Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Laptop has come to a crawl and is stalling, please help.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Laptop has come to a crawl and is stalling, please help.

Unread postby PopaTom » December 22nd, 2009, 9:12 pm

[b][/b]Hello again,
Laptop (1) has come to a crawl. I am still getting "redirect and action cancelled" windows.
TYIA in advance for your help. PopaTom
**********************************************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:10:10 PM, on 12/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\ScottradeELITE\ScottradeELITEClientUpdater.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6. ... ontrol.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8942.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6331 bytes
PopaTom
Regular Member
 
Posts: 69
Joined: November 27th, 2009, 6:39 pm
Advertisement
Register to Remove

Re: Laptop has come to a crawl and is stalling, please help.

Unread postby MWR 3 day Mod » December 25th, 2009, 11:43 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Laptop has come to a crawl and is stalling, please help.

Unread postby Blade81 » December 28th, 2009, 10:00 am

Hi PopaTom,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.


Download GMER here by clicking download exe -button and then saving it your desktop:
  • Double-click .exe that you downloaded
  • Click rootkit-tab and then scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Laptop has come to a crawl and is stalling, please help.

Unread postby PopaTom » December 28th, 2009, 1:56 pm

Hi Blade 81,
First of all I want to thank you for respoding to my post. Here are the DDS files you requested.
The GMER files will be included in the next post.

****************************************************************************************

DDS (Ver_09-12-01.01) - NTFSx86
Run by Thomas H. Pean at 10:37:04.92 on Mon 12/28/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.427 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\bqaibfnfg\atisvc_cifhvgia.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\bqaibfnfg\atisvc_cifhvgia.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\bqaibfnfg\atisvc_cifhvgia.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Thomas H. Pean\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\thomas~1.pea\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\thomas~1.pea\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6. ... ontrol.CAB
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resour ... se8942.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-28 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-22 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-22 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-22 360584]
R2 atisvc_cifhvgia;atisvc_cifhvgia;c:\windows\system32\bqaibfnfg\atisvc_cifhvgia.exe [2009-12-25 441140]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-12-22 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-12-22 285392]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [2008-8-20 168192]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [2008-8-20 142976]

=============== Created Last 30 ================

2009-12-25 15:15:51 0 d-----w- c:\program files\PokerStars
2009-12-25 09:28:54 0 d-----w- c:\windows\system32\bqaibfnfg
2009-12-25 09:11:45 0 d-----w- c:\program files\Skyhook Wireless
2009-12-22 22:19:49 0 d--h--w- C:\$AVG
2009-12-22 22:19:20 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-22 22:19:19 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-22 22:19:13 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-22 22:18:59 0 d-----w- c:\windows\system32\drivers\Avg
2009-12-22 22:18:33 0 d-----w- c:\program files\AVG
2009-12-22 22:18:29 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-12-17 04:18:45 0 d-----w- c:\docume~1\alluse~1\applic~1\AT&T
2009-12-16 23:26:44 0 d-----w- c:\windows\SxsCaPendDel
2009-12-16 22:54:16 0 d-----w- c:\windows\pss
2009-12-14 12:28:34 0 d-----w- c:\docume~1\thomas~1.pea\applic~1\MailWasherPro
2009-12-14 12:26:07 0 d-----w- c:\docume~1\thomas~1.pea\applic~1\WinPatrol
2009-12-14 12:25:53 0 d-----w- c:\program files\BillP Studios
2009-12-12 18:04:56 0 d-----w- c:\program files\Secunia
2009-12-12 17:36:01 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-12 16:51:29 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-12-12 16:51:29 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-12 14:53:16 0 d-----w- c:\docume~1\thomas~1.pea\applic~1\Malwarebytes
2009-12-12 14:53:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-12 14:53:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-12 14:53:09 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-12 14:53:09 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-12 14:21:43 0 d-----w- c:\windows\system32\scripting
2009-12-12 14:21:42 0 d-----w- c:\windows\l2schemas
2009-12-12 14:21:40 0 d-----w- c:\windows\system32\en
2009-12-12 14:21:40 0 d-----w- c:\windows\system32\bits
2009-12-12 14:14:28 0 d-----w- c:\windows\network diagnostic
2009-12-11 00:20:19 0 d-----w- c:\program files\ESET
2009-12-11 00:07:19 0 d-----w- c:\program files\Yahoo!
2009-12-11 00:07:15 0 d-----w- c:\program files\CCleaner
2009-12-10 15:59:13 0 d-----w- c:\program files\NinjaTrader 6.5
2009-12-09 13:24:54 98304 ----a-w- c:\windows\system32\NtDirect.dll
2009-11-29 21:57:55 0 d-----w- c:\docume~1\thomas~1.pea\applic~1\IObit
2009-11-29 21:57:54 0 d-----w- c:\program files\IObit
2009-11-29 20:42:33 0 d-----w- c:\docume~1\alluse~1\applic~1\XoftSpySE
2009-11-28 18:01:55 15880 ----a-w- c:\windows\system32\lsdelete.exe

