Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow computer, excessive cpu usage


  • Please log in to reply
3 replies to this topic

#1 ddewit

ddewit

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 11 February 2012 - 01:05 PM

Hi,

I have a computer that is running very slow. I get error messages indicating excessive cpu usage. It's an Acer Aspire 5100 running Vista Home Premium Service Pack 2.

Thanks

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:29 AM

Posted 11 February 2012 - 04:49 PM

Hello and welcome.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1 <<<== Use this one first.

Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware




Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 ddewit

ddewit
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 11 February 2012 - 05:53 PM

MiniToolBox by Farbar Version: 18-01-2012
Ran by Daniel Dewitt (administrator) on 11-02-2012 at 16:09:15
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 15023 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Broadcom 802.11g Network Adapter = Wireless Network Connection (Connected)
Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : DanielDewitt-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC
Physical Address. . . . . . . . . : 00-16-D4-C6-C8-8F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 802.11g Network Adapter
Physical Address. . . . . . . . . : 00-19-7D-74-3E-58
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::157a:4df4:246b:8084%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.103(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, February 11, 2012 10:25:30 AM
Lease Expires . . . . . . . . . . : Saturday, February 18, 2012 10:24:15 AM
Default Gateway . . . . . . . . . : fe80::1eaf:f7ff:fed3:f1af%12
192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{0D05A15C-DE18-4554-96AE-BB934D3DBB5B}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{8C3F8318-6ACA-4D8B-8524-53FCEDC9BD04}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 74.125.225.16
74.125.225.19
74.125.225.18
74.125.225.17
74.125.225.20



Pinging google.com [74.125.225.20] with 32 bytes of data:

Reply from 74.125.225.20: bytes=32 time=14ms TTL=55

Reply from 74.125.225.20: bytes=32 time=12ms TTL=55



Ping statistics for 74.125.225.20:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 12ms, Maximum = 14ms, Average = 13ms

Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 72.30.2.43
98.137.149.56
98.139.183.24
209.191.122.70



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=45ms TTL=50

Reply from 209.191.122.70: bytes=32 time=42ms TTL=50



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 42ms, Maximum = 45ms, Average = 43ms

Server: UnKnown
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
13 ...00 16 d4 c6 c8 8f ...... Realtek RTL8139/810x Family Fast Ethernet NIC
12 ...00 19 7d 74 3e 58 ...... Broadcom 802.11g Network Adapter
1 ........................... Software Loopback Interface 1
14 ...00 00 00 00 00 00 00 e0 isatap.{0D05A15C-DE18-4554-96AE-BB934D3DBB5B}
11 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
8 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
15 ...00 00 00 00 00 00 00 e0 isatap.{8C3F8318-6ACA-4D8B-8524-53FCEDC9BD04}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.103 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.103 281
192.168.0.103 255.255.255.255 On-link 192.168.0.103 281
192.168.0.255 255.255.255.255 On-link 192.168.0.103 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.103 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.103 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 281 ::/0 fe80::1eaf:f7ff:fed3:f1af
1 306 ::1/128 On-link
12 281 fe80::/64 On-link
12 281 fe80::157a:4df4:246b:8084/128
On-link
1 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\wshbth.dll [34304] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 07 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/11/2012 00:32:30 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (02/09/2012 11:10:19 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16421 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: f90
Start Time: 01cce74c964607d8
Termination Time: 116

Error: (02/08/2012 03:38:56 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14023781

Error: (02/08/2012 03:38:56 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14023781

Error: (02/08/2012 03:38:56 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/08/2012 00:23:59 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6130782

Error: (02/08/2012 00:23:59 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6130782

Error: (02/08/2012 00:23:59 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/07/2012 06:18:34 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8339593

Error: (02/07/2012 06:18:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8339593


System errors:
=============
Error: (02/11/2012 10:42:50 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer CPQ86523203528
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0D05A15C-DE18-4554-96AE-BB9.
The master browser is stopping or an election is being forced.

Error: (02/11/2012 10:25:29 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue192.168.2.5:6331

Error: (02/11/2012 10:25:29 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue192.168.15.100:6331

Error: (02/11/2012 10:25:29 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue192.168.1.7:6331

Error: (02/11/2012 10:25:29 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue192.168.1.6:6331

Error: (02/11/2012 10:25:29 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue192.168.1.5:63331

Error: (02/11/2012 10:25:29 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue192.168.1.5:6331

Error: (02/11/2012 10:25:29 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue192.168.1.4:63331

Error: (02/11/2012 10:25:29 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue192.168.1.4:6331

Error: (02/11/2012 10:25:29 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue192.168.1.3:63331


Microsoft Office Sessions:
=========================
Error: (02/11/2012 00:32:30 AM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (02/09/2012 11:10:19 AM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.16421f9001cce74c964607d8116

Error: (02/08/2012 03:38:56 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14023781

Error: (02/08/2012 03:38:56 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14023781

Error: (02/08/2012 03:38:56 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/08/2012 00:23:59 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6130782

Error: (02/08/2012 00:23:59 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6130782

Error: (02/08/2012 00:23:59 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/07/2012 06:18:34 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8339593

Error: (02/07/2012 06:18:31 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8339593


