Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Unknown Malware Infection Computer slowed down tremendously

  • This topic is locked This topic is locked
2 replies to this topic

#1 Oceanbyrd


  • Members
  • 1 posts
  • Local time:06:11 PM

Posted 08 October 2009 - 01:09 PM

System keeps temorarily freezing at random moments creating tremendous slow down. Advanced System Care, AVG and MalwareBytes Anti-Malware don't find any problem but the computer is so slow it took over two hours to do everything you ask user to do before posting a topic. If need be I also have a hijack this report but below is the requested info. EDIT: Forgot to mention that I also ran CCleaner and checked start-up for unnecessary items as I know that can slow computer down as well. This is something I have done in the past and feel comfortable doing.
DDS (Ver_09-09-29.01) - NTFSx86
Run by Sea Rayn at 10:02:19.21 on Thu 10/08/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.549 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Wireless Select Switch\WLSS.exe
C:\Documents and Settings\Sea Rayn\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\Sea Rayn\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [WLSS] c:\program files\wireless select switch\WLSS.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
StartupFolder: c:\docume~1\searay~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\sea rayn\application data\dropbox\bin\Dropbox.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-2-27 9856]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-28 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-28 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-28 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-16 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-16 297752]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-2-28 99216]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2009-2-27 57408]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

=============== Created Last 30 ================

2009-10-07 22:28 0 ac------ c:\windows\Irremote.ini
2009-10-07 21:39 <DIR> -cd----- c:\docume~1\searay~1\applic~1\SumatraPDF
2009-10-07 21:36 <DIR> -cd----- c:\program files\SumatraPDF
2009-10-07 16:03 <DIR> -cd----- c:\program files\Bonjour
2009-10-07 15:42 35,376 ac--h--- c:\windows\system32\mlfcache.dat
2009-10-03 12:00 <DIR> -cd----- c:\docume~1\searay~1\applic~1\OpenOffice.org
2009-10-03 11:47 <DIR> -cd----- c:\program files\JRE
2009-10-03 11:47 <DIR> -cd----- c:\program files\OpenOffice.org 3
2009-10-03 11:45 73,728 ac------ c:\windows\system32\javacpl.cpl
2009-10-02 13:32 <DIR> -cdsh--- c:\docume~1\alluse~1.win\applic~1\{55A29068-F2CE-456C-9148-C869879E2357}
2009-09-27 22:04 <DIR> -cd----- c:\docume~1\searay~1\applic~1\Foxit Software

==================== Find3M ====================

2009-10-08 03:20 38 ac------ c:\documents and settings\sea rayn\jagex_runescape_preferences.dat
2009-10-08 02:22 45 ac------ c:\documents and settings\sea rayn\jagex_runescape_preferences2.dat
2009-10-03 11:44 411,368 ac------ c:\windows\system32\deploytk.dll
2009-10-03 10:26 11,952 ac------ c:\windows\system32\avgrsstx.dll
2009-10-03 10:26 335,240 ac------ c:\windows\system32\drivers\avgldx86.sys
2009-10-03 10:26 108,552 ac------ c:\windows\system32\drivers\avgtdix.sys
2009-10-03 10:01 4,826 ac------ c:\docume~1\searay~1\applic~1\wklnhst.dat
2009-08-06 19:23 274,288 ac------ c:\windows\system32\mucltui.dll
2009-08-06 19:23 215,920 ac------ c:\windows\system32\muweb.dll
2009-08-06 11:53 21,840 ac-----t c:\windows\system32\SIntfNT.dll
2009-08-06 11:53 17,212 ac-----t c:\windows\system32\SIntf32.dll
2009-08-06 11:53 12,067 ac-----t c:\windows\system32\SIntf16.dll
2009-08-05 02:01 204,800 ac------ c:\windows\system32\mswebdvd.dll
2009-07-17 12:01 58,880 ac------ c:\windows\system32\atl.dll
2009-07-12 12:21 233,472 ac------ c:\windows\system32\wmpdxm.dll

============= FINISH: 10:02:49.78 ===============

Attached Files

Edited by Oceanbyrd, 08 October 2009 - 03:26 PM.

BC AdBot (Login to Remove)


#2 syler


  • Malware Response Team
  • 8,150 posts
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:11 AM

Posted 24 October 2009 - 01:08 PM


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • log.txt
  • info.txt


#3 syler


  • Malware Response Team
  • 8,150 posts
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:11 AM

Posted 29 October 2009 - 10:57 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users