==================== Find3M ====================

2009-12-25 09:29:16 2146213 ----a-w- C:\1235700.dll
2009-11-28 17:28:55 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-31 01:09:42 13696 ----a-w- c:\windows\system32\drivers\wpsnuio.sys
2009-10-29 07:46:59 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46:50 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll

============= FINISH: 10:37:50.05 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 4/5/2009 3:52:17 PM
System Uptime: 12/28/2009 3:33:02 AM (7 hours ago)

Motherboard: Dell Inc. | | 0KD882
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | Microprocessor | 1664/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 31 GiB total, 18.174 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP123: 12/12/2009 6:27:00 AM - clean121209
RP124: 12/12/2009 6:44:13 AM - Software Distribution Service 3.0
RP125: 12/12/2009 6:51:11 AM - Installed Windows XP KB932823-v3.
RP126: 12/12/2009 6:57:28 AM - Software Distribution Service 3.0
RP127: 12/12/2009 7:01:40 AM - Software Distribution Service 3.0
RP128: 12/12/2009 9:51:02 AM - Installed Java(TM) 6 Update 17
RP129: 12/12/2009 10:36:59 AM - Software Distribution Service 3.0
RP130: 12/12/2009 11:16:46 AM - Installed WinZip 14.0
RP131: 12/14/2009 9:18:08 AM - System Checkpoint
RP132: 12/15/2009 10:19:41 AM - System Checkpoint
RP133: 12/16/2009 10:28:42 AM - System Checkpoint
RP134: 12/16/2009 4:27:32 PM - Installed AVG 9.0
RP135: 12/16/2009 5:16:35 PM - Installed AVG 9.0
RP136: 12/16/2009 5:34:33 PM - Installed AVG Free 9.0
RP137: 12/16/2009 7:29:26 PM - Installed AVG Free 9.0
RP138: 12/16/2009 9:17:18 PM - Removed AT&T Communication Manager.
RP139: 12/18/2009 10:23:47 AM - System Checkpoint
RP140: 12/22/2009 3:04:53 PM - Installed AVG Free 9.0
RP141: 12/22/2009 3:18:29 PM - Installed AVG Free 9.0
RP142: 12/24/2009 4:07:45 PM - Avg8 Update
RP143: 12/24/2009 5:58:29 PM - Installed Adobe Reader 9.2.
RP144: 12/25/2009 7:31:17 AM - Tom2-12-25-2009
RP145: 12/25/2009 10:24:55 AM - Restore Operation
RP146: 12/25/2009 10:39:58 AM - Installed Microsoft Fix it 50267
RP147: 12/28/2009 4:14:21 AM - System Checkpoint

==== Installed Programs ======================

Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.2
AVG Free 9.0
Broadcom 440x 10/100 Integrated Controller
CCleaner
Conexant HDA D110 MDC V.92 Modem
Dell Wireless WLAN Card
Driver Installer
ERUNT 1.1j
ESET Online Scanner v3
ESPNMotion
GemMaster Mystic
Google Toolbar for Internet Explorer
GoToAssist 8.0.0.514
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 17
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Visual C++ 2005 Redistributable
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
NinjaTrader 6.5
Otto
PokerStars
Secunia PSI
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SigmaTel Audio
Smart Defrag
Sonic Encoders
Sound Blaster ADVANCED MB Drivers
SpywareBlaster 4.2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinPatrol 2009
WinZip 14.0

==== Event Viewer Messages From Past Week ========

12/26/2009 10:58:56 AM, error: Dhcp [1002] - The IP address lease 192.168.2.4 for the Network Card with network address 0016CE720D5A has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
12/25/2009 7:31:48 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}
12/25/2009 2:04:24 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'avgcorex.dll.old' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.

==== End Of File ===========================
Last edited by PopaTom on December 28th, 2009, 3:06 pm, edited 1 time in total.
PopaTom
Regular Member
 
Posts: 69
Joined: November 27th, 2009, 6:39 pm

Re: Laptop has come to a crawl and is stalling, please help.

Unread postby PopaTom » December 28th, 2009, 1:56 pm

Hi Blade81,
Sorry, but I was unable to save the Gmer file. I tried several times but the PC was not willing to let me save it to the desktop or anywhere else for that matter. I blue screened once and the rest of the time it would more or less freeze up.
PopaTom
Last edited by PopaTom on December 29th, 2009, 2:43 am, edited 1 time in total.
PopaTom
Regular Member
 
Posts: 69
Joined: November 27th, 2009, 6:39 pm

Re: Laptop has come to a crawl and is stalling, please help.

Unread postby Blade81 » December 28th, 2009, 4:59 pm

Yes, that's ok :)

Have you run GMER yet?
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Laptop has come to a crawl and is stalling, please help.

