Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Low CPU usage but slow computer


  • This topic is locked This topic is locked
5 replies to this topic

#1 mza2006

mza2006

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 11 October 2011 - 12:25 PM

Hello
I will try to be brief, please don't mind my English, it's not my first language.
Specs:
Windows 7
CPU: i7
HDD: 7200++ 500GB (New one and totally not slow)
RAM: 4GB DDR3
VGA: ATI Mobility Radeon HD 4670
Bottom line, the processes are not exceeding 30% in it's worst case (usually around 12%), Ram usage is below 60%, I'm using Norton 360, I uninstalled it, but it didn't change the performance that much, so I installed it back again. I ran most of the known and unknown scanning software, the results were always the same (nothing but few cookies). I cleaned the temp files (manually and using software like Glary utility, Advanced System care and others), the result would be a slight improvement for an hour or so, then the system will crawl again.
I read a couple of useful stuff on this website, so I ran the test using Hijackthis, later on I used RSIT which is including the result, so I will upload the log and info files, I will not install/uninstall any file nor scan for anything until I have directions from you....:)
Thank you for your help on advance, really looking for help..)

RSIT.exe files.

Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Animal

Attached Files

  • Attached File  info.txt   35.13KB   3 downloads
  • Attached File  log.txt   45.05KB   2 downloads


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:40 PM

Posted 16 October 2011 - 06:27 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 mza2006

mza2006
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 18 October 2011 - 12:29 PM

Hi
The problem can be summarized in the following, my PC used to work normal, everything is smooth, everything was responsive, but gradually with time, and eventually after using Uniblue Power Suit, the system starts to slow down a lot, use the processor in a very aggressive way (usually it was 5%, then the processor usage starts to become at least 30% in the last couple days), all the video formats will be player in a slow way and it will stop suddenly (freeze) then play back, bottom line you can't enjoy watching any video at all. I barely can type in any place, whenever I type anything I have to stop, read it back, and I will see that the system froze while i was typing, and half of what I wrote is missing. whenever I use my browser it will keep like disappearing then coming back and so on, so I will be clicking inside the browser, but it will disappear, so that will make me click on whatsoever underneath it.
Transferring files, zipping files, unzipping files, browsing the internet (the download speed is normal, but the browsing is so bad), any game that use flash player is so slow, freeze and so on, Some of the programs will take more then 10 seconds to load or to be closed.
I know how to deal with Computers in semi-professional way, but I really gave up with this one, I already used the system file checker (sfc.exe) everything is normal, I clean and clear all the history and temp files periodically (manually before using Uniblue or advanced system care) that includes all the browsers. Bottom line, I do maintenance in more than one aspect, and beyond what i mentioned, but not its not working properly anymore, the only thing that is normal that the windows don't crash, but it takes more than 10 minutes to load fully to the desktop (it used to be 3 minutes...I understand that the amount of Software loaded and so on affect the speed)....but in general, it sounds to me like a piece of crab now.
About the games, all the games that used to be playable in a normal speed, are freezing and shutting down unexpectedly. I used to used more than one antivirus at the same time, just to make a scan then uninstall it, to make sure the system is free of any kind of suspicious files, but they all was showing the same results, no problem, no viruses at all!!!!
So, I'm really looking forward for any kind of real solution for this problem, and thank you in advance, kindly find the attached files...:)