=========================== Installed Programs ============================

Acer Arcade Deluxe (Version: 1.0.3523)
Acer Assist
Acer eDataSecurity Management (Version: 2.5.3023)
Acer eLock Management (Version: 2.5.3006)
Acer Empowering Technology (Version: 2.5.3002)
Acer eNet Management (Version: 2.6.3001)
Acer ePower Management (Version: 2.5.3005)
Acer ePresentation Management (Version: 2.5.3002)
Acer eSettings Management (Version: 2.5.3000)
Acer GridVista (Version: 2.60.1211)
Acer Mobility Center Plug-In (Version: 1.0.3003)
Acer Registration
Acer ScreenSaver (Version: 1.00.0000)
Acer Tour (Version: 1.1.3001)
Acrobat.com (Version: 1.7.186)
Adobe AIR (Version: 1.5.1.8210)
Adobe Flash Player 10 Plugin (Version: 10.3.183.7)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Reader 9.4.7 (Version: 9.4.7)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Control Center Ex (Version: 2.0.2519.38216)
ATI Catalyst Install Manager (Version: 3.0.641.0)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.15)
Coupon Printer for Windows (Version: 5.0.0.1)
Google Chrome (Version: 17.0.963.46)
HDAUDIO Soft Data Fax Modem with SmartCP
HiJackThis (Version: 1.0.0)
iTunes (Version: 10.5.3.3)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 2 (Version: 1.6.0.20)
Java™ 6 Update 24 (Version: 6.0.240)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ 6 Update 5 (Version: 1.6.0.50)
Java™ 6 Update 7 (Version: 1.6.0.70)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
Launch Manager
LightScribe 1.4.124.1 (Version: 1.4.124.1)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 11.0.6558.0)
Microsoft IntelliPoint 6.1 (Version: 6.10.156.0)
Microsoft Office 2000 Small Business (Version: 9.00.2720)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Mozilla Firefox 10.0 (x86 en-US) (Version: 10.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Norton Security Suite (Version: 5.2.0.13)
NTI Backup NOW! 4.7 (Version: 4)
NTI CD & DVD-Maker (Version: 7)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PowerProducer
QuickTime (Version: 7.71.80.42)
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.5334)
Safari (Version: 5.34.52.7)
Samsung Master (Version: 1.0.43)
Samsung USB Driver (Version: 1.0)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Spybot - Search & Destroy (Version: 1.6.2)
SUPERAntiSpyware (Version: 5.0.1142)
Synaptics Pointing Device Driver (Version: 9.0.3.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)

========================= Memory info: ===================================

Percentage of memory in use: 47%
Total physical RAM: 2301.45 MB
Available physical RAM: 1209.78 MB
Total Pagefile: 4833.46 MB
Available Pagefile: 3611.33 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.82 MB

========================= Partitions: =====================================

1 Drive c: (ACER) (Fixed) (Total:52.14 GB) (Free:23.59 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:51.84 GB) (Free:16.58 GB) NTFS

========================= Users: ========================================

User accounts for \\DANIELDEWITT-PC

Administrator Daniel Dewitt Guest


**** End of log ****

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.11.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Daniel Dewitt :: DANIELDEWITT-PC [administrator]

2/11/2012 4:22:51 PM
mbam-log-2012-02-11 (16-22-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 169994
Time elapsed: 10 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-11 16:33:42
-----------------------------
16:33:42.506 OS Version: Windows 6.0.6002 Service Pack 2
16:33:42.506 Number of processors: 1 586 0x4C02
16:33:42.506 ComputerName: DANIELDEWITT-PC UserName: Daniel Dewitt
16:33:45.403 Initialize success
16:37:21.138 AVAST engine defs: 12021101
16:37:49.819 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:37:49.819 Disk 0 Vendor: Hitachi_HTS541612J9SA00 SBDOC70P Size: 114473MB BusType: 3
16:37:49.851 Disk 0 MBR read successfully
16:37:49.851 Disk 0 MBR scan
16:37:49.866 Disk 0 unknown MBR code
16:37:49.866 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 7993 MB offset 63
16:37:49.898 Disk 0 Partition 2 80 (A) 06 FAT16 NTFS 53395 MB offset 16370235
16:37:49.913 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 53081 MB offset 125724690
16:37:49.929 Disk 0 scanning sectors +234436545
16:37:50.007 Disk 0 scanning C:\Windows\system32\drivers
16:38:06.099 Service scanning
16:38:07.662 Modules scanning
16:38:19.375 Disk 0 trace - called modules:
16:38:19.406 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
16:38:19.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x858beac8]
16:38:19.422 3 CLASSPNP.SYS[889b58b3] -> nt!IofCallDriver -> [0x84615958]
16:38:19.438 5 acpi.sys[8280d6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84631528]
16:38:19.844 AVAST engine scan C:\Windows
16:38:25.717 AVAST engine scan C:\Windows\system32
16:46:15.394 AVAST engine scan C:\Windows\system32\drivers
16:46:47.737 AVAST engine scan C:\Users\Daniel Dewitt
16:50:51.275 Disk 0 MBR has been saved successfully to "C:\Users\Daniel Dewitt\Desktop\MBR.dat"
16:50:51.400 The log file has been saved successfully to "C:\Users\Daniel Dewitt\Desktop\aswMBR.txt"

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:29 AM

Posted 11 February 2012 - 06:58 PM

Hello,looks like rhe new variant of the TDL4 rootkit in the aswMBR log.

We need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
Skip the GMER,instead post the aswMBR log above.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users