Unread postby PopaTom » December 29th, 2009, 2:49 am

Hi Blade81,
Yes I ran it several times but was unable to save it. I explained in my previous post which edited just as you checked in I guess. I have been trying to save it all day. Sorry
PopaTom
Regular Member
 
Posts: 69
Joined: November 27th, 2009, 6:39 pm

Re: Laptop has come to a crawl and is stalling, please help.

Unread postby Blade81 » December 29th, 2009, 11:08 am

Hi,

Please uncheck devices and sections in GMER options and see if you're able to finish the scan.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Laptop has come to a crawl and is stalling, please help.

Unread postby PopaTom » December 30th, 2009, 1:22 am

Hi Blade81,
After trying for hours and racking up another couple of blue screens again today I decided to go into "Control Panel", and remove the following programs; MALWAREBYTES; AVG; SPYBLASTER; ERUNT; ADAWARE; and WINPATROL.

The reason I did this is because every time I blue screened MSFT told me it was crashing because of a "Device Driver. I think it was probably AVG but didnt want to spend a lot of time eliminating each program. I also suspect that a Hoist program I d/l may be causing the "redirect and Action Cancelled" windows to pop up when I am surfing the net.?????

And then I had to use Notepad to copy the GMER file and transfer it to MR because Notebook would freeze up.

Thank You for being so patience.

PopaTom

**********************************************************
gmerscan.zip
You do not have the required permissions to view the files attached to this post.
PopaTom
Regular Member
 
Posts: 69
Joined: November 27th, 2009, 6:39 pm

Re: Laptop has come to a crawl and is stalling, please help.

Unread postby Blade81 » December 30th, 2009, 2:20 am

Thanks for the log :)

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.


Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Laptop has come to a crawl and is stalling, please help.

Unread postby PopaTom » December 30th, 2009, 11:22 am

Hi Blade81,
Happy Hunting.

**********************************************************


ComboFix 09-12-29.05 - Thomas H. Pean 12/30/2009 8:03.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.630 [GMT -7:00]
Running from: c:\documents and settings\Thomas H. Pean\Desktop\123456789.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\1235700.dll
c:\windows\kb913800.exe
c:\windows\system32\bqaibfnfg\ATIDLL_qahaiajb.dll
c:\windows\system32\bqaibfnfg\AWTKernel32_kebabbgd.dll
c:\windows\system32\bqaibfnfg\mca_cguacrdhk.dll
c:\windows\system32\bqaibfnfg\mcmsg_hgtvzlqr.dll
c:\windows\system32\bqaibfnfg\mcy_llnmfgjc.dll

.
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-30 )))))))))))))))))))))))))))))))
.