The software is asking to zip the Attach.txt then upload it, but the forum is refusing to load it.I will post the results in the next reply.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by MZA at 1:03:36 on 2011-10-19
.
============== Running Processes ===============
.
C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files (x86)\Xobni\XobniService.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10m_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Users\MZA\Downloads\dds.scr
C:\Users\MZA\Downloads\dds.scr
C:\Windows\SysWOW64\svchost.exe -k Akamai
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Microsoft Internet Explorer
mDefault_Search_URL =
mDefault_Page_URL =
mStart Page = about:blank
mSearch Page =
mWindow Title = Microsoft Internet Explorer
mURLSearchHooks: ZoneAlarm SocialGuard Toolbar: {46d24133-ccaa-49bd-950c-48f29f5ffa91} -
mURLSearchHooks: ZoneAlarm Extreme Security Toolbar: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} -
mWinlogon: Userinit=C:\Windows\SysWOW64\userinit.exe,
BHO: Disabled:{72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No File
BHO: Disabled:{9030D464-4C02-4ABF-8ECC-5164760863C6} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - Conduit Engine
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: ZoneAlarm SocialGuard: {46d24133-ccaa-49bd-950c-48f29f5ffa91} - ZoneAlarm SocialGuard Toolbar
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No File
BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: ZoneAlarm Extreme Security: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - ZoneAlarm Extreme Security Toolbar
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Adblock Pro: {f385c231-605b-4d8f-aca9-dbff765bbe17} - C:\Program Files (x86)\Adblock Pro\AdblockPro.dll
TB: {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - No File
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} -
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [HijackThis startup scan] C:\Users\MZA\Downloads\HijackThis.exe /startupscan
uRun: [SpeedUpMyPC] "C:\Program Files (x86)\Uniblue\SpeedUpMyPC\launcher.exe" -d 20000
uRun: [DriverScanner] "C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe" delay 20000
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [FAStartup]
mExplorerRun: [<NO NAME>] 1 (0x1)
uPolicies-explorer: NofolderOptions = 00000000
uPolicies-explorer: RestrictRun = 0 (0x0)
uPolicies-system: NoSecCPL = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
uPolicies-system: NoDevMgrPage = 0 (0x0)
uPolicies-system: NoConfigPage = 0 (0x0)
uPolicies-system: NoVirtMemPage = 0 (0x0)
uPolicies-system: NoFileSysPage = 0 (0x0)
uPolicies-system: NoNetSetup = 0 (0x0)
uPolicies-system: NoNetSetupIDPage = 0 (0x0)
uPolicies-system: NoNetSetupSecurityPage = 0 (0x0)
uPolicies-system: NoWorkgroupContents = 0 (0x0)
uPolicies-system: NoEntireNetwork = 0 (0x0)
uPolicies-system: NoFileSharingControl = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: NoFolderOptions = 00000000
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Block This Image (ABP) - C:\Program Files (x86)\Adblock Pro\blockimg.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{27E4C556-8AF7-4DD6-B816-15A57F5BA9D0} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{27E4C556-8AF7-4DD6-B816-15A57F5BA9D0}\24F696E676F60284F6473707F647 : DhcpNameServer = 66.103.64.4 66.103.80.4
TCP: Interfaces\{27E4C556-8AF7-4DD6-B816-15A57F5BA9D0}\3557E67716970284F64756C6027596649602F4 : DhcpNameServer = 58.71.132.10 203.192.163.114 58.71.136.10
TCP: Interfaces\{27E4C556-8AF7-4DD6-B816-15A57F5BA9D0}\3557E677169784F64756C602759664960214 : DhcpNameServer = 58.71.132.10 203.192.163.114 58.71.136.10
TCP: Interfaces\{27E4C556-8AF7-4DD6-B816-15A57F5BA9D0}\55E69636F654870727563737 : DhcpNameServer = 191.168.0.1
TCP: Interfaces\{27E4C556-8AF7-4DD6-B816-15A57F5BA9D0}\D456564702F4E6021303 : DhcpNameServer = 58.71.132.10 203.192.163.114 58.71.136.10
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli FAPassSync
BHO-X64: Disabled:{72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No File
BHO-X64: Disabled:{9030D464-4C02-4ABF-8ECC-5164760863C6} - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine
BHO-X64: Conduit Engine - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: {46d24133-ccaa-49bd-950c-48f29f5ffa91} - ZoneAlarm SocialGuard Toolbar
