Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Comp EXTREMELY slow following torrent download


  • This topic is locked This topic is locked
12 replies to this topic

#1 Adiron

Adiron

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 26 November 2011 - 11:53 PM

Thanks in advance for you help!

A couple days ago my machine started running EXTREMELY slow all of a sudden (can take 45 mins+ to boot up). When I tried to reboot it took a LONG time to load and once loaded it is so slow it is barely operable. I had recently downloaded some torrent files (.epub files but maybe some malware was hidden in them?) from what seemed to be credible sources.

One of the times I rebooted it brought up system repair which failed to repair anything but did try to do a system restore. This didn't improve anything.

At one point I recieved an error message saying that I may be a victim of software counterfeiting (screenshot attached). I was able to validate windows using Microsofts validiation tool but when I rebooted again i get text at the bottom right corner of my desktop saying "Windows 7 Build 7601 This Copy of Windows is not genuine". I bought my Gateway with Windows preloaded, wtf!

[attachment=112341:photo1.JPG]


Also, on a reboot I received a message that "one of your disks needs to be check for consistency" it then proceeded to scan/move/ delete several items (screenshot also attached). Nothing was improved once it started.

[attachment=112342:photo.JPG]

Also, the windows problem center says that there is a "video hardware error" I tried to uninstall the driver and reboot whcih didnt help and then removed my videocard and used the onboard graphics which also did nothing.

I have some extremely important pictures and files on the machine that I am desperate to recover. I only have a portion of them backed up as I am waiting on a new power adapter for my external HD. I will be backing up the remainder when I recieve it assuming my computer will let me.