2009-12-25 15:15 . 2009-12-25 23:35 -------- d-----w- c:\program files\PokerStars
2009-12-25 09:28 . 2009-12-30 15:06 -------- d-----w- c:\windows\system32\bqaibfnfg
2009-12-25 09:11 . 2009-12-25 09:11 -------- d-----w- c:\program files\Skyhook Wireless
2009-12-25 00:59 . 2009-12-25 00:59 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2009-12-25 00:58 . 2009-12-25 17:22 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-25 00:58 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\Thomas H. Pean\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-25 00:57 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-25 00:57 . 2009-12-25 00:57 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-25 00:56 . 2009-12-25 00:56 -------- d-----w- c:\documents and settings\Thomas H. Pean\Local Settings\Application Data\Adobe
2009-12-25 00:56 . 2009-12-25 00:56 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-12-24 23:07 . 2009-12-22 22:18 3776280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2009-12-24 23:07 . 2009-12-22 22:18 4043032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2009-12-24 23:07 . 2009-12-22 22:18 916248 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2009-12-24 23:07 . 2009-12-22 22:18 3967256 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-12-24 23:07 . 2009-12-22 22:18 2352920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgresf.dll
2009-12-22 22:19 . 2009-12-22 22:19 -------- d-----w- C:\$AVG
2009-12-22 22:18 . 2009-12-22 22:18 -------- d-----w- c:\program files\AVG
2009-12-22 22:18 . 2009-12-29 19:47 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-18 06:49 . 2009-12-18 06:49 -------- d-----w- c:\documents and settings\Sue Pean
2009-12-17 04:18 . 2009-12-17 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\AT&T
2009-12-16 23:26 . 2009-12-17 03:14 -------- d-----w- c:\windows\SxsCaPendDel
2009-12-14 12:28 . 2009-12-14 12:57 -------- d-----w- c:\documents and settings\Thomas H. Pean\Application Data\MailWasherPro
2009-12-14 12:26 . 2009-12-14 12:26 -------- d-----w- c:\documents and settings\Thomas H. Pean\Application Data\WinPatrol
2009-12-14 12:26 . 2009-04-05 22:47 0 ----a-w- c:\documents and settings\Thomas H. Pean\Application Data\WinPatrol\Config.sys
2009-12-14 12:26 . 2009-04-05 22:47 0 ----a-w- c:\documents and settings\Thomas H. Pean\Application Data\WinPatrol\Autoexec.bat
2009-12-14 12:25 . 2009-12-14 12:25 -------- d-----w- c:\program files\BillP Studios
2009-12-12 18:17 . 2009-12-12 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-12-12 17:36 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-12 16:52 . 2009-12-12 16:52 -------- d-----w- c:\windows\Sun
2009-12-12 16:51 . 2009-12-12 16:51 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-12 16:51 . 2009-12-12 16:51 -------- d-----w- c:\program files\Java
2009-12-12 16:50 . 2009-12-12 16:50 152576 ----a-w- c:\documents and settings\Thomas H. Pean\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-12 16:50 . 2009-12-12 16:50 79488 ----a-w- c:\documents and settings\Thomas H. Pean\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-12 14:53 . 2009-12-12 14:53 -------- d-----w- c:\documents and settings\Thomas H. Pean\Application Data\Malwarebytes
2009-12-12 14:53 . 2009-12-12 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-12 14:21 . 2009-12-12 14:21 -------- d-----w- c:\windows\system32\scripting
2009-12-12 14:21 . 2009-12-12 14:21 -------- d-----w- c:\windows\l2schemas
2009-12-12 14:21 . 2009-12-12 14:21 -------- d-----w- c:\windows\system32\en
2009-12-12 14:21 . 2009-12-12 14:21 -------- d-----w- c:\windows\system32\bits
2009-12-11 00:20 . 2009-12-11 00:20 -------- d-----w- c:\program files\ESET
2009-12-11 00:07 . 2009-12-11 00:07 -------- d-----w- c:\documents and settings\Thomas H. Pean\Application Data\Yahoo!
2009-12-11 00:07 . 2009-12-11 01:17 -------- d-----w- c:\program files\Yahoo!
2009-12-11 00:07 . 2009-12-11 00:07 -------- d-----w- c:\program files\CCleaner
2009-12-10 16:18 . 2009-12-10 16:18 -------- d-----w- c:\documents and settings\Thomas H. Pean\Local Settings\Application Data\ICS
2009-12-10 15:59 . 2009-12-18 06:49 -------- d-----w- c:\program files\NinjaTrader 6.5
2009-12-09 13:24 . 2009-12-09 13:24 98304 ----a-w- c:\windows\system32\NtDirect.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-29 19:54 . 2009-11-28 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-25 23:24 . 2009-04-06 06:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-25 09:06 . 2009-07-17 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-12-22 21:49 . 2009-04-06 06:43 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-12-14 11:55 . 2009-04-11 15:07 15056 ----a-w- c:\documents and settings\Thomas H. Pean\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-12 14:25 . 2009-04-05 22:45 87747 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-29 21:57 . 2009-11-29 21:57 -------- d-----w- c:\documents and settings\Thomas H. Pean\Application Data\IObit
2009-11-29 21:57 . 2009-11-29 21:57 -------- d-----w- c:\program files\IObit
2009-11-29 20:54 . 2009-11-28 04:39 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-11-29 20:54 . 2009-11-28 04:39 -------- d-----w- c:\program files\AVS4YOU
2009-11-29 20:42 . 2009-11-29 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE
2009-11-28 17:28 . 2009-11-28 17:29 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-28 16:13 . 2009-11-28 16:13 -------- d-----w- c:\program files\Windows Live Safety Center
2009-11-28 04:39 . 2009-11-28 04:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-11-28 04:39 . 2009-11-28 04:39 -------- d-----w- c:\documents and settings\Thomas H. Pean\Application Data\AVS4YOU
2009-11-26 19:35 . 2009-11-26 19:35 -------- d-----w- c:\program files\Trend Micro
2009-11-21 15:51 . 2004-08-10 11:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-31 01:09 . 2009-06-12 20:52 13696 ----a-w- c:\windows\system32\drivers\wpsnuio.sys
2009-10-29 07:46 . 2006-03-04 03:33 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-10 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2004-08-10 11:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:38 . 2004-08-10 11:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-10 11:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-10 11:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-10 11:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-10 11:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-10 11:00 79872 ----a-w- c:\windows\system32\raschap.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-06 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-10 2183168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-12 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-04-06 05:56 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NinjaTrader 6.5\\bin\\NinjaTrader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 atisvc_cifhvgia;atisvc_cifhvgia;c:\windows\system32\bqaibfnfg\atisvc_cifhvgia.exe [12/25/2009 2:29 AM 441140]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [8/20/2008 1:35 PM 168192]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [8/20/2008 1:36 PM 142976]
.
Contents of the 'Scheduled Tasks' folder

2009-11-29 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-11-29 20:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6. ... ontrol.CAB
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-30 08:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(884)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(3284)
c:\windows\system32\WININET.dll
c:\windows\system32\bqaibfnfg\mcie_bdzbwebe.dll
c:\windows\system32\bqaibfnfg\mcapp_ibpjdxny.dll
c:\windows\system32\bqaibfnfg\mcgc_cfntgkpc.dll
c:\windows\system32\bqaibfnfg\mcsc_dnclnlmj.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2009-12-30 08:13:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-30 15:13

Pre-Run: 19,708,338,176 bytes free
Post-Run: 20,499,169,280 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - A1CC336CED2F17BC4BAC4195E2B6D82B
PopaTom
Regular Member
 
Posts: 69
Joined: November 27th, 2009, 6:39 pm

Re: Laptop has come to a crawl and is stalling, please help.

