Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

computer very slow to boot up and run, cpu usage spikes to 100


  • This topic is locked This topic is locked
2 replies to this topic

#1 myannoyingfriend

myannoyingfriend

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 22 February 2011 - 04:06 PM

hello

for about a week now all of a sudden my computer has become painstakingly slow. i first noticed the boot time had increased from just under a minute or so to up to 3-5 minutes. once open, the cursor was hesitating and opening programs was taking along time. then out of the blue the regular speed would return for a period of a few minutes and then the computer would slow right down again. i noticed a couple of things
1 the three dashing squares on windows boot were running very slow and sometimes pausing for a few seconds, never happened before
2 task manager -- cpu usage was spiking to 100 without me running any programs and then sudden drops to 6-7 without processes
3 the computer has begun freezing every once in a while, i assume when i have programs running it is overwhelmed
4 the opening little music for windows is now stuttered sort of when a speaker has a loose connection but when the cpu usage is lower and i play something it is fine so it can't be loose.
5 i deleted any troublesome programs that i think may have caused this such as utorrent and freephoneline. and i ran various anti-spyware programs

it is a compaq presario laptop with 1 gb ram 80 hd i ran dds, gmer, mbam, avira rescue cd and combofix. i have attached there logs here. i am not an expert by any means in computers and require some help. thanks in advance.



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5762

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/14/2011 2:36:11 PM
mbam-log-2011-02-14 (14-36-11).txt

Scan type: Quick scan
Objects scanned: 143738
Time elapsed: 35 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-02-14 15:07:13
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9808211A rev.3.02
Running: twp3y8nb.exe; Driver: C:\DOCUME~1\GUESTA~1\LOCALS~1\Temp\ugtdypob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----


DDS (Ver_10-12-12.02) - NTFSx86
Run by guest account at 15:08:14.78 on Mon 02/14/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.665 [GMT -5:00]

AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\guest account\Desktop\dds.scr

============== Pseudo HJT Report ===============

mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\guesta~1\applic~1\mozilla\firefox\profiles\cimzn3rz.default\
FF - prefs.js: browser.startup.homepage - yahoo.ca
FF - component: c:\program files\pc tools security\bdt\firefox\platform\winnt_x86-msvc\components\libheuristic.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-11-16 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-11-16 96408]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-11-16 735960]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2008-2-3 200192]

=============== Created Last 30 ================

2011-02-14 18:32:56 -------- d-----w- c:\docume~1\guesta~1\applic~1\Malwarebytes
2011-02-14 18:32:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-14 18:32:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-02-14 18:31:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-14 18:31:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-13 21:48:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2011-01-21 14:44:37 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll
2011-01-18 03:38:52 -------- d-----w- c:\documents and settings\guest account\FreePhoneLine
2011-01-18 03:38:43 -------- d-----w- c:\program files\FreePhoneLine
2011-01-18 03:38:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-18 03:38:05 411368 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-18 03:38:05 411368 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-01-17 18:04:12 -------- d-sh--w- c:\documents and settings\guest account\PrivacIE
2011-01-17 18:04:08 -------- d-----w- c:\docume~1\guesta~1\locals~1\applic~1\Google
2011-01-16 16:17:54 -------- d-----w- c:\docume~1\guesta~1\locals~1\applic~1\Identities

==================== Find3M ====================

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38:47 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:05 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2008-02-04 04:11:00 1491592 ----a-w- c:\program files\install_flash_player.exe
2005-08-24 00:26:00 73728 ----a-w- c:\program files\CheckVer.exe
2005-08-24 00:26:00 151552 ----a-w- c:\program files\AtiCim.bin
2005-08-24 00:26:00 110592 ----a-w- c:\program files\AtiCimUn.exe
2004-11-29 18:35:54 567000 ----a-w- c:\program files\Setup.exe
2004-11-29 18:29:02 561152 ----a-w- c:\program files\HXFSetup.exe
2004-11-23 18:57:56 280192 ----a-w- c:\program files\camchal.sys
2004-11-23 18:56:40 34048 ----a-w- c:\program files\camcaud.sys
2004-11-23 18:55:40 28672 ----a-w- c:\program files\CIAunWDM.exe
2004-10-27 15:35:44 85 ----a-w- c:\program files\Install.bat
2004-10-20 11:55:58 5952 ----a-w- c:\program files\Dublin_EQ_Final.reg
2004-08-20 18:54:30 417 ----a-w- c:\program files\layout.bin
2004-06-28 14:35:24 69760 ----a-w- c:\program files\Rtlnicxp.sys
2004-06-28 14:35:06 68992 ----a-w- c:\program files\Rtlnic.sys
2004-04-29 18:07:54 32248 ----a-w- c:\program files\caudinst.dll

============= FINISH: 15:09:56.73 ===============


this is the attach file, not sure if you needed it or not.

