Inactive Computer became slow 1 day ago, can't complete 8 step virus protocol

Status
Not open for further replies.

mylittlefriend

Posts: 6   +0
hello,

my laptop became extremely slow 1 day ago. i noticed that the mouse was "catching" on the screen, not smooth at all and the load time for starting the computer was longer than i have ever seen it. It is a comaq r4000 with wind. xp. I use eset nod32 anti-virus. i ran the full scan nothing showed up. I checked the resources usage and it is spiking every 20 seconds or so to about 90 percent even without me running anything. I went onto your website and the 8 step virus tool you have and the problem that i am facing is that i cannot keep it from crashing/freezing before i even complete a scan. also i did download spyware doctor and it also did not find anything. the mbam was not able to finish its scan because the screen just froze. i have tried a couple of times along with disabling the anti-virus protection hoping that some resources would be freed up but to no avail am i able to run mbam completely. can someone guide me through this problem.
 
Welcome to TechSpot! This in itself doesn't mean you have malware> unless the system is massively infected.

I checked the resources usage and it is spiking every 20 seconds or so to about 90 percent even without me running anything.
In order to evaluate this, prepare the system for shutdown> close any active Windows and email, but don't shutdown. Do a right click on the Taskbar> Task Manager> Double click on the top frame of the CPU column to sort in Descending order. The only processes you should see using CPU now are: System, System Idle and taskmgr. These 3 should add up to !00% of the CPU. You may have a process with 1-2 in the CPU column but you can ignore that.

Have a look at that and let me know if you see any other high CPU users.

Please tell me how much RAM you have installed and the size of the Hard Drive. You can find this info in the Control Panel> System Properties.

I would also like to know if you have recently downloaded a program or app, music, photos, etc.
 
thanks for the reply back

hello thanks once again. here is what you asked for.

when i get the computer ready for shut down 99 is going for system idle with the odd time that taskmgr gets a few points. those seem to be the only ones using cpu resources. however if i sit and watch it for two minutes i notice that explorer.exe will get up to 12, something called alg.exe will get 8 and jqs.exe gets anywhere from 8-15. that happens sporadically over about a 1 minute period.

i have a 1.77gHz 1.00 GB of RAM with 75 GB HD. it is split into 35 and 40 for storage. I use utorrent but i have had that program on for a while, with no new downloads in a few weeks. no new programs added. the last time i used it when it was fine was streaming some videos, i do not know if anyone else used the computer cuz i left it on in the common room for a day or so.

i was able to run mbam, gmer and dds. i am attaching the logs here. i hope this is ok, i haven't used a forum such as this to post items. let me know.

thanks

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5762

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/14/2011 2:36:11 PM
mbam-log-2011-02-14 (14-36-11).txt

Scan type: Quick scan
Objects scanned: 143738
Time elapsed: 35 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-02-14 15:07:13
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9808211A rev.3.02
Running: twp3y8nb.exe; Driver: C:\DOCUME~1\GUESTA~1\LOCALS~1\Temp\ugtdypob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----


DDS (Ver_10-12-12.02) - NTFSx86
Run by guest account at 15:08:14.78 on Mon 02/14/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.665 [GMT -5:00]

AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\guest account\Desktop\dds.scr

============== Pseudo HJT Report ===============

mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\guesta~1\applic~1\mozilla\firefox\profiles\cimzn3rz.default\
FF - prefs.js: browser.startup.homepage - yahoo.ca
FF - component: c:\program files\pc tools security\bdt\firefox\platform\winnt_x86-msvc\components\libheuristic.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-11-16 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-11-16 96408]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-11-16 735960]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2008-2-3 200192]

