Profiles\cimzn3rz.default\
    FF - prefs.js: browser.startup.homepage - yahoo.ca
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-02-20 09:29
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(728)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(3068)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2011-02-20 09:33:15
    ComboFix-quarantined-files.txt 2011-02-20 14:33
    ComboFix2.txt 2011-02-17 16:02

    Pre-Run: 18,410,242,048 bytes free
    Post-Run: 18,393,505,792 bytes free

    - - End Of File - - 9AD41DFB787DC9331F20BFAF8E230CC4
     
  8. mylittlefriend

    mylittlefriend TS Rookie Topic Starter

    another q

    i had read something about making all hidden files and folders available for scanning and to also disable system restore. i have not done either of these, is it a good idea to re-scan with mbam with the above mentioned items or to leave everything as it is while you look over the issue. thanks
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    There are times when the hidden files and folders have to be made visible to find an entry. This isn't one of them.

    I do not advise disabling System Restore- ever! When the system is clean, I have you set a new, clean restore point, then drop the old ones. There are times when a system can be so corrupt, that the only way to get into it is by using a restore point. So we keep them until the end.

    Years ago, when malware was a little less sophisticated than it is now, we use to turn off System Restore so the restore points didn't get infected. But as time went on, we learned-sometimes the hard way- that even an infected restore point could be better than none! Restore point don't just get used> the user has to invoke a System Restore. So there is no danger unless the user uses that restore point-and we do not advise doing a SR during cleaning.

    I'm taking a dinner break and will be back later to review the Combofix log but I think your 'slow' is going to be from the system/settings/processes rather than malware.
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    So far, there is nothing that I can see that would indicate a cause for a sudden slowdown.

    There were 2 Registry entries found in the Mbam scan for PUM.Disabled.SecurityCenter, but there is no date. PUM stands for Potentially Unwanted Modifications What it detected is not a threat but registry entries that show default settings have been changed so that Windows Security Center will not notify you if your antivirus, firewall or automatic updates have been turned off.

    A user can disable these notifications themselves and maybe this is a more current version of Mbam, if you have run it before. This does not give any reason for the slowdown.

    Perhaps you can compare the slowdown now to what you experienced previously. Is the system taking a much longer time to load? Seconds? Minutes? Is surfing slower? How about shutdown- is that also slower?

    When was the last time you ran a full maintenance cleanup on the system?
    TFC> Temporary File Checker
    Disc Cleanup
    Error Checking
    Defrag
     
  11. mylittlefriend

    mylittlefriend TS Rookie Topic Starter

    summary

    i run ccleaner, disk defrag, defraggler, clean-up regularily with scans through eset nod32 once a week. in terms of eliminating and cleaning out unwanted files i am pretty good at that.
    how has the computer speed changed. it is dramatically different. on boot up, when windows appears, although the machine is 4 years old or something, the boot up time is quick and getting onto my account is quick along with the regular start-up programs i did not feel that the computer was lagging. i do remember the 512 ram i had before that and it was different. i do not feel that webpages were slow to load outside of firefox start-up and did not have any real issues with the computer acting slow.
    now for the last one week things are different. i did not add any new programs. the boot time is very slow. i watch the three little dots on the windows boot and before they went fast without any slow or stoppage. now the three little dots will freeze on the windows boot up for different periods of time, sometimes they stay frozen for up to 15 seconds and they do not move as smoothly. it is more of a stuttered movement with pauses and breaks in the rythym. when i pick my user name and the windows theme music plays before it was quick and smooth( normal) now it breaks up, almost like when someone is hooking up a speaker with the music playing and it feels as if the connection is their then is not. when i pick my user name the cursor moves very slow now almost as if it is delayed in the direction i am moving the mousepad. once windows shows up, the load times of the antivirus internet connection all programs that i have set to start is slow. in terms of time before it would take no more than lets say 30 seconds, now i can go get a glass of water from the kitchen while i wait. the complete boot time seems to have gone from 2-3 minutes tops to over 5-7 easily. now that i am on the computer, there will be times when the cursor barely moves, programs, all programs are very slow to open, sometimes they do not open and i have to re-boot. at times all speeds seem to go back to normal and it is like nothing has happened at all. the cursor will move perfectly, the programs are quick to open, surfing is no problem. then after a couple of minutes the speed comes to a crashing halt. sometimes the programs i have open stop responding i close them with task mgr. and that is when i notice the cpu usage is at 100 percent even when no programs from my end are being used. i have never really had to use task mgr. to close non responding programs outside of firefox now it is a 50-50 everytime i start it up. that a bout sums up how the computer has changed in the last week. i will also post anything else i can think of. thanks
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Sounds like the RAM chips have gone bad. Please see the information on this site for instructions on testing the RAM> http://oca.microsoft.com/en/windiag.asp

    If you need help with this issue, I suggest you start a new thread in the Windows OS forum and give the results of the testing. Let them know you have been in this forum and that the logs indicate this is not a malware problem.

    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...