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/3/2008 9:17:31 PM
System Uptime: 2/14/2011 2:53:39 PM (1 hours ago)

Motherboard: Hewlett-Packard | | 3085
Processor: AMD Athlon™ 64 Processor 3500+ | U23 | 994/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 39 GiB total, 17.273 GiB free.
D: is FIXED (NTFS) - 35 GiB total, 25.484 GiB free.
E: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_3085103C&REV_10\4&13826118&0&30A4
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_3085103C&REV_10\4&13826118&0&30A4
Service: RTL8023xp

==== System Restore Points ===================

RP256: 12/16/2010 9:26:57 PM - Software Distribution Service 3.0
RP257: 12/29/2010 12:27:37 PM - System Checkpoint
RP258: 12/31/2010 6:46:45 PM - System Checkpoint
RP259: 1/11/2011 1:17:18 AM - System Checkpoint
RP260: 1/12/2011 2:05:24 AM - System Checkpoint
RP261: 1/13/2011 3:19:43 PM - System Checkpoint
RP262: 1/14/2011 10:57:17 AM - Software Distribution Service 3.0
RP263: 1/16/2011 2:27:02 PM - System Checkpoint
RP264: 1/17/2011 3:34:42 PM - System Checkpoint
RP265: 1/17/2011 10:37:41 PM - Installed Java™ 6 Update 20
RP266: 1/17/2011 10:38:42 PM - Installed FreePhoneLine
RP267: 1/19/2011 12:53:00 AM - System Checkpoint
RP268: 1/20/2011 3:54:31 PM - System Checkpoint
RP269: 1/21/2011 11:09:38 PM - System Checkpoint
RP270: 1/22/2011 11:41:17 PM - System Checkpoint
RP271: 1/24/2011 1:07:45 PM - System Checkpoint
RP272: 1/26/2011 9:32:35 AM - System Checkpoint
RP273: 1/27/2011 1:42:43 PM - System Checkpoint
RP274: 1/28/2011 2:18:55 PM - System Checkpoint
RP275: 1/29/2011 4:35:11 PM - System Checkpoint
RP276: 1/31/2011 3:35:30 PM - System Checkpoint
RP277: 2/1/2011 6:29:00 PM - System Checkpoint
RP278: 2/2/2011 9:13:03 PM - System Checkpoint
RP279: 2/3/2011 11:37:47 PM - System Checkpoint
RP280: 2/5/2011 1:14:31 AM - System Checkpoint
RP281: 2/6/2011 2:39:51 AM - System Checkpoint
RP282: 2/7/2011 10:19:24 AM - System Checkpoint
RP283: 2/9/2011 9:25:09 PM - Software Distribution Service 3.0
RP284: 2/11/2011 9:53:43 AM - System Checkpoint
RP285: 2/12/2011 1:04:59 PM - System Checkpoint
RP286: 2/13/2011 1:16:57 PM - System Checkpoint

==== Installed Programs ======================

µTorrent
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.4.1
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Broadcom 802.11 Wireless LAN Adapter
CCleaner
Conexant AC-Link Audio
Data Fax SoftModem with SmartCP
ESET NOD32 Antivirus
FileMaker Pro 5.5
FreePhoneLine
Google Toolbar for Internet Explorer
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Java Auto Updater
Java™ 6 Update 20
K-Lite Codec Pack 4.1.7 (Full)
Malwarebytes' Anti-Malware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.3)
Octoshape add-in for Adobe Flash Player
REALTEK Gigabit and Fast Ethernet NIC Driver
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Spelling Dictionaries Support For Adobe Reader 9
Synaptics Pointing Device Driver
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

2/14/2011 9:30:36 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/14/2011 9:30:34 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
2/14/2011 3:00:04 PM, error: System Error [1003] - Error code 100000c5, parameter1 00083d60, parameter2 00000002, parameter3 00000000, parameter4 805446b2.
2/14/2011 2:47:44 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
2/14/2011 1:20:01 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
2/14/2011 1:20:01 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
2/14/2011 1:20:01 PM, error: Service Control Manager [7034] - The PC Tools Auxiliary Service service terminated unexpectedly. It has done this 1 time(s).
2/14/2011 1:20:01 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
2/14/2011 1:20:01 PM, error: Service Control Manager [7034] - The Browser Defender Update Service service terminated unexpectedly. It has done this 1 time(s).
2/14/2011 1:20:01 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
2/14/2011 1:20:01 PM, error: Service Control Manager [7022] - The PC Tools Security Service service hung on starting.
2/13/2011 11:49:21 AM, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.
2/12/2011 12:34:14 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
2/12/2011 12:33:33 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