Unread postby Blade81 » December 30th, 2009, 12:22 pm

Could you post a fresh dds log too, please? :)
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Laptop has come to a crawl and is stalling, please help.

Unread postby PopaTom » December 30th, 2009, 4:23 pm

Hello Blade81,

*******************
DDS (Ver_09-12-01.01) - NTFSx86
Run by Thomas H. Pean at 13:20:00.10 on Wed 12/30/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.449 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\bqaibfnfg\atisvc_cifhvgia.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\bqaibfnfg\atisvc_cifhvgia.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\bqaibfnfg\atisvc_cifhvgia.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\ScottradeELITE\ScottradeELITEClientUpdater.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Thomas H. Pean\Local Settings\Temporary Internet Files\Content.IE5\E10KO01T\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6. ... ontrol.CAB
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resour ... se8942.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-30 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-30 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-30 360584]
R2 atisvc_cifhvgia;atisvc_cifhvgia;c:\windows\system32\bqaibfnfg\atisvc_cifhvgia.exe [2009-12-25 441140]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-12-30 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-12-30 285392]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [2008-8-20 168192]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [2008-8-20 142976]

=============== Created Last 30 ================

2009-12-30 16:58:15 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-30 16:58:15 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-30 16:58:08 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-30 16:57:57 0 d-----w- c:\windows\system32\drivers\Avg
2009-12-30 16:57:54 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-12-30 16:47:20 2146213 ----a-w- C:\1235700.dll
2009-12-30 15:02:25 0 d-sha-r- C:\cmdcons
2009-12-30 15:00:38 98816 ----a-w- c:\windows\sed.exe
2009-12-30 15:00:38 77312 ----a-w- c:\windows\MBR.exe
2009-12-30 15:00:38 261632 ----a-w- c:\windows\PEV.exe
2009-12-30 15:00:38 161792 ----a-w- c:\windows\SWREG.exe
2009-12-25 15:15:51 0 d-----w- c:\program files\PokerStars
2009-12-25 09:28:54 0 d-----w- c:\windows\system32\bqaibfnfg
2009-12-25 09:11:45 0 d-----w- c:\program files\Skyhook Wireless
2009-12-22 22:19:49 0 d-----w- C:\$AVG
2009-12-22 22:18:33 0 d-----w- c:\program files\AVG
2009-12-22 22:18:29 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-12-17 04:18:45 0 d-----w- c:\docume~1\alluse~1\applic~1\AT&T
2009-12-16 23:26:44 0 d-----w- c:\windows\SxsCaPendDel
2009-12-16 22:54:16 0 d-----w- c:\windows\pss
2009-12-14 12:28:34 0 d-----w- c:\docume~1\thomas~1.pea\applic~1\MailWasherPro
2009-12-14 12:26:07 0 d-----w- c:\docume~1\thomas~1.pea\applic~1\WinPatrol
2009-12-14 12:25:53 0 d-----w- c:\program files\BillP Studios
2009-12-12 17:36:01 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-12 16:51:29 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-12-12 16:51:29 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-12 14:53:16 0 d-----w- c:\docume~1\thomas~1.pea\applic~1\Malwarebytes
2009-12-12 14:53:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-12 14:21:43 0 d-----w- c:\windows\system32\scripting
2009-12-12 14:21:42 0 d-----w- c:\windows\l2schemas
2009-12-12 14:21:40 0 d-----w- c:\windows\system32\en
2009-12-12 14:21:40 0 d-----w- c:\windows\system32\bits
2009-12-12 14:14:28 0 d-----w- c:\windows\network diagnostic
2009-12-11 00:20:19 0 d-----w- c:\program files\ESET
2009-12-11 00:07:19 0 d-----w- c:\program files\Yahoo!
2009-12-11 00:07:15 0 d-----w- c:\program files\CCleaner
2009-12-10 15:59:13 0 d-----w- c:\program files\NinjaTrader 6.5
2009-12-09 13:24:54 98304 ----a-w- c:\windows\system32\NtDirect.dll

==================== Find3M ====================

2009-11-28 17:28:55 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-29 07:46:59 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46:50 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll

============= FINISH: 13:20:21.03 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 4/5/2009 3:52:17 PM
System Uptime: 12/30/2009 9:45:29 AM (4 hours ago)

