Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop slowing down to a stop


  • This topic is locked This topic is locked
2 replies to this topic

#1 plipplop

plipplop

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 12 April 2009 - 03:42 PM

Scanned with AGV, Adware, Spybot, but to no effect,

Keyboard, mouse and power button fail to respond at random,

Had winfixer about 2 month back, but think thats fixed,


DDS (Ver_09-03-16.01) - FAT32x86
Run by Billy at 21:00:18.09 on 12/04/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.549 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\NWDLS.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Documents and Settings\Billy\Favorites\Desktop\hijackthis files\dds.scr

============== Pseudo HJT Report ===============

uLocal Page = hxxp://uk.yahoo.com/
uStart Page = hxxp://www.google.co.uk
uSearch Page = hxxp://uk.yahoo.com/
mDefault_Page_URL = hxxp://uk.yahoo.com/
mStart Page = hxxp://uk.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://www.google.com/
mCustomizeSearch = hxxp://www.google.com/
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.2)" -"http://www8.agame.com/games/shockwave/r/r-style_supreme/r-style_supreme_mygames_co_uk.htm"
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [AS00_WPN511] c:\program files\netgear\wpn511\utility\WPN511.exe -hide
mRun: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Download with GetRight - c:\program files\getright\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: Open with GetRight Browser - c:\program files\getright\GRbrowse.htm
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: jkkLBqOF - jkkLBqOF.dll
AppInit_DLLs: qmomch.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: {EBF1652D-FC54-4654-8738-55A21A0B520B} - No File
LSA: Authentication Packages = msv1_0 c:\windows\system32\efcYQigH

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-9 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-9-24 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-9 107912]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-9 298264]
R2 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2006-12-7 4096]
R2 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2006-12-7 78208]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2008-10-9 14336]
R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2007-1-3 16194]
S2 ARGUSSURVEILLANCEDVR_WATCHDOG;Argus Surveillance DVR Watchdog;c:\program files\argus surveillance dvr\dvrwatchdog.exe --> c:\program files\argus surveillance dvr\DVRWatchdog.exe [?]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\elock2burnerlockdriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\elock2fsctldriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]
S2 gupdate1c9a0dbfe6c8fb6;Google Update Service (gupdate1c9a0dbfe6c8fb6);c:\program files\google\update\GoogleUpdate.exe [2009-3-9 133104]
S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2005-11-30 1088896]
S3 NETGEAR_WPN511_SERVICE;NETGEAR WPN511 Wireless Adapter Service;c:\windows\system32\drivers\wpn511.sys [2008-3-25 488992]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2006-12-7 32512]

=============== Created Last 30 ================

2009-04-12 10:14 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-04-11 14:59 24,448 a------- c:\windows\system32\drivers\ewdcsc.sys
2009-04-11 14:59 69,361 a------- c:\windows\Huawei ModemsUninstall.exe
2009-04-11 02:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SWiSHMax2WorkFolder
2009-04-10 13:36 <DIR> --d----- C:\My Documents
2009-04-09 00:50 107,912 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-09 00:50 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-04-09 00:50 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-09 00:49 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-04-09 00:49 <DIR> --d----- c:\program files\AVG
2009-04-09 00:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-04-05 22:58 65,536 a------- c:\windows\system32\lfeps13n.dll
2009-04-05 22:58 159,744 a------- c:\windows\system32\lfpng13n.dll
2009-04-05 22:58 69,632 a------- c:\windows\system32\lfgif13n.dll
2009-04-05 22:58 462,848 a------- c:\windows\system32\ltkrn13n.dll
2009-04-05 22:58 450,560 a------- c:\windows\system32\ltimg13n.dll
2009-04-05 22:58 401,408 a------- c:\windows\system32\lfcmp13n.dll
2009-04-05 22:58 299,008 a------- c:\windows\system32\ltdis13n.dll
2009-04-05 22:58 206,336 a------- c:\windows\system32\ltefx13n.dll
2009-04-05 22:58 163,840 a------- c:\windows\system32\ltfil13n.dll
2009-04-05 22:58 57,344 a------- c:\windows\system32\lfbmp13n.dll
2009-03-30 22:00 <DIR> --d----- c:\program files\common files\Windows Live
2009-03-29 23:08 <DIR> --d----- c:\windows\ULEAD.DAT
2009-03-29 23:08 362 a------- c:\windows\ULEAD.INI
2009-03-29 23:07 108 a------- c:\windows\GZVIEWER.INI
2009-03-29 21:08 <DIR> --d----- c:\program files\uTorrent
2009-03-29 20:23 859 a------- c:\windows\MEDIAPAQ.INI
2009-03-29 20:23 928 a------- c:\windows\win.002
2009-03-29 20:23 257 a------- c:\windows\system.002
2009-03-29 20:22 889 a------- c:\windows\win.001
2009-03-29 20:22 257 a------- c:\windows\system.001
2009-03-29 20:22 67,664 a------- c:\windows\system\DZIP.DLL
2009-03-29 20:22 48,512 a------- c:\windows\system\DUNZIP.DLL
2009-03-29 20:22 <DIR> --d----- C:\MPX
2009-03-28 21:57 <DIR> --d----- c:\windows\Broadband Download Monitor
2009-03-25 00:56 2,688 a------- c:\windows\system32\settings.aaw
2009-03-24 23:23 <DIR> --d----- c:\program files\common files\SWiSHzone.com
2009-03-24 23:23 <DIR> --d----- c:\program files\SWiSH Max2
2009-03-24 23:22 <DIR> --d----- c:\temp\SWISH MAX
2009-03-19 11:27 <DIR> --d----- c:\docume~1\billy\applic~1\Electrum
2009-03-19 11:07 <DIR> --d----- c:\program files\Xenu
2009-03-19 11:03 <DIR> --d----- c:\program files\SmartDraw 2009
2009-03-13 21:11 <DIR> --d----- c:\program files\Cutout Pro

==================== Find3M ====================

2009-02-09 11:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 11:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-01-16 21:35 3,594,752 -------- c:\windows\system32\dllcache\mshtml.dll
2008-10-02 02:19 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLbx.DAT
2008-10-02 02:07 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLck.DAT
2007-11-13 11:01 87,608 a------- c:\docume~1\billy\applic~1\ezpinst.exe
2007-11-13 11:01 47,360 a------- c:\docume~1\billy\applic~1\pcouffin.sys
2007-11-03 23:11 866 a------- c:\docume~1\billy\applic~1\wklnhst.dat
2008-04-22 22:39 10,856 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-04-22 22:39 56 ---shr-- c:\windows\system32\E9AB6EEA11.sys
2008-09-09 00:12 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090920080910\index.dat

============= FINISH: 21:01:04.81 ===============


Thanks for looking

Billy

Attached Files



BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:03:04 AM

Posted 26 April 2009 - 11:58 AM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:03:04 AM

Posted 01 May 2009 - 03:07 PM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users