==== End Of File ===========================




ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=b5ab2af698cf3043afa6a75d87f2193f
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-02-17 03:22:28
# local_time=2011-02-17 10:22:28 (-0500, Eastern Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8199 39157157 100 100 0 38656636 0 0
# scanned=45386
# found=0
# cleaned=0
# scan_time=5349
# nod_component=V3 Build:0x30000000


ComboFix 11-02-16.05 - guest account 02/17/2011 10:53:18.1.1 - x86
Running from: c:\documents and settings\guest account\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Setup.exe

.
((((((((((((((((((((((((( Files Created from 2011-01-17 to 2011-02-17 )))))))))))))))))))))))))))))))
.

2011-02-14 18:32 . 2011-02-14 18:32 -------- d-----w- c:\documents and settings\guest account\Application Data\Malwarebytes
2011-02-14 18:32 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-14 18:32 . 2011-02-14 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-02-14 18:31 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-14 18:31 . 2011-02-14 18:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-13 21:53 . 2011-02-14 19:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-02-13 21:48 . 2011-02-14 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-01-21 14:44 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2001-08-23 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-18 03:37 . 2011-01-18 03:38 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-18 03:37 . 2011-01-18 03:38 411368 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-07 14:09 . 2001-08-23 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2001-08-23 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2001-08-23 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2001-08-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2001-08-23 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2001-08-23 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2008-02-04 02:55 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2001-08-23 12:00 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2001-08-23 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38 . 2001-08-23 12:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2001-08-17 13:48 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2008-02-04 04:11 . 2008-02-04 04:10 1491592 ----a-w- c:\program files\install_flash_player.exe
2005-08-24 00:26 . 2005-08-24 00:26 73728 ----a-w- c:\program files\CheckVer.exe
2005-08-24 00:26 . 2005-08-24 00:26 151552 ----a-w- c:\program files\AtiCim.bin
2005-08-24 00:26 . 2005-08-24 00:26 110592 ----a-w- c:\program files\AtiCimUn.exe
2004-11-29 18:29 . 2004-11-29 18:29 561152 ----a-w- c:\program files\HXFSetup.exe
2004-11-23 18:57 . 2004-11-23 18:57 280192 ----a-w- c:\program files\camchal.sys
2004-11-23 18:56 . 2004-11-23 18:56 34048 ----a-w- c:\program files\camcaud.sys
2004-11-23 18:55 . 2004-11-23 18:55 28672 ----a-w- c:\program files\CIAunWDM.exe
2004-10-27 15:35 . 2004-10-27 15:35 85 ----a-w- c:\program files\Install.bat
2004-10-20 11:55 . 2004-10-20 11:55 5952 ----a-w- c:\program files\Dublin_EQ_Final.reg
2004-08-20 18:54 . 2004-08-20 18:54 417 ----a-w- c:\program files\layout.bin
2004-06-28 14:35 . 2004-06-28 14:35 69760 ----a-w- c:\program files\Rtlnicxp.sys
2004-06-28 14:35 . 2004-06-28 14:35 68992 ----a-w- c:\program files\Rtlnic.sys
2004-04-29 18:07 . 2004-04-29 18:07 32248 ----a-w- c:\program files\caudinst.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11/16/2009 8:03 AM 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [11/16/2009 8:06 AM 96408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11/16/2009 8:04 AM 735960]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2/3/2008 9:44 PM 200192]
.
.
------- Supplementary Scan -------

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\guest account\Application Data\Mozilla\Firefox\Profiles\cimzn3rz.default\
FF - prefs.js: browser.startup.homepage - yahoo.ca
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-20 09:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3068)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-02-20 09:33:15
ComboFix-quarantined-files.txt 2011-02-20 14:33
ComboFix2.txt 2011-02-17 16:02

Pre-Run: 18,410,242,048 bytes free
Post-Run: 18,393,505,792 bytes free

- - End Of File - - 9AD41DFB787DC9331F20BFAF8E230CC4
Edit/Delete Message

Edited by Orange Blossom, 22 February 2011 - 04:12 PM.
Moved to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:22 AM

Posted 27 February 2011 - 09:21 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:22 AM

Posted 04 March 2011 - 08:24 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users