DDS Logs below: FYI - GMER has been running all day without finishing the scan. I will post log if it ever finishes.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Matt at 9:50:08 on 2011-11-26
.
============== Running Processes ===============
.
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Tenda\W311U\UI.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Matt\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360510p116p0495v175k4511r25q
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360510p116p0495v175k4511r25q
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360510p116p0495v175k4511r25q
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [CommonCents 3.0 Update Setup] C:\Users\Matt\AppData\Local\{1B0C98AB-41F6-4ECC-910B-878C92694BE1}\CommonCents_3_0_Setup.exe /updatesetup
uRun: [CommonCents 3.0 Update Setup for All Users] C:\ProgramData\{1B0C98AB-41F6-4ECC-910B-878C92694BE1}\CommonCents_3_0_Setup.exe /updatesetup
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {0DE70C1A-5136-45F6-95DA-B81CCF0DA5B3} - hxxps://gosystemrs.fasttax.com/OCX/RIARSDocumentum.cab
DPF: {13F71666-05F2-11D2-B2F6-00A0C9A08B64} - hxxps://gosystemrs.fasttax.com/OCX/comconv.cab
DPF: {227F25BE-BCDC-11D0-BA80-0000F6181652} - hxxps://gosystemrs.fasttax.com/OCX/RSLoginModule.cab
DPF: {455182EE-8F93-11D2-BA3C-00C04F7F6533} - hxxps://gosystemrs.fasttax.com/OCX/RSTabbedList.cab
DPF: {7B640A40-EEC1-11D2-B526-00C04F8DEE99} - hxxps://gosystemrs.fasttax.com/OCX/WebAttachments.cab
DPF: {82BFFC8C-B4BD-11D4-9908-000102053AFB} - hxxps://gosystemrs.fasttax.com/OCX/webnotifier.cab
DPF: {86B092BC-7ABA-11D4-98E7-000102053AFB} - hxxps://gosystemrs.fasttax.com/OCX/Downloader.cab
DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - hxxps://gosystemrs.fasttax.com/OCX/msxml4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {973EA5BE-9ED6-11D3-AB1D-00C04F7468E4} - hxxps://gosystemrs.fasttax.com/OCX/DCParse.cab
DPF: {97A90946-2984-11D3-AAE7-00C04F7468E4} - hxxps://gosystemrs.fasttax.com/OCX/frmsrc.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D76D712E-4A96-11D3-BD95-D296DC2DD072} - hxxps://gosystemrs.fasttax.com/OCX/vsflex7.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{503842FB-D3E1-4885-9848-02ECF1747BDE} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8D2A5BD9-8E8A-4F5C-B734-F5C5D0A2D9F3} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8D2A5BD9-8E8A-4F5C-B734-F5C5D0A2D9F3}\177756374723635363 : DhcpNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO-X64: StartNow Toolbar Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\pzfc08ux.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20111004&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Matt\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
============= SERVICES / DRIVERS ===============
.
R? amdkmdag;amdkmdag
R? amdkmdap;amdkmdap
R? AntiVirSchedulerService;Avira AntiVir Scheduler
R? AntiVirService;Avira AntiVir Guard
R? BBSvc;Bing Bar Update Service
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? FlyUsb;FLY Fusion
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety Service
R? Greg_Service;GRegService
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? LMIRfsClientNP;LMIRfsClientNP
R? NVHDA;Service for NVIDIA High Definition Audio Driver
R? SBSDWSCService;SBSD Security Center Service
R? Stereo Service;NVIDIA Stereoscopic 3D Driver Service
R? TsUsbFlt;TsUsbFlt
R? UNS;Intel® Management & Security Application User Notification Service
R? Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar
R? USBAAPL64;Apple Mobile USB Driver
R? WatAdminSvc;Windows Activation Technologies Service
R? WDC_SAM;WD SCSI Pass Thru driver
R? WDDMService;WD SmartWare Drive Manager Service
R? WDSmartWareBackgroundService;WD SmartWare Background Service
R? wlcrasvc;Windows Live Mesh remote connections service
S? AMD External Events Utility;AMD External Events Utility
S? avgntflt;avgntflt
S? e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K
S? HECIx64;Intel® Management Engine Interface
S? IntcDAud;Intel® Display Audio
S? LMIGuardianSvc;LMIGuardianSvc
S? LMIInfo;LogMeIn Kernel Information Provider
S? LMIRfsDriver;LogMeIn Remote File System Driver
S? netr28ux;RT2870 USB Extensible Wireless LAN Card Driver
S? PxHlpa64;PxHlpa64
S? Updater Service;Updater Service
S? vwififlt;Virtual WiFi Filter Driver
S? vwifimp;Microsoft Virtual WiFi Miniport Service
.
=============== Created Last 30 ================
.
2011-11-26 01:22:50 -------- d-sh--w- C:\found.000
2011-11-24 17:26:02 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-11-19 20:35:32 -------- d-----w- C:\Program Files\iTunes
2011-11-19 20:35:32 -------- d-----w- C:\Program Files\iPod
2011-11-09 15:27:08 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 15:27:08 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 15:27:08 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 15:27:07 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-08 04:45:17 -------- d-----w- C:\Users\Matt\AppData\Roaming\Windows Live Writer
2011-11-08 04:45:17 -------- d-----w- C:\Users\Matt\AppData\Local\Windows Live Writer
2011-11-02 04:27:52 -------- d-----w- C:\Users\Matt\AppData\Local\Spotify
2011-11-02 04:27:50 -------- d-----w- C:\Users\Matt\AppData\Roaming\Spotify
.
==================== Find3M ====================
.
2011-10-24 21:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 21:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-09 04:21:12 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-31 23:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-31 05:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-08-31 05:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-08-31 05:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-31 05:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
.
============= FINISH: 10:16:34.48 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.6
Apple Application Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Best Buy Software Installer
Bing Bar
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
ccc-core-static
CCC Help English
CommonCents 3.0
Compatibility Pack for the 2007 Office system
Curse Client
D3DX10
Download Updater (AOL LLC)
DVD Decrypter (Remove Only)
DVD Flick 1.3.0.7
DVDFab 7.0.7.0 (08/06/2010)
DVDFab 8.0.7.3 (29/01/2011)
DVDFab 8.1.0.0 (16/06/2011) Qt
EVGA Precision 1.8.1
Gateway InfoCentre
Gateway Photo Frame 4.2.3.10
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Updater
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Identity Card
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 26
JMicron JMB36X Driver
Junk Mail filter update
LeapFrog Connect
LeapFrog Tag Junior Plugin
LogMeIn
Malwarebytes' Anti-Malware version 1.51.2.1300
Mesh Runtime
Messenger Companion
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft WSE 3.0 Runtime
Mozilla Firefox 8.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenOffice.org 3.3
PhotoScape
QuickTime
Realtek High Definition Audio Driver
Roxio Burn
Roxio Update Manager
RS 2008 Client
RS 2009 Client
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
SoulSeek 157 NS 13e
Spotify
Spybot - Search & Destroy
StarCraft II
StartNow Toolbar
The Lord of the Rings FREE Trial
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)
W311U
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
World of Warcraft
World of Warcraft Public Test
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
11/26/2011 7:05:52 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2607576).
11/26/2011 6:13:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrustedInstaller service.
11/26/2011 5:11:18 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
11/26/2011 5:09:14 AM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
11/26/2011 5:06:13 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
11/26/2011 5:06:13 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/26/2011 5:05:40 AM, Error: Service Control Manager [7022] - The Windows Defender service hung on starting.
11/26/2011 5:03:04 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Management & Security Application User Notification Service service to connect.
11/26/2011 5:03:04 AM, Error: Service Control Manager [7000] - The Intel® Management & Security Application User Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/26/2011 5:01:57 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
11/26/2011 5:01:57 AM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/26/2011 4:58:14 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
11/26/2011 4:57:33 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
11/26/2011 4:54:15 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
11/26/2011 4:54:15 AM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

Adjusted font coding for readability. Screen shot attachments for some reason are missing. It is not a BB code error. ~ OB

Edited by Orange Blossom, 27 November 2011 - 02:52 PM.


BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:03 AM

Posted 01 December 2011 - 06:03 PM

hi,

You post is a few days old. If you still need help simply reply back.

How Can I Reduce My Risk to Malware?


#3 Adiron

Adiron
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 02 December 2011 - 10:12 PM

Yes, I still need help. I have been waiting all week for a reply.

#4 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:03 AM

Posted 03 December 2011 - 08:49 AM

Does a updated Malwarebytes and Avira come up clean after a scan?

Please download http://public.avast.com/~gmerek/aswMBR.exe'>aswmbr to your desktop.

Double click the aswMBR.exe to run it


Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

How Can I Reduce My Risk to Malware?


#5 Adiron

Adiron
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 03 December 2011 - 10:41 AM

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-03 08:38:19
-----------------------------
08:38:19.586 OS Version: Windows x64 6.1.7601 Service Pack 1
08:38:19.586 Number of processors: 4 586 0x2502
08:38:19.586 ComputerName: MATT-PC UserName: Matt
08:38:55.279 Initialize success
08:39:20.961 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:39:20.961 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3
08:39:20.977 Disk 0 MBR read successfully
08:39:20.977 Disk 0 MBR scan
08:39:20.977 Disk 0 Windows 7 default MBR code
08:39:20.993 Service scanning
08:39:35.563 Modules scanning
08:39:35.563 Disk 0 trace - called modules:
08:39:36.796 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
08:39:36.811 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065d6060]
08:39:36.811 3 CLASSPNP.SYS[fffff88001b5743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80062d6050]
08:39:36.811 Scan finished successfully
08:40:37.885 Disk 0 MBR has been saved successfully to "J:\MBR.dat"
08:40:37.901 The log file has been saved successfully to "J:\aswMBR.txt"

#6 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:03 AM

Posted 03 December 2011 - 05:55 PM

Not much there as far as malware goes.

extremely important pictures and files on the machine that I am desperate to recover

Another option is to use usb flash drives, cd/dvd media or free 'cloud' sites.

As a experiment, why dont you try booting into safe mode and see if things function better. to reach safe mode you would tap the f8 key during a computer restart, chose the first option from the list: safe mode. Use your usual account.

How Can I Reduce My Risk to Malware?


#7 Adiron

Adiron
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 03 December 2011 - 06:25 PM

I thought the same thing and tried that previously but it didn't help.

#8 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:03 AM

Posted 04 December 2011 - 09:48 AM

So nothing seemed better in safe mode then? Your plan is to reformat/reinstall after getting your stuff off the machine and getting your power adapter?

http://www.adrive.com/
http://www.4shared.com/
http://snapdrive.net/
http://www.orbitfiles.com/
http://explore.live.com/skydrive

How Can I Reduce My Risk to Malware?


#9 Adiron

Adiron
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 04 December 2011 - 02:42 PM

SO are you saying that nothing can be done except reimaging?

#10 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:03 AM

Posted 04 December 2011 - 05:59 PM

Iam looking for a malware issue and so far dont see any. you can run this utility;



Please download TDSS Killer.exe and save it to your desktop

Double click to launch the utility. After it initializes click the start scan button.



Once the scan completes you can click the continue button.



"The utility will automatically select an action (Cure or Delete) for known malcious objects. A suspicious object will be skipped by default."



"After clicking Next, the utility applies selected actions and outputs the result."



"A reboot might require after disinfection."



A report will be found in your Root drive Local Disk © as TDSSKiller.2.4.2.1_09.08.2010_17.32.21_log.txt (name, version, date, time)

Please post the log report

How Can I Reduce My Risk to Malware?


#11 Adiron

Adiron
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 07 December 2011 - 11:14 AM

Last night, I reformatted and attempted to reinstall windows using the factory setting image. The reinstall was still running this morning (12 hours later). It finished installing but setting up windows with computer name, etc was still just as slow. Does this indicate that there is a hardware issue? Maybe memory needs to be replaced? Does this thread need to be moved to a different non-malware forum where someone can continue to help me? Thanks!



#12 Adiron

Adiron
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 08 December 2011 - 06:11 PM

Can you please close this topic so I can open one in the internal hardware forum?!?

#13 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:03 AM

Posted 10 December 2011 - 08:39 PM

No reinstall should go for 12 hrs. A reformat should also remove any malware that may be present. Hardware issue is a possibility. You might want to visit the computer vendors web site also. Most have good information as far as troubleshooting goes. I will close the topic if i can. Good luck

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users