BHO-X64: ZoneAlarm SocialGuard - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No File
BHO-X64: scriptproxy - No File
BHO-X64: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO-X64: FAIESSO Helper Object - No File
BHO-X64: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - ZoneAlarm Extreme Security Toolbar
BHO-X64: ZoneAlarm Extreme Security - No File
BHO-X64: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Adblock Pro: {F385C231-605B-4d8f-ACA9-DBFF765BBE17} - C:\Program Files (x86)\Adblock Pro\AdblockPro.dll
BHO-X64: Adblock Pro - No File
TB-X64: {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - No File
TB-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} -
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB-X64: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
EB-X64: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [FAStartup]
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\MZA\AppData\Roaming\Mozilla\Firefox\Profiles\g1kmzx60.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=hp
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\MZA\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service
R? Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service
R? FACAP;facap, FastAccess Video Capture
R? nmwcdnsucx64;Nokia USB Flashing Generic
R? nmwcdnsux64;Nokia USB Flashing Phone Parent
R? Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service
R? StorSvc;Storage Service
R? TsUsbFlt;TsUsbFlt
R? wacmoumonitor;Wacom Mode Helper
R? WatAdminSvc;Windows Activation Technologies Service
S? AdobeARMservice;Adobe Acrobat Update Service
S? AESTFilters;Andrea ST Filters Service
S? Akamai;Akamai NetSession Interface
S? AMD External Events Utility;AMD External Events Utility
S? amdkmdag;amdkmdag
S? amdkmdap;amdkmdap
S? BcmVWL;Broadcom Virtual Wireless
S? BHDrvx64;BHDrvx64
S? btusbflt;Bluetooth USB Filter
S? btwl2cap;Bluetooth L2CAP Service
S? EraserUtilRebootDrv;EraserUtilRebootDrv
S? ezGOSvc;Easybits GO Services for Windows
S? FAService;FAService
S? IDSVia64;IDSVia64
S? itecir;ITECIR Infrared Receiver
S? ITECIRfilter;ITECIR Filter Driver
S? k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0
S? Lbd;Lbd
S? MonitorFunction;Driver for Monitor
S? N360;Norton 360
S? rimspci;rimspci
S? risdpcie;risdpcie
S? rixdpcie;rixdpcie
S? SBRE;SBRE
S? SmartDefragDriver;SmartDefragDriver
S? SymDS;Symantec Data Store
S? SymEFA;Symantec Extended File Attributes
S? SymIRON;Symantec Iron Driver
S? SymNetS;Symantec Network Security WFP Driver
S? TabletServicePen;TabletServicePen
S? TeamViewer6;TeamViewer 6
S? teamviewervpn;TeamViewer VPN Adapter
S? TouchServicePen;Wacom Consumer Touch Service
S? vwififlt;Virtual WiFi Filter Driver
S? vwifimp;Microsoft Virtual WiFi Miniport Service
S? XobniService;XobniService
.
=============== Created Last 30 ================
.
2011-10-16 23:51:24 -------- dc----w- C:\Users\MZA\AppData\Roaming\Oberon Games
2011-10-16 23:51:24 -------- dc----w- C:\ProgramData\Oberon Games
2011-10-16 23:50:41 -------- dc----w- C:\Program Files (x86)\Common Files\Oberon Media
2011-10-16 23:17:27 -------- dc----w- C:\Program Files (x86)\Break For Games
2011-10-15 13:51:31 231440 -c--a-w- C:\Windows\System32\drivers\AtihdW76.sys
2011-10-15 13:50:17 21288 -c--a-w- C:\Windows\System32\drivers\btwrchid.sys
2011-10-15 13:50:01 98344 -c--a-w- C:\Windows\System32\drivers\btwaudio.sys
2011-10-15 13:50:01 132648 -c--a-w- C:\Windows\System32\drivers\btwavdt.sys
2011-10-15 13:48:47 95472 -c--a-w- C:\Windows\System32\SET4357.tmp
2011-10-15 13:48:47 3555840 -c--a-w- C:\Windows\System32\bcmihvui64.dll
2011-10-15 13:48:47 3058168 -c--a-w- C:\Windows\System32\drivers\BCMWL664.SYS
2011-10-15 13:48:46 3891200 -c--a-w- C:\Windows\System32\SET3C15.tmp
2011-10-15 13:26:24 -------- dc----w- C:\ProgramData\Uniblue
2011-10-15 13:14:16 -------- dc-h--w- C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-10-15 13:07:27 -------- dc----w- C:\Program Files (x86)\Uniblue
2011-10-13 05:15:53 -------- dc----w- C:\Program Files (x86)\Mighty Uninstaller
2011-10-12 22:11:56 3138048 ----a-w- C:\Windows\System32\win32k.sys