=============== Created Last 30 ================

2011-02-14 18:32:56 -------- d-----w- c:\docume~1\guesta~1\applic~1\Malwarebytes
2011-02-14 18:32:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-14 18:32:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-02-14 18:31:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-14 18:31:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-13 21:48:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2011-01-21 14:44:37 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll
2011-01-18 03:38:52 -------- d-----w- c:\documents and settings\guest account\FreePhoneLine
2011-01-18 03:38:43 -------- d-----w- c:\program files\FreePhoneLine
2011-01-18 03:38:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-18 03:38:05 411368 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-18 03:38:05 411368 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-01-17 18:04:12 -------- d-sh--w- c:\documents and settings\guest account\PrivacIE
2011-01-17 18:04:08 -------- d-----w- c:\docume~1\guesta~1\locals~1\applic~1\Google
2011-01-16 16:17:54 -------- d-----w- c:\docume~1\guesta~1\locals~1\applic~1\Identities

==================== Find3M ====================

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38:47 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:05 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2008-02-04 04:11:00 1491592 ----a-w- c:\program files\install_flash_player.exe
2005-08-24 00:26:00 73728 ----a-w- c:\program files\CheckVer.exe
2005-08-24 00:26:00 151552 ----a-w- c:\program files\AtiCim.bin
2005-08-24 00:26:00 110592 ----a-w- c:\program files\AtiCimUn.exe
2004-11-29 18:35:54 567000 ----a-w- c:\program files\Setup.exe
2004-11-29 18:29:02 561152 ----a-w- c:\program files\HXFSetup.exe
2004-11-23 18:57:56 280192 ----a-w- c:\program files\camchal.sys
2004-11-23 18:56:40 34048 ----a-w- c:\program files\camcaud.sys
2004-11-23 18:55:40 28672 ----a-w- c:\program files\CIAunWDM.exe
2004-10-27 15:35:44 85 ----a-w- c:\program files\Install.bat
2004-10-20 11:55:58 5952 ----a-w- c:\program files\Dublin_EQ_Final.reg
2004-08-20 18:54:30 417 ----a-w- c:\program files\layout.bin
2004-06-28 14:35:24 69760 ----a-w- c:\program files\Rtlnicxp.sys
2004-06-28 14:35:06 68992 ----a-w- c:\program files\Rtlnic.sys
2004-04-29 18:07:54 32248 ----a-w- c:\program files\caudinst.dll

============= FINISH: 15:09:56.73 ===============


this is the attach file, not sure if you needed it or not.

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/3/2008 9:17:31 PM
System Uptime: 2/14/2011 2:53:39 PM (1 hours ago)

Motherboard: Hewlett-Packard | | 3085
Processor: AMD Athlon(tm) 64 Processor 3500+ | U23 | 994/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 39 GiB total, 17.273 GiB free.
D: is FIXED (NTFS) - 35 GiB total, 25.484 GiB free.
E: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_3085103C&REV_10\4&13826118&0&30A4
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_3085103C&REV_10\4&13826118&0&30A4
Service: RTL8023xp

==== System Restore Points ===================

RP256: 12/16/2010 9:26:57 PM - Software Distribution Service 3.0
RP257: 12/29/2010 12:27:37 PM - System Checkpoint
RP258: 12/31/2010 6:46:45 PM - System Checkpoint
RP259: 1/11/2011 1:17:18 AM - System Checkpoint
RP260: 1/12/2011 2:05:24 AM - System Checkpoint
RP261: 1/13/2011 3:19:43 PM - System Checkpoint
RP262: 1/14/2011 10:57:17 AM - Software Distribution Service 3.0
RP263: 1/16/2011 2:27:02 PM - System Checkpoint
RP264: 1/17/2011 3:34:42 PM - System Checkpoint
RP265: 1/17/2011 10:37:41 PM - Installed Java(TM) 6 Update 20
RP266: 1/17/2011 10:38:42 PM - Installed FreePhoneLine
RP267: 1/19/2011 12:53:00 AM - System Checkpoint
RP268: 1/20/2011 3:54:31 PM - System Checkpoint
RP269: 1/21/2011 11:09:38 PM - System Checkpoint
RP270: 1/22/2011 11:41:17 PM - System Checkpoint
RP271: 1/24/2011 1:07:45 PM - System Checkpoint
RP272: 1/26/2011 9:32:35 AM - System Checkpoint
RP273: 1/27/2011 1:42:43 PM - System Checkpoint
RP274: 1/28/2011 2:18:55 PM - System Checkpoint
RP275: 1/29/2011 4:35:11 PM - System Checkpoint
RP276: 1/31/2011 3:35:30 PM - System Checkpoint
RP277: 2/1/2011 6:29:00 PM - System Checkpoint
RP278: 2/2/2011 9:13:03 PM - System Checkpoint
RP279: 2/3/2011 11:37:47 PM - System Checkpoint
RP280: 2/5/2011 1:14:31 AM - System Checkpoint
RP281: 2/6/2011 2:39:51 AM - System Checkpoint
RP282: 2/7/2011 10:19:24 AM - System Checkpoint
RP283: 2/9/2011 9:25:09 PM - Software Distribution Service 3.0
RP284: 2/11/2011 9:53:43 AM - System Checkpoint
RP285: 2/12/2011 1:04:59 PM - System Checkpoint
RP286: 2/13/2011 1:16:57 PM - System Checkpoint

==== Installed Programs ======================

µTorrent
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.4.1
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Broadcom 802.11 Wireless LAN Adapter
CCleaner
Conexant AC-Link Audio
Data Fax SoftModem with SmartCP
ESET NOD32 Antivirus
FileMaker Pro 5.5
FreePhoneLine
Google Toolbar for Internet Explorer
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Java Auto Updater
Java(TM) 6 Update 20
K-Lite Codec Pack 4.1.7 (Full)
Malwarebytes' Anti-Malware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.3)
Octoshape add-in for Adobe Flash Player
REALTEK Gigabit and Fast Ethernet NIC Driver
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Spelling Dictionaries Support For Adobe Reader 9
Synaptics Pointing Device Driver
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

2/14/2011 9:30:36 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/14/2011 9:30:34 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
2/14/2011 3:00:04 PM, error: System Error [1003] - Error code 100000c5, parameter1 00083d60, parameter2 00000002, parameter3 00000000, parameter4 805446b2.
2/14/2011 2:47:44 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
2/14/2011 1:20:01 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
2/14/2011 1:20:01 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
2/14/2011 1:20:01 PM, error: Service Control Manager [7034] - The PC Tools Auxiliary Service service terminated unexpectedly. It has done this 1 time(s).
2/14/2011 1:20:01 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
2/14/2011 1:20:01 PM, error: Service Control Manager [7034] - The Browser Defender Update Service service terminated unexpectedly. It has done this 1 time(s).
2/14/2011 1:20:01 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
2/14/2011 1:20:01 PM, error: Service Control Manager [7022] - The PC Tools Security Service service hung on starting.
2/13/2011 11:49:21 AM, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.
2/12/2011 12:34:14 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
2/12/2011 12:33:33 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

==== End Of File ===========================
 
jqs.exe is Java Quick Starter. I'll have you disable the Service.
explorer.exe is the Windows File System Manager and Desktop
alg.exe is the Abstraction Layer Gateway. This file provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
These are all legitimate processes. But as we say, malware can hide behind almost any process name.
Moderate increases in any of these is nothing to be worried about.
But I will promise you something: If you sit and watch the processes in the Task Manager for extended periods, you will most likely lose part of your mind!

I think I might wonder about this one: FreePhoneLine
And no matter how you whitewash uTorrent or any other files sharing programs, they are still a major contributor of malware.
====================================
I wonder how it was that you could run the scans after all? I'd like you to do 2 more:

Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Click on "Copy to Clipboard"> (you won't see the 'clipboard)
  10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
  11. Re-enable your Antivirus software.
    NOTE: If you forget to copy to the clipboard, you can find the log here:
    C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
==============================
Download Combofix to your desktop from one of these locations:
Link 1
Link 2
http://www.forospyware.com/sUBs/ComboFix.exe
  • Double click combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Query- Recovery Console image
    RcAuto1.gif

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes it will open a text window. Please paste that log in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 
eset and combofix follow-up

hello

i removed both freephoneline and utorrent from the laptop. in order to get the scans to work what i did was, keep in mind i do not even know if what i did would ahve worked, so what i did was to diasable my antivirus, disconnect from the internet and run the computer in safemode. that was the only way because as i had mentioned earlier the computer was freezing. as you instructed i ran eset online scanner and combofix here are the results. one thing though is that i already use eset nod32 as my antivirus, but i still did the online scanner.

once again i appreciate your time and help very much as this has become quite frustating. if there is anything else required please do let me know. thanks once again.


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=b5ab2af698cf3043afa6a75d87f2193f
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-02-17 03:22:28
# local_time=2011-02-17 10:22:28 (-0500, Eastern Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8199 39157157 100 100 0 38656636 0 0
# scanned=45386
# found=0
# cleaned=0
# scan_time=5349
# nod_component=V3 Build:0x30000000


ComboFix 11-02-16.05 - guest account 02/17/2011 10:53:18.1.1 - x86
Running from: c:\documents and settings\guest account\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Setup.exe

.
((((((((((((((((((((((((( Files Created from 2011-01-17 to 2011-02-17 )))))))))))))))))))))))))))))))
.

2011-02-14 18:32 . 2011-02-14 18:32 -------- d-----w- c:\documents and settings\guest account\Application Data\Malwarebytes
2011-02-14 18:32 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-14 18:32 . 2011-02-14 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-02-14 18:31 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-14 18:31 . 2011-02-14 18:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-13 21:53 . 2011-02-14 19:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-02-13 21:48 . 2011-02-14 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-01-21 14:44 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2001-08-23 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-18 03:37 . 2011-01-18 03:38 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-18 03:37 . 2011-01-18 03:38 411368 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-07 14:09 . 2001-08-23 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2001-08-23 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2001-08-23 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2001-08-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2001-08-23 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2001-08-23 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2008-02-04 02:55 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2001-08-23 12:00 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2001-08-23 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38 . 2001-08-23 12:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2001-08-17 13:48 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2008-02-04 04:11 . 2008-02-04 04:10 1491592 ----a-w- c:\program files\install_flash_player.exe
2005-08-24 00:26 . 2005-08-24 00:26 73728 ----a-w- c:\program files\CheckVer.exe
2005-08-24 00:26 . 2005-08-24 00:26 151552 ----a-w- c:\program files\AtiCim.bin
2005-08-24 00:26 . 2005-08-24 00:26 110592 ----a-w- c:\program files\AtiCimUn.exe
2004-11-29 18:29 . 2004-11-29 18:29 561152 ----a-w- c:\program files\HXFSetup.exe
2004-11-23 18:57 . 2004-11-23 18:57 280192 ----a-w- c:\program files\camchal.sys
2004-11-23 18:56 . 2004-11-23 18:56 34048 ----a-w- c:\program files\camcaud.sys
2004-11-23 18:55 . 2004-11-23 18:55 28672 ----a-w- c:\program files\CIAunWDM.exe
2004-10-27 15:35 . 2004-10-27 15:35 85 ----a-w- c:\program files\Install.bat
2004-10-20 11:55 . 2004-10-20 11:55 5952 ----a-w- c:\program files\Dublin_EQ_Final.reg
2004-08-20 18:54 . 2004-08-20 18:54 417 ----a-w- c:\program files\layout.bin
2004-06-28 14:35 . 2004-06-28 14:35 69760 ----a-w- c:\program files\Rtlnicxp.sys
2004-06-28 14:35 . 2004-06-28 14:35 68992 ----a-w- c:\program files\Rtlnic.sys
2004-04-29 18:07 . 2004-04-29 18:07 32248 ----a-w- c:\program files\caudinst.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11/16/2009 8:03 AM 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [11/16/2009 8:06 AM 96408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11/16/2009 8:04 AM 735960]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2/3/2008 9:44 PM 200192]
.
.
------- Supplementary Scan -------
.
 
combofix follow-up

sorry don't know how the complete log was not attached.
here it is thanks

ComboFix 11-02-19.02 - guest account 02/20/2011 9:23.2.1 - x86
Running from: c:\documents and settings\guest account\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Files Created from 2011-01-20 to 2011-02-20 )))))))))))))))))))))))))))))))
.

2011-02-14 18:32 . 2011-02-14 18:32 -------- d-----w- c:\documents and settings\guest account\Application Data\Malwarebytes
2011-02-14 18:32 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-14 18:32 . 2011-02-14 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-02-14 18:31 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-14 18:31 . 2011-02-14 18:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-13 21:53 . 2011-02-14 19:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-02-13 21:48 . 2011-02-14 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-01-21 14:44 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2001-08-23 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-18 03:37 . 2011-01-18 03:38 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-18 03:37 . 2011-01-18 03:38 411368 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-07 14:09 . 2001-08-23 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2001-08-23 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2001-08-23 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2001-08-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2001-08-23 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2001-08-23 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2008-02-04 02:55 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2001-08-23 12:00 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2001-08-23 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38 . 2001-08-23 12:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2001-08-17 13:48 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2008-02-04 04:11 . 2008-02-04 04:10 1491592 ----a-w- c:\program files\install_flash_player.exe
2005-08-24 00:26 . 2005-08-24 00:26 73728 ----a-w- c:\program files\CheckVer.exe
2005-08-24 00:26 . 2005-08-24 00:26 151552 ----a-w- c:\program files\AtiCim.bin
2005-08-24 00:26 . 2005-08-24 00:26 110592 ----a-w- c:\program files\AtiCimUn.exe
2004-11-29 18:29 . 2004-11-29 18:29 561152 ----a-w- c:\program files\HXFSetup.exe
2004-11-23 18:57 . 2004-11-23 18:57 280192 ----a-w- c:\program files\camchal.sys
2004-11-23 18:56 . 2004-11-23 18:56 34048 ----a-w- c:\program files\camcaud.sys
2004-11-23 18:55 . 2004-11-23 18:55 28672 ----a-w- c:\program files\CIAunWDM.exe
2004-10-27 15:35 . 2004-10-27 15:35 85 ----a-w- c:\program files\Install.bat
2004-10-20 11:55 . 2004-10-20 11:55 5952 ----a-w- c:\program files\Dublin_EQ_Final.reg
2004-08-20 18:54 . 2004-08-20 18:54 417 ----a-w- c:\program files\layout.bin
2004-06-28 14:35 . 2004-06-28 14:35 69760 ----a-w- c:\program files\Rtlnicxp.sys
2004-06-28 14:35 . 2004-06-28 14:35 68992 ----a-w- c:\program files\Rtlnic.sys
2004-04-29 18:07 . 2004-04-29 18:07 32248 ----a-w- c:\program files\caudinst.dll
.

((((((((((((((((((((((((((((( SnapShot@2011-02-17_15.59.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-20 14:09 . 2011-02-20 14:09 16384 c:\windows\Temp\Perflib_Perfdata_7fc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11/16/2009 8:03 AM 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [11/16/2009 8:06 AM 96408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11/16/2009 8:04 AM 735960]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2/3/2008 9:44 PM 200192]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\guest account\Application Data\Mozilla\Firefox\Profiles\cimzn3rz.default\
FF - prefs.js: browser.startup.homepage - yahoo.ca
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-20 09:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3068)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-02-20 09:33:15
ComboFix-quarantined-files.txt 2011-02-20 14:33
ComboFix2.txt 2011-02-17 16:02

Pre-Run: 18,410,242,048 bytes free
Post-Run: 18,393,505,792 bytes free

- - End Of File - - 9AD41DFB787DC9331F20BFAF8E230CC4
 
another q

i had read something about making all hidden files and folders available for scanning and to also disable system restore. i have not done either of these, is it a good idea to re-scan with mbam with the above mentioned items or to leave everything as it is while you look over the issue. thanks
 
There are times when the hidden files and folders have to be made visible to find an entry. This isn't one of them.

I do not advise disabling System Restore- ever! When the system is clean, I have you set a new, clean restore point, then drop the old ones. There are times when a system can be so corrupt, that the only way to get into it is by using a restore point. So we keep them until the end.

