Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

slow computer


  • This topic is locked This topic is locked
12 replies to this topic

#1 arossberg

arossberg

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 25 December 2010 - 01:04 PM

Hi, my computer is running really slow. I've tried many programs to fix it and read a lot of forums, but can't figure it out. I've run hijack this, but I don't know what to do with the results. Here's my log file-

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:02:36 PM, on 12/25/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Program Files\hijack this\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Windows Media Player\wmplayer.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150216045968
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156461871562
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://viewers.streamingfaith.com/common/mbrowser/MINIBrowser.CAB
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Windows Live OneCare (winss) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (file missing)

--
End of file - 5077 bytes

Edited by Orange Blossom, 25 December 2010 - 07:36 PM.
Move to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:18 AM

Posted 02 January 2011 - 05:08 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


And

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.


Then

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
Posted Image
m0le is a proud member of UNITE

#3 arossberg

arossberg
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 02 January 2011 - 05:50 PM

Hi, thanx for getting back to me. My computer is still going really slow. I've tried a few anti virus things, like avg, malwarebytes etc, but I still don't know whats up. Something seems to be eating up my CPU, but I can't figure out what.. Heres the dds log-


DDS (Ver_10-12-12.02) - NTFSx86
Run by AJ at 16:39:59.29 on Sun 01/02/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.325 [GMT -6:00]

AV: AVG Anti-Virus 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Windows Live OneCare *Disabled/Outdated* {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: Windows Live OneCare Firewall *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\AJ\Desktop\dds.scr

============== Pseudo HJT Report ===============

mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150216045968
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156461871562
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} - hxxp://viewers.streamingfaith.com/common/mbrowser/MINIBrowser.CAB
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\aj\applic~1\mozilla\firefox\profiles\qwyc17se.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\aj\application data\kalydo\kalydoplayer\npkalydo.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-23 6128208]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-12-22 517448]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