2011-10-12 22:00:23 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-12 22:00:23 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-10-12 22:00:23 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-10-12 22:00:23 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-10-12 21:55:36 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-12 21:55:36 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-12 21:55:36 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-12 21:55:36 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-12 15:54:06 -------- dc----w- C:\Program Files (x86)\CPU Speed Pro
2011-10-12 15:50:21 -------- dc----w- C:\Users\MZA\AppData\Roaming\AVS4YOU
2011-10-12 15:50:21 -------- dc----w- C:\ProgramData\AVS4YOU
2011-10-12 15:49:11 974848 -c--a-w- C:\Windows\SysWow64\mfc70.dll
2011-10-12 15:49:11 487424 -c--a-w- C:\Windows\SysWow64\msvcp70.dll
2011-10-12 15:49:11 344064 -c--a-w- C:\Windows\SysWow64\msvcr70.dll
2011-10-12 15:49:11 24576 -c--a-w- C:\Windows\SysWow64\msxml3a.dll
2011-10-12 15:49:06 -------- dc----w- C:\Program Files (x86)\Common Files\AVSMedia
2011-10-12 15:49:06 -------- dc----w- C:\Program Files (x86)\AVS4YOU
2011-10-11 18:51:41 -------- dc----w- C:\Users\MZA\DoctorWeb
2011-10-11 16:41:09 -------- dc----w- C:\Program Files (x86)\trend micro
2011-10-09 18:09:32 -------- dc----w- C:\Users\MZA\AppData\Roaming\Tific
2011-10-09 06:37:11 39304 -c--a-w- C:\Windows\System32\drivers\KHCAP.sys
2011-10-08 04:04:04 -------- dc----w- C:\Program Files (x86)\Common Files\xing shared
2011-10-04 12:33:25 -------- dc----w- C:\Users\MZA\AppData\Roaming\Registry Mechanic
2011-10-01 16:51:49 -------- dc----w- C:\Program Files (x86)\Overwolf
2011-10-01 16:49:53 -------- dc----w- C:\Users\MZA\AppData\Local\Overwolf
2011-10-01 16:20:39 -------- dc----w- C:\Program Files (x86)\Runes of Magic
2011-10-01 11:34:50 -------- dc----w- C:\Users\MZA\AppData\Roaming\FOG Downloader
2011-10-01 10:29:57 -------- dc----w- C:\Users\MZA\AppData\Local\ElevatedDiagnostics
2011-10-01 10:15:25 -------- dc----w- C:\Program Files (x86)\OpenAL
2011-10-01 10:06:58 -------- dc----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-09-26 12:14:46 -------- dc-h--w- C:\Windows\PIF
2011-09-24 17:30:41 -------- dc----w- C:\Windows\SysWow64\Shared Memory
2011-09-23 12:35:06 -------- dc----w- C:\Users\MZA\AppData\Roaming\GlarySoft
2011-09-23 11:20:04 -------- dc----w- C:\Users\MZA\AppData\Roaming\Unity
2011-09-23 04:24:36 -------- dc----w- C:\Users\MZA\AppData\Local\Unity
2011-09-21 19:40:10 -------- dc----w- C:\Users\MZA\AppData\Roaming\Uniblue
2011-09-20 12:18:51 -------- dc----w- C:\Program Files (x86)\Rampant Logic Postscript Viewer
2011-09-19 14:04:31 -------- dc----w- C:\Users\MZA\AppData\Roaming\National Instruments
2011-09-19 13:52:28 -------- dc----w- C:\Users\MZA\AppData\Local\National Instruments
2011-09-19 13:44:47 -------- dc----w- C:\Program Files (x86)\HI-TECH Software
2011-09-19 13:41:37 557328 -c--a-w- C:\Program Files\Common Files\Microsoft Shared\dao\dao360.dll
2011-09-19 13:37:49 -------- dc----w- C:\Program Files\National Instruments
2011-09-19 13:35:53 -------- dc----w- C:\Program Files (x86)\National Instruments
2011-09-19 13:33:59 -------- dc----w- C:\ProgramData\National Instruments
2011-09-19 13:33:03 -------- dc----w- C:\National Instruments Downloads
.
==================== Find3M ====================
.
2011-10-13 21:21:51 414368 -c--a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-13 19:03:48 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-13 19:03:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-13 19:03:48 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-10-13 19:03:48 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-10-13 19:03:48 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-10-13 19:03:48 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-10-10 20:11:52 25160 -c--a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-10-01 10:15:25 466456 -c--a-w- C:\Windows\System32\wrap_oal.dll
2011-10-01 10:15:25 444952 -c--a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-10-01 10:15:25 122904 -c--a-w- C:\Windows\System32\OpenAL32.dll
2011-10-01 10:15:25 109080 -c--a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-08-31 09:00:50 25416 -c--a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-14 18:24:46 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-08-14 17:01:09 472808 -c--a-w- C:\Windows\SysWow64\deployJava1.dll