Motherboard: Dell Inc. | | 0KD882
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | Microprocessor | 1664/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 31 GiB total, 18.707 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP123: 12/12/2009 6:27:00 AM - clean121209
RP124: 12/12/2009 6:44:13 AM - Software Distribution Service 3.0
RP125: 12/12/2009 6:51:11 AM - Installed Windows XP KB932823-v3.
RP126: 12/12/2009 6:57:28 AM - Software Distribution Service 3.0
RP127: 12/12/2009 7:01:40 AM - Software Distribution Service 3.0
RP128: 12/12/2009 9:51:02 AM - Installed Java(TM) 6 Update 17
RP129: 12/12/2009 10:36:59 AM - Software Distribution Service 3.0
RP130: 12/12/2009 11:16:46 AM - Installed WinZip 14.0
RP131: 12/14/2009 9:18:08 AM - System Checkpoint
RP132: 12/15/2009 10:19:41 AM - System Checkpoint
RP133: 12/16/2009 10:28:42 AM - System Checkpoint
RP134: 12/16/2009 4:27:32 PM - Installed AVG 9.0
RP135: 12/16/2009 5:16:35 PM - Installed AVG 9.0
RP136: 12/16/2009 5:34:33 PM - Installed AVG Free 9.0
RP137: 12/16/2009 7:29:26 PM - Installed AVG Free 9.0
RP138: 12/16/2009 9:17:18 PM - Removed AT&T Communication Manager.
RP139: 12/18/2009 10:23:47 AM - System Checkpoint
RP140: 12/22/2009 3:04:53 PM - Installed AVG Free 9.0
RP141: 12/22/2009 3:18:29 PM - Installed AVG Free 9.0
RP142: 12/24/2009 4:07:45 PM - Avg8 Update
RP143: 12/24/2009 5:58:29 PM - Installed Adobe Reader 9.2.
RP144: 12/25/2009 7:31:17 AM - Tom2-12-25-2009
RP145: 12/25/2009 10:24:55 AM - Restore Operation
RP146: 12/25/2009 10:39:58 AM - Installed Microsoft Fix it 50267
RP147: 12/28/2009 4:14:21 AM - System Checkpoint
RP148: 12/29/2009 12:46:55 PM - Removed AVG Free 9.0
RP149: 12/29/2009 12:48:39 PM - Installed AVG Free 9.0
RP150: 12/30/2009 9:57:26 AM - Installed AVG Free 9.0
RP151: 12/30/2009 10:00:44 AM - Avg8 Update

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.2
AVG Free 9.0
Broadcom 440x 10/100 Integrated Controller
CCleaner
Conexant HDA D110 MDC V.92 Modem
Dell Wireless WLAN Card
Driver Installer
ESET Online Scanner v3
ESPNMotion
GemMaster Mystic
Google Toolbar for Internet Explorer
GoToAssist 8.0.0.514
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 17
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Visual C++ 2005 Redistributable
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
NinjaTrader 6.5
Otto
PokerStars
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SigmaTel Audio
Smart Defrag
Sonic Encoders
Sound Blaster ADVANCED MB Drivers
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinZip 14.0

==== Event Viewer Messages From Past Week ========

12/30/2009 8:03:33 AM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
12/29/2009 9:52:00 AM, error: System Error [1003] - Error code 100000d1, parameter1 00000000, parameter2 0000001c, parameter3 00000001, parameter4 8370f00c.
12/29/2009 8:45:37 AM, error: System Error [1003] - Error code 100000d1, parameter1 00000000, parameter2 0000001c, parameter3 00000001, parameter4 85d8800c.
12/29/2009 8:39:52 AM, error: Service Control Manager [7023] - The Windows Time service terminated with the following error: The program issued a command but the command length is incorrect.
12/29/2009 8:36:18 AM, error: W32Time [46] - The time service encountered an error and was forced to shut down. The error was: 0x800706BB
12/28/2009 6:47:10 PM, error: System Error [1003] - Error code 10000050, parameter1 e349d000, parameter2 00000000, parameter3 a81fcc3e, parameter4 00000001.
12/28/2009 1:32:48 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avg9wd service.
12/28/2009 1:23:45 PM, error: Dhcp [1002] - The IP address lease 192.168.2.3 for the Network Card with network address 0016CE720D5A has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
12/26/2009 10:58:56 AM, error: Dhcp [1002] - The IP address lease 192.168.2.4 for the Network Card with network address 0016CE720D5A has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
12/25/2009 7:31:48 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}
12/25/2009 2:04:24 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'avgcorex.dll.old' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.

==== End Of File ===========================
PopaTom
Regular Member
 
Posts: 69
Joined: November 27th, 2009, 6:39 pm

Re: Laptop has come to a crawl and is stalling, please help.

Unread postby Blade81 » December 30th, 2009, 4:43 pm

Hi again,

Please rename ComboFix back to something else (to PopaTom.exe for example)

Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
Driver::
atisvc_cifhvgia
Folder::
c:\windows\system32\bqaibfnfg
Registry::
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
FileLook::
C:\1235700.dll



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.


Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run a scan with ESET online scanner you have installed there (update definitions and have Remove found threats unselected).


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Laptop has come to a crawl and is stalling, please help.