=============== Created Last 30 ================

2010-12-31 19:11:09 -------- d-----w- c:\docume~1\aj\applic~1\Kalydo
2010-12-31 04:27:30 -------- d-----w- c:\documents and settings\all users\Uniblue
2010-12-31 02:52:46 -------- d-----w- c:\docume~1\aj\applic~1\Uniblue
2010-12-27 21:02:44 -------- d-----w- c:\docume~1\aj\applic~1\com.w3i.FlipToast
2010-12-24 23:19:26 -------- dc-h--w- C:\$AVG
2010-12-24 21:21:45 -------- d-----w- c:\docume~1\aj\locals~1\applic~1\PackageAware
2010-12-24 15:24:38 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-12-24 15:24:38 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-24 13:00:25 -------- d-----w- c:\docume~1\aj\applic~1\Mozilla(3)
2010-12-24 11:03:14 -------- d-sh--w- c:\documents and settings\aj\IECompatCache
2010-12-22 17:17:38 -------- d-----w- c:\docume~1\aj\applic~1\AVG
2010-12-22 16:29:45 -------- d-----w- c:\docume~1\aj\locals~1\applic~1\AVG Security Toolbar
2010-12-22 15:25:10 -------- d-----w- c:\docume~1\aj\applic~1\AVG10
2010-12-22 15:15:19 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2010-12-22 15:14:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2010-12-22 15:12:17 -------- d-----w- c:\windows\system32\drivers\AVG
2010-12-22 15:05:47 -------- d-----w- c:\program files\AVG
2010-12-22 03:22:51 -------- d-----w- c:\docume~1\aj\applic~1\Malwarebytes
2010-12-21 06:30:53 -------- d-----w- c:\program files\uTorrent
2010-12-20 00:34:02 -------- d-----w- c:\docume~1\aj\locals~1\applic~1\Threat Expert
2010-12-19 19:56:26 -------- d-----w- c:\docume~1\aj\locals~1\applic~1\jZip
2010-12-19 19:55:40 -------- d-----w- c:\program files\jZip
2010-12-17 02:35:16 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-12-17 01:40:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-12-17 00:47:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2010-12-17 00:24:46 -------- d-----w- c:\docume~1\aj\locals~1\applic~1\Mozilla
2010-12-16 22:48:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-12-15 22:04:15 -------- d-----w- c:\docume~1\aj\locals~1\applic~1\Temp
2010-12-15 22:03:49 -------- d-----w- c:\docume~1\aj\locals~1\applic~1\Google
2010-12-15 21:53:48 -------- d-----w- c:\program files\CCleaner
2010-12-15 20:45:12 -------- d-----w- c:\docume~1\aj\applic~1\FreeFileViewer
2010-12-15 20:30:40 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 06:05:03 -------- d-----w- c:\program files\VideoLAN
2010-12-15 02:38:36 -------- d-----w- c:\program files\FreeFileViewer
2010-12-15 02:32:00 -------- d-----w- c:\docume~1\aj\locals~1\applic~1\Yahoo
2010-12-15 02:23:48 -------- d-----w- c:\program files\Yahoo!
2010-12-14 06:39:50 -------- d-----w- c:\docume~1\aj\applic~1\PriceGong
2010-12-14 06:39:34 -------- d-----w- c:\docume~1\aj\locals~1\applic~1\Conduit
2010-12-14 06:39:19 -------- d-sh--w- c:\documents and settings\aj\PrivacIE
2010-12-14 06:36:45 -------- d-----w- c:\docume~1\aj\applic~1\uTorrent
2010-12-11 22:33:06 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-12-11 22:31:05 -------- d-----w- c:\windows\ie8updates
2010-12-11 22:30:10 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-12-11 22:30:08 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-12-11 22:30:07 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-12-11 06:17:48 -------- d-----w- c:\program files\MSXML 4.0
2010-12-11 03:42:05 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2010-12-11 03:41:45 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-12-11 03:41:44 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-12-11 03:39:19 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-12-11 03:30:55 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-12-11 03:29:22 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-12-11 03:29:21 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-12-11 02:00:33 472808 ----a-w- c:\windows\system32\deployJava1.dll

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 16:40:36.70 ===============

I'm working on the rest of the stuff you mentioned right now. I will post the results when I'm done. Thanx again for helping.

Attached Files



#4 arossberg

arossberg
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 02 January 2011 - 07:05 PM

I hope I did this all right. I'm kinda new to this kinda stuff. heres the gmer log-

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-02 17:56:25
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 IC35L040AVVA07-0 rev.VA2OA51A
Running: vnucqpov.exe; Driver: C:\DOCUME~1\AJ\LOCALS~1\Temp\pxdiipod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xF867A6C0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xF867A770]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xF867A810]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xF867A8B0]

---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\AJ\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{0E9AB09B-7366-ED28-B1C9-8124A1018436}\PersistentHandler@ {98de59a0-d175-11cd-a7bd-00006b827d94}
Reg HKLM\SOFTWARE\Classes\CLSID\{CE93F15B-D65C-880E-3800-843E8007FD2F}\InprocServer32@ C:\Program Files\Common Files\Microsoft Shared\Speech\SAPI.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{CE93F15B-D65C-880E-3800-843E8007FD2F}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{CE93F15B-D65C-880E-3800-843E8007FD2F}\ProgID@ SAPI.SpTextSelectionInformation.1
Reg HKLM\SOFTWARE\Classes\CLSID\{CE93F15B-D65C-880E-3800-843E8007FD2F}\TypeLib@ {C866CA3A-32F7-11D2-9602-00C04F8EE628}
Reg HKLM\SOFTWARE\Classes\CLSID\{CE93F15B-D65C-880E-3800-843E8007FD2F}\VersionIndependentProgID@ SAPI.SpTextSelectionInformation
Reg HKLM\SOFTWARE\Classes\CLSID\{DFE957A2-B69B-F543-5A95-EA6A51E8BAC2}\InprocServer32@ C:\Program Files\Common Files\MSSoap\Binaries\WHSC30.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{DFE957A2-B69B-F543-5A95-EA6A51E8BAC2}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DFE957A2-B69B-F543-5A95-EA6A51E8BAC2}\ProgID@ MSSOAP.WinHttpConnector30
Reg HKLM\SOFTWARE\Classes\CLSID\{DFE957A2-B69B-F543-5A95-EA6A51E8BAC2}\TypeLib@ {46BF17C2-9257-11D5-87EA-00B0D0BE6479}