Years ago, when malware was a little less sophisticated than it is now, we use to turn off System Restore so the restore points didn't get infected. But as time went on, we learned-sometimes the hard way- that even an infected restore point could be better than none! Restore point don't just get used> the user has to invoke a System Restore. So there is no danger unless the user uses that restore point-and we do not advise doing a SR during cleaning.

I'm taking a dinner break and will be back later to review the Combofix log but I think your 'slow' is going to be from the system/settings/processes rather than malware.
 
So far, there is nothing that I can see that would indicate a cause for a sudden slowdown.

There were 2 Registry entries found in the Mbam scan for PUM.Disabled.SecurityCenter, but there is no date. PUM stands for Potentially Unwanted Modifications What it detected is not a threat but registry entries that show default settings have been changed so that Windows Security Center will not notify you if your antivirus, firewall or automatic updates have been turned off.

A user can disable these notifications themselves and maybe this is a more current version of Mbam, if you have run it before. This does not give any reason for the slowdown.

Perhaps you can compare the slowdown now to what you experienced previously. Is the system taking a much longer time to load? Seconds? Minutes? Is surfing slower? How about shutdown- is that also slower?

When was the last time you ran a full maintenance cleanup on the system?
TFC> Temporary File Checker
Disc Cleanup
Error Checking
Defrag
 
summary

i run ccleaner, disk defrag, defraggler, clean-up regularily with scans through eset nod32 once a week. in terms of eliminating and cleaning out unwanted files i am pretty good at that.
how has the computer speed changed. it is dramatically different. on boot up, when windows appears, although the machine is 4 years old or something, the boot up time is quick and getting onto my account is quick along with the regular start-up programs i did not feel that the computer was lagging. i do remember the 512 ram i had before that and it was different. i do not feel that webpages were slow to load outside of firefox start-up and did not have any real issues with the computer acting slow.
now for the last one week things are different. i did not add any new programs. the boot time is very slow. i watch the three little dots on the windows boot and before they went fast without any slow or stoppage. now the three little dots will freeze on the windows boot up for different periods of time, sometimes they stay frozen for up to 15 seconds and they do not move as smoothly. it is more of a stuttered movement with pauses and breaks in the rythym. when i pick my user name and the windows theme music plays before it was quick and smooth( normal) now it breaks up, almost like when someone is hooking up a speaker with the music playing and it feels as if the connection is their then is not. when i pick my user name the cursor moves very slow now almost as if it is delayed in the direction i am moving the mousepad. once windows shows up, the load times of the antivirus internet connection all programs that i have set to start is slow. in terms of time before it would take no more than lets say 30 seconds, now i can go get a glass of water from the kitchen while i wait. the complete boot time seems to have gone from 2-3 minutes tops to over 5-7 easily. now that i am on the computer, there will be times when the cursor barely moves, programs, all programs are very slow to open, sometimes they do not open and i have to re-boot. at times all speeds seem to go back to normal and it is like nothing has happened at all. the cursor will move perfectly, the programs are quick to open, surfing is no problem. then after a couple of minutes the speed comes to a crashing halt. sometimes the programs i have open stop responding i close them with task mgr. and that is when i notice the cpu usage is at 100 percent even when no programs from my end are being used. i have never really had to use task mgr. to close non responding programs outside of firefox now it is a 50-50 everytime i start it up. that a bout sums up how the computer has changed in the last week. i will also post anything else i can think of. thanks
 
Sounds like the RAM chips have gone bad. Please see the information on this site for instructions on testing the RAM> http://oca.microsoft.com/en/windiag.asp

If you need help with this issue, I suggest you start a new thread in the Windows OS forum and give the results of the testing. Let them know you have been in this forum and that the logs indicate this is not a malware problem.

Removing all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
  • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
  • Go to Start > All Programs > Accessories > System Tools
  • Click "System Restore".
  • Choose "Create a Restore Point" on the first screen then click "Next".
  • Give the Restore Point a name> click "Create".
  • Go back and follow the path to > System Tools.
    [*]Choose Disc Cleanup
    [*]Click "OK" to select the partition or drive you want.
    [*]Click the "More Options" Tab.
    [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


Empty the Recycle Bin
 
Status
Not open for further replies.
Back