Unread postby PopaTom » December 30th, 2009, 5:47 pm

Hi Blade81,

*********************************************************

ComboFix 09-12-29.06 - Thomas H. Pean 12/30/2009 14:30:06.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.634 [GMT -7:00]
Running from: c:\documents and settings\Thomas H. Pean\Desktop\PopaTom.exe.exe
Command switches used :: c:\documents and settings\Thomas H. Pean\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\1235700.dll
c:\windows\system32\bqaibfnfg
c:\windows\system32\bqaibfnfg\AES256.dll
c:\windows\system32\bqaibfnfg\ATIDLL64_hfapgtmy.dll
c:\windows\system32\bqaibfnfg\atisvc_cifhvgia.exe
c:\windows\system32\bqaibfnfg\CatDB.dic
c:\windows\system32\bqaibfnfg\CatVerDB.dic
c:\windows\system32\bqaibfnfg\ccp_mdcggelbi.dll
c:\windows\system32\bqaibfnfg\Config.dat
c:\windows\system32\bqaibfnfg\database.sdf
c:\windows\system32\bqaibfnfg\Director_hwzgjbwh.dll
c:\windows\system32\bqaibfnfg\dprx_nhtwqhoi.dll
c:\windows\system32\bqaibfnfg\ffe_cguacrdhk.dll
c:\windows\system32\bqaibfnfg\ffe3_bzzbkraf.dll
c:\windows\system32\bqaibfnfg\ffe35_poxrjdmk.dll
c:\windows\system32\bqaibfnfg\LiteUnzip.dll
c:\windows\system32\bqaibfnfg\mcapp_ibpjdxny.dll
c:\windows\system32\bqaibfnfg\mcff_hajxidbr.dll
c:\windows\system32\bqaibfnfg\mcgc_cfntgkpc.dll
c:\windows\system32\bqaibfnfg\mcie_bdzbwebe.dll
c:\windows\system32\bqaibfnfg\mck_ezqqtlsfh.dll
c:\windows\system32\bqaibfnfg\mclmd_dtcbyrbz.dll
c:\windows\system32\bqaibfnfg\mco_bafydmhbs.dll
c:\windows\system32\bqaibfnfg\mcoexp_rbzinecu.dll
c:\windows\system32\bqaibfnfg\mcsc_dnclnlmj.dll
c:\windows\system32\bqaibfnfg\proxy.dll
c:\windows\system32\bqaibfnfg\Settings.dat
c:\windows\system32\bqaibfnfg\Settings1029308.dat
c:\windows\system32\bqaibfnfg\svcsetup.exe
c:\windows\system32\bqaibfnfg\ve.dll
c:\windows\system32\bqaibfnfg\WindowsAccessBridge.dll
c:\windows\system32\bqaibfnfg\wpsapi-vista.dll
c:\windows\system32\bqaibfnfg\wpsapi-xp.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ATISVC_CIFHVGIA
-------\Service_atisvc_cifhvgia


((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-30 )))))))))))))))))))))))))))))))
.