---- EOF - GMER 1.0.15 ----

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:18 AM

Posted 02 January 2011 - 08:16 PM

There are two antiviruses on the scan.

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.


Nothing else looks like a problem though.

Please run ESET and we'll see if anything shows up.

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Leave the top box checked and then check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
Posted Image
m0le is a proud member of UNITE

#6 arossberg

arossberg
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 02 January 2011 - 09:44 PM

The scans been going for about 40 mins and its been stuck at 63% for a long time is this normal?

#7 arossberg

arossberg
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 03 January 2011 - 01:55 AM

ok, it finally finished after like 4 hours. It found one thing-

C:\Documents and Settings\AJ\Application Data\AVG\Rescue\PC Tuneup 2011\101225041348132.rsc Win32/RegistryBooster application deleted - quarantined

Is that like malware disguised as PC Tuneup. or just a false positive. I thought I seen two of them running before and wondered.
And what would you suggest as far as having those two antiviruses. When I installed AVG I couldn't figure out how to get rid of windows live one care. It didn't seem to be working right in the first place, so I just disabled it. Will they still conflict if it's disabled. In any case I'd like to get rid of one of them. Any suggestions? Maybe you even know of a better one?

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:18 AM

Posted 03 January 2011 - 11:47 AM

It's a very meticilous scanner, ESET. You're right, it is a false positive though it's possible that registry cleaners are removed by ESET as a matter of course. We at BC also don't recommend their use.

If you want to try an alternative antivirus then I have some recommendations but by disabling OneCare you are dealing with it, and AVG is a fine antivirus so I'd keep it as it is.

Looks like you're clean, arossberg.

Please update your Java:

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Jdk 6 Update 23 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u23-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

I recommend that you read this tutorial on the site which explains what you can do to speed up your PC.

Edited by m0le, 03 January 2011 - 11:48 AM.

Posted Image
m0le is a proud member of UNITE

#9 arossberg

arossberg
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 03 January 2011 - 02:53 PM

Thanx again for your help. should I have re-enabled cd emulator drivers with the defogger. And you said One Care is ok just being disabled right. Is there a way to get rid of it, or is it like part of the system.

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:18 AM

Posted 03 January 2011 - 06:47 PM

You're stuck with OneCare.:(

Go ahead and re-enable the emulation drivers

To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.
Posted Image
m0le is a proud member of UNITE

#11 arossberg

arossberg
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 03 January 2011 - 07:28 PM

Well thanx for everything. It's still pretty slow, but I guess thats just because it's like 10 years old. At least I know I've done everything I can for it, until I can get a new one. One more question for ya as long as I've got a pro at hand. Does the available hard disk space affect performance. It's only got a 40 gig hardrive, and I've only got like 8 or 9 free. I plan on getting an external hard drive soon to store my music and whatnot. But I might have to delete some stuff for now, if it's slowing me down.

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:18 AM

Posted 03 January 2011 - 08:05 PM

No, not as much as you might think. The physical size, quality and amount of platters on the drive are more important to performance but then performance will be affected by definition as the smaller sized drive will have less memory.

This article is actually very clear and explains it much better than I did above actually. :P
Posted Image
m0le is a proud member of UNITE

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:18 AM

Posted 08 January 2011 - 09:23 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users