2011-07-28 22:23:16 9980416 -c--a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-07-28 22:09:06 23921664 -c--a-w- C:\Windows\System32\atio6axx.dll
2011-07-28 21:44:06 18388480 -c--a-w- C:\Windows\SysWow64\atioglxx.dll
2011-07-28 21:40:58 151552 -c--a-w- C:\Windows\System32\atiapfxx.exe
2011-07-28 21:40:44 726528 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-07-28 21:39:14 852992 ----a-w- C:\Windows\System32\aticfx64.dll
2011-07-28 21:36:26 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-07-28 21:36:12 485376 ----a-w- C:\Windows\System32\atieclxx.exe
2011-07-28 21:35:34 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-07-28 21:34:20 120320 -c--a-w- C:\Windows\System32\atitmm64.dll
2011-07-28 21:34:00 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-07-28 21:33:54 356352 -c--a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-07-28 21:33:42 278528 -c--a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-07-28 21:33:36 21504 -c--a-w- C:\Windows\System32\atimuixx.dll
2011-07-28 21:33:32 59392 -c--a-w- C:\Windows\System32\atiedu64.dll
2011-07-28 21:33:26 43520 -c--a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-07-28 21:30:26 4198912 -c--a-w- C:\Windows\SysWow64\atidxx32.dll
2011-07-28 21:20:36 4943360 ----a-w- C:\Windows\System32\atidxx64.dll
2011-07-28 21:12:14 1113088 -c--a-w- C:\Windows\System32\atiumd6v.dll
2011-07-28 21:11:42 1828864 -c--a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-07-28 21:11:30 3871744 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-07-28 21:11:16 51200 -c--a-w- C:\Windows\System32\aticalrt64.dll
2011-07-28 21:11:14 46080 -c--a-w- C:\Windows\SysWow64\aticalrt.dll
2011-07-28 21:11:04 44544 -c--a-w- C:\Windows\System32\aticalcl64.dll
2011-07-28 21:11:02 44032 -c--a-w- C:\Windows\SysWow64\aticalcl.dll
2011-07-28 21:10:50 9644544 -c--a-w- C:\Windows\System32\aticaldd64.dll
2011-07-28 21:09:10 4256768 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-07-28 21:07:24 8247296 -c--a-w- C:\Windows\SysWow64\aticaldd.dll
2011-07-28 21:03:58 4056064 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-07-28 21:02:28 5399040 ----a-w- C:\Windows\System32\atiumd64.dll
2011-07-28 21:01:50 58880 -c--a-w- C:\Windows\System32\coinst.dll
2011-07-28 20:54:52 378368 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-07-28 20:54:44 266240 -c--a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-07-28 20:54:34 15360 -c--a-w- C:\Windows\System32\atig6pxx.dll
2011-07-28 20:54:30 13312 -c--a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-07-28 20:54:30 13312 -c--a-w- C:\Windows\System32\atiglpxx.dll
2011-07-28 20:54:26 39936 -c--a-w- C:\Windows\System32\atig6txx.dll
2011-07-28 20:54:18 32768 -c--a-w- C:\Windows\SysWow64\atigktxx.dll
2011-07-28 20:54:10 309248 -c--a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-07-28 20:53:22 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-07-28 20:53:14 31744 -c--a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-07-28 20:53:08 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-07-28 20:53:00 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-07-28 20:52:26 53248 -c--a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-07-28 20:51:10 53760 -c--a-w- C:\Windows\System32\atimpc64.dll
2011-07-28 20:51:10 53760 -c--a-w- C:\Windows\System32\amdpcom64.dll
2011-07-28 20:51:04 52736 -c--a-w- C:\Windows\SysWow64\atimpc32.dll
2011-07-28 20:51:04 52736 -c--a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-07-28 09:49:14 60416 -c--a-w- C:\Windows\System32\OVDecode64.dll
2011-07-28 09:49:12 53760 -c--a-w- C:\Windows\SysWow64\OVDecode.dll
2011-07-28 09:48:48 16552960 -c--a-w- C:\Windows\System32\amdocl64.dll
2011-07-28 09:48:36 13555712 -c--a-w- C:\Windows\SysWow64\amdocl.dll
2011-07-22 20:51:50 94208 -c--a-w- C:\Windows\SysWow64\dpl100.dll
.
============= FINISH: 1:05:00.13 ===============

Attached Files



#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:40 PM

Posted 18 October 2011 - 01:02 PM

Hi again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:40 PM

Posted 23 October 2011 - 03:20 AM

Are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:40 PM

Posted 22 November 2011 - 06:55 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users