2009-12-25 15:15 . 2009-12-25 23:35 -------- d-----w- c:\program files\PokerStars
2009-12-25 09:11 . 2009-12-25 09:11 -------- d-----w- c:\program files\Skyhook Wireless
2009-12-25 00:59 . 2009-12-25 00:59 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2009-12-25 00:58 . 2009-12-25 17:22 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-25 00:58 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\Thomas H. Pean\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-25 00:57 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-25 00:57 . 2009-12-25 00:57 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-25 00:56 . 2009-12-25 00:56 -------- d-----w- c:\documents and settings\Thomas H. Pean\Local Settings\Application Data\Adobe
2009-12-25 00:56 . 2009-12-25 00:56 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-12-22 22:19 . 2009-12-22 22:19 -------- d-----w- C:\$AVG
2009-12-22 22:18 . 2009-12-22 22:18 -------- d-----w- c:\program files\AVG
2009-12-18 06:49 . 2009-12-18 06:49 -------- d-----w- c:\documents and settings\Sue Pean
2009-12-17 04:18 . 2009-12-17 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\AT&T
2009-12-16 23:26 . 2009-12-17 03:14 -------- d-----w- c:\windows\SxsCaPendDel
2009-12-14 12:28 . 2009-12-14 12:57 -------- d-----w- c:\documents and settings\Thomas H. Pean\Application Data\MailWasherPro
2009-12-14 12:26 . 2009-12-14 12:26 -------- d-----w- c:\documents and settings\Thomas H. Pean\Application Data\WinPatrol
2009-12-14 12:26 . 2009-04-05 22:47 0 ----a-w- c:\documents and settings\Thomas H. Pean\Application Data\WinPatrol\Config.sys
2009-12-14 12:26 . 2009-04-05 22:47 0 ----a-w- c:\documents and settings\Thomas H. Pean\Application Data\WinPatrol\Autoexec.bat
2009-12-14 12:25 . 2009-12-14 12:25 -------- d-----w- c:\program files\BillP Studios
2009-12-12 18:17 . 2009-12-12 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-12-12 17:36 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-12 16:52 . 2009-12-12 16:52 -------- d-----w- c:\windows\Sun
2009-12-12 16:51 . 2009-12-12 16:51 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-12 16:51 . 2009-12-12 16:51 -------- d-----w- c:\program files\Java
2009-12-12 16:50 . 2009-12-12 16:50 152576 ----a-w- c:\documents and settings\Thomas H. Pean\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-12 16:50 . 2009-12-12 16:50 79488 ----a-w- c:\documents and settings\Thomas H. Pean\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-12 14:53 . 2009-12-12 14:53 -------- d-----w- c:\documents and settings\Thomas H. Pean\Application Data\Malwarebytes
2009-12-12 14:53 . 2009-12-12 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-12 14:21 . 2009-12-12 14:21 -------- d-----w- c:\windows\system32\scripting
2009-12-12 14:21 . 2009-12-12 14:21 -------- d-----w- c:\windows\l2schemas
2009-12-12 14:21 . 2009-12-12 14:21 -------- d-----w- c:\windows\system32\en
2009-12-12 14:21 . 2009-12-12 14:21 -------- d-----w- c:\windows\system32\bits
2009-12-11 00:20 . 2009-12-11 00:20 -------- d-----w- c:\program files\ESET
2009-12-11 00:07 . 2009-12-11 00:07 -------- d-----w- c:\documents and settings\Thomas H. Pean\Application Data\Yahoo!
2009-12-11 00:07 . 2009-12-11 01:17 -------- d-----w- c:\program files\Yahoo!
2009-12-11 00:07 . 2009-12-11 00:07 -------- d-----w- c:\program files\CCleaner
2009-12-10 16:18 . 2009-12-10 16:18 -------- d-----w- c:\documents and settings\Thomas H. Pean\Local Settings\Application Data\ICS
2009-12-10 15:59 . 2009-12-18 06:49 -------- d-----w- c:\program files\NinjaTrader 6.5
2009-12-09 13:24 . 2009-12-09 13:24 98304 ----a-w- c:\windows\system32\NtDirect.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-29 19:54 . 2009-11-28 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-25 23:24 . 2009-04-06 06:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-25 09:06 . 2009-07-17 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-12-22 21:49 . 2009-04-06 06:43 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-12-14 11:55 . 2009-04-11 15:07 15056 ----a-w- c:\documents and settings\Thomas H. Pean\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-12 14:25 . 2009-04-05 22:45 87747 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-29 21:57 . 2009-11-29 21:57 -------- d-----w- c:\documents and settings\Thomas H. Pean\Application Data\IObit
2009-11-29 21:57 . 2009-11-29 21:57 -------- d-----w- c:\program files\IObit
2009-11-29 20:54 . 2009-11-28 04:39 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-11-29 20:54 . 2009-11-28 04:39 -------- d-----w- c:\program files\AVS4YOU
2009-11-29 20:42 . 2009-11-29 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE
2009-11-28 17:28 . 2009-11-28 17:29 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-28 16:13 . 2009-11-28 16:13 -------- d-----w- c:\program files\Windows Live Safety Center
2009-11-28 04:39 . 2009-11-28 04:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-11-28 04:39 . 2009-11-28 04:39 -------- d-----w- c:\documents and settings\Thomas H. Pean\Application Data\AVS4YOU
2009-11-26 19:35 . 2009-11-26 19:35 -------- d-----w- c:\program files\Trend Micro
2009-11-21 15:51 . 2004-08-10 11:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-31 01:09 . 2009-06-12 20:52 13696 ----a-w- c:\windows\system32\drivers\wpsnuio.sys
2009-10-29 07:46 . 2006-03-04 03:33 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-10 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2004-08-10 11:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:38 . 2004-08-10 11:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-10 11:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-10 11:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-10 11:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-10 11:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-10 11:00 79872 ----a-w- c:\windows\system32\raschap.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- C:\1235700.dll ---
Company: ------
File Description: ------
File Version: 3.5.0.0
Product Name: ------
Copyright: ------
Original Filename: FirefoxExt35.dll
File size: 2146213
Created time: 2009-12-30 16:47
Modified time: 2009-12-25 09:29
MD5: 361903F26B99E240701268907AAEEA3E
SHA1: 60321C9172CEBDD86353CC71DB458A7BDE515795


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-06 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-10 2183168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-12 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-04-06 05:56 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NinjaTrader 6.5\\bin\\NinjaTrader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [8/20/2008 1:35 PM 168192]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [8/20/2008 1:36 PM 142976]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6. ... ontrol.CAB
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-30 14:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(884)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(2772)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2009-12-30 14:40:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-30 21:40
ComboFix2.txt 2009-12-30 15:13

Pre-Run: 20,133,646,336 bytes free
Post-Run: 20,254,912,512 bytes free

- - End Of File - - 21A9A4E1D956F771E99BA59078C6DB15
PopaTom
Regular Member
 
Posts: 69
Joined: November 27th, 2009, 6:39 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 40 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware