Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer going ok then hits an extreme wall of slowness


  • This topic is locked This topic is locked
19 replies to this topic

#1 BeegJeem1

BeegJeem1

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 18 February 2012 - 09:52 AM

Sometimes it just starts off really slow. I restart it or shut it down and the same thing happens. Once in a while I will run an old tfc cleaner or it will just be sort of random but it will seem to be working fine and then when im on the internet for a while and usually during like a video, it will just hit that extreme slowness. Skyping is out of the question. Pretty vague I know.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by James M. Ruther at 17:51:51 on 2012-02-17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.959 [GMT -6:00]
.
AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxeecoms.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Lexmark Pro700 Series\lxeemon.exe
C:\Program Files\Lexmark Pro700 Series\ezprint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Roxio\Drag-to-Disc\Drgtodsc.exe
C:\Program Files\FileHippo.com\UpdateChecker.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com?o=15007&l=dis
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.xfinity.com/?cid=xfactiv_eg_self_main
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080522
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [RoxioDragToDisc] c:\program files\roxio\drag-to-disc\Drgtodsc.exe
uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [lxeemon.exe] "c:\program files\lexmark pro700 series\lxeemon.exe"
mRun: [EzPrint] "c:\program files\lexmark pro700 series\ezprint.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\jamesm~1.rut\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5E6A856B-5D53-444C-A69A-129F78B01ECA} : DhcpNameServer = 192.168.1.1
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 wvauth
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\james m. ruther\application data\mozilla\firefox\profiles\ere6fr2i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=15007&l=dis
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\james m. ruther\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\james m. ruther\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\james m. ruther\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScope42.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScopeDRM11.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2009-1-27 31848]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-5-27 73512]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-5-27 34408]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-5-27 177864]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2012-1-15 30576]
.
=============== Created Last 30 ================
.
2012-02-16 07:00:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-16 07:00:47 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-02-14 04:57:04 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-14 03:12:49 98816 ----a-w- c:\windows\sed.exe
2012-02-14 03:12:49 518144 ----a-w- c:\windows\SWREG.exe
2012-02-14 03:12:49 256000 ----a-w- c:\windows\PEV.exe
2012-02-14 03:12:49 208896 ----a-w- c:\windows\MBR.exe
2012-02-11 00:29:09 -------- d-----w- c:\program files\iPod
2012-02-11 00:28:47 -------- d-----w- c:\program files\iTunes
2012-01-28 15:51:40 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-28 15:51:40 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-28 15:51:40 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-28 15:51:40 45016 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-28 15:41:45 -------- d-----w- c:\program files\FileHippo.com
2012-01-28 14:54:14 -------- d-----w- c:\program files\SpeedFan
.
==================== Find3M ====================
.
2012-02-10 23:13:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
.
============= FINISH: 18:03:07.31 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:47 AM

Posted 23 February 2012 - 08:50 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 BeegJeem1

BeegJeem1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 24 February 2012 - 12:40 PM

I am here

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:47 AM

Posted 25 February 2012 - 12:56 AM

Please run aswMBR, to further check for rootkit activity

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 BeegJeem1

BeegJeem1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 25 February 2012 - 08:12 AM

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-25 07:07:06
-----------------------------
07:07:06.468 OS Version: Windows 5.1.2600 Service Pack 3
07:07:06.468 Number of processors: 2 586 0xF0D
07:07:06.468 ComputerName: JIM_PC UserName:
07:07:07.109 Initialize success
07:07:46.484 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
07:07:46.484 Disk 0 Vendor: FUJITSU_MHW2120BJ_FFS_G2 0085001C Size: 114473MB BusType: 3
07:07:46.531 Disk 0 MBR read successfully
07:07:46.531 Disk 0 MBR scan
07:07:46.531 Disk 0 Windows XP default MBR code
07:07:46.531 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 94 MB offset 63
07:07:46.546 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 114368 MB offset 192780
07:07:46.578 Disk 0 scanning sectors +234420480
07:07:46.656 Disk 0 scanning C:\WINDOWS\system32\drivers
07:08:03.171 Service scanning
07:08:18.328 Modules scanning
07:08:24.281 Disk 0 trace - called modules:
07:08:24.312 ntkrnlpa.exe CLASSPNP.SYS disk.sys ATAPI.SYS hal.dll pciide.sys
07:08:24.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a70bab8]
07:08:24.328 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a5e9440]
07:08:24.328 Scan finished successfully
07:09:06.906 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\James M. Ruther\Desktop\MBR.dat"
07:09:06.921 The log file has been saved successfully to "C:\Documents and Settings\James M. Ruther\Desktop\aswMBR.txt"
07:09:18.750 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\James M. Ruther\Desktop\MBR.dat"
07:09:18.765 The log file has been saved successfully to "C:\Documents and Settings\James M. Ruther\Desktop\aswMBR.txt"
07:10:16.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\James M. Ruther\Desktop\MBR.dat"
07:10:16.125 The log file has been saved successfully to "C:\Documents and Settings\James M. Ruther\Desktop\aswMBR.txt"

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:47 AM

Posted 25 February 2012 - 02:14 PM

Can you run MBAM next

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
Posted Image
m0le is a proud member of UNITE

#7 BeegJeem1

BeegJeem1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 26 February 2012 - 08:02 AM

mbam came back with nothing.
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.25.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
James M. Ruther :: JIM_PC [administrator]

2/25/2012 9:43:03 PM
mbam-log-2012-02-25 (21-43-03).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 267132
Time elapsed: 5 hour(s), 14 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:47 AM

Posted 26 February 2012 - 06:30 PM

Hmmm, looks clean but there's always the possibility that your security suite removed much of it and we may find remnants with an online scanner

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.

If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it.
Posted Image
m0le is a proud member of UNITE

#9 BeegJeem1

BeegJeem1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 27 February 2012 - 08:07 AM

Ok so the other day when i performed my mbam scan it was taking forever so i closed my laptop and when i opened it, it wasnt turning back on so i just held in the on off button and when I restarted it said the computer experienced a serious error. Also I find that if I turn it off and let it sit it for an hour it works much better. Maybe it gets overheated or something. It found one thing in the log. It is working fine as we speak.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f95a82559e803b409b3bc2728ed78ac5
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-02-27 01:03:29
# local_time=2012-02-26 07:03:29 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=8432
# found=0
# cleaned=0
# scan_time=3237
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f95a82559e803b409b3bc2728ed78ac5
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-02-27 08:31:25
# local_time=2012-02-27 02:31:25 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=73435
# found=1
# cleaned=1
# scan_time=13240
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP378\A0109569.exe a variant of Win32/Adware.RealRegistryCleaner application (deleted - quarantined) 00000000000000000000000000000000 C

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:47 AM

Posted 27 February 2012 - 06:02 PM

There's only one remnant of anything remotely malicious. I think the slowness looks like something that is to do with the operating system itself. What kind of diagnosis have you done to eliminate hardware/software issues?
Posted Image
m0le is a proud member of UNITE

#11 BeegJeem1

BeegJeem1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 27 February 2012 - 06:33 PM

I do not really even know what that means, so I am going to guess I have done very little to nothing.

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:47 AM

Posted 27 February 2012 - 06:43 PM

Please download MiniToolBox, save it to your desktop and run it.

Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size.
  • List Minidump Files.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Posted Image
m0le is a proud member of UNITE

#13 BeegJeem1

BeegJeem1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 27 February 2012 - 07:01 PM

Hope Im not giving away info that could harm me.


MiniToolBox by Farbar Version: 18-01-2012
Ran by James M. Ruther (administrator) on 27-02-2012 at 17:55:45
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================



# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : JIM_PC

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Peer-Peer

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® Wireless WiFi Link 4965AGN

Physical Address. . . . . . . . . : 00-1F-3B-88-35-17

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.7

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Monday, February 27, 2012 4:03:06 PM

Lease Expires . . . . . . . . . . : Tuesday, February 28, 2012 4:03:06 PM

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.225.98, 74.125.225.110, 74.125.225.99, 74.125.225.101
74.125.225.103, 74.125.225.100, 74.125.225.104, 74.125.225.105, 74.125.225.97
74.125.225.96, 74.125.225.102



Pinging google.com [74.125.225.33] with 32 bytes of data:



Reply from 74.125.225.33: bytes=32 time=666ms TTL=54

Reply from 74.125.225.33: bytes=32 time=566ms TTL=54



Ping statistics for 74.125.225.33:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 566ms, Maximum = 666ms, Average = 616ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24, 209.191.122.70, 98.139.127.62



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=608ms TTL=50

Reply from 209.191.122.70: bytes=32 time=528ms TTL=50



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 528ms, Maximum = 608ms, Average = 568ms

Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1f 3b 88 35 17 ...... Intel® Wireless WiFi Link 4965AGN - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.7 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.7 192.168.1.7 20
192.168.1.0 255.255.255.0 192.168.1.7 192.168.1.7 25
192.168.1.7 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.7 192.168.1.7 25
224.0.0.0 240.0.0.0 192.168.1.7 192.168.1.7 25
255.255.255.255 255.255.255.255 192.168.1.7 192.168.1.7 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/27/2012 02:39:54 AM) (Source: Application Error) (User: )
Description: Faulting application lxeecoms.exe, version 9.2.33.0, faulting module LXEEhcp.dll, version 9.2.33.0, fault address 0x00002d65.
Processing media-specific event for [lxeecoms.exe!ws!]

Error: (02/26/2012 07:21:49 PM) (Source: Broadcom ASF IP and SMBIOS Mailbox Monitor) (User: )
Description: !ERROR 53 Refreshing BMAPI data

Error: (02/26/2012 01:34:37 PM) (Source: Broadcom ASF IP and SMBIOS Mailbox Monitor) (User: )
Description: !ERROR 53 Refreshing BMAPI data

Error: (02/26/2012 11:04:29 AM) (Source: Application Error) (User: )
Description: Faulting application lxeecoms.exe, version 9.2.33.0, faulting module LXEEhcp.dll, version 9.2.33.0, fault address 0x00002d65.
Processing media-specific event for [lxeecoms.exe!ws!]

Error: (02/26/2012 00:32:41 AM) (Source: McLogEvent) (User: )
Description: The McShield service terminated unexpectedly.

Please review event 5019 or 5051 for details.
The McShield service will be restarted in 15 seconds;

Error: (02/26/2012 00:32:41 AM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
Description: A thread in process C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe took longer than 60000 ms to complete a request.

The process will be terminated.
Thread id : 3408 (0xd50)

Thread address : 0x12048876

Thread message :

Build VSCORE.13.3.2.137 / 5400.1158
Object being scanned = \Device\HarddiskVolume2\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP370\A0105478.exe
by C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (02/25/2012 11:03:54 PM) (Source: McLogEvent) (User: )
Description: The McShield service terminated unexpectedly.

Please review event 5019 or 5051 for details.
The McShield service will be restarted in 10 seconds;

Error: (02/25/2012 11:03:54 PM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
Description: A thread in process C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe took longer than 60000 ms to complete a request.

The process will be terminated.
Thread id : 5792 (0x16a0)

Thread address : 0x12043E30

Thread message :

Build VSCORE.13.3.2.137 / 5400.1158
Object being scanned = \Device\HarddiskVolume2\Program Files\Google\GoogleToolbarNotifier\swg-5.3.4501.1418\SearchWithGoogleUpdate.exe
by C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (02/25/2012 09:51:28 PM) (Source: McLogEvent) (User: )
Description: The McShield service terminated unexpectedly.

Please review event 5019 or 5051 for details.
The McShield service will be restarted in 5 seconds;

Error: (02/25/2012 09:51:28 PM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
Description: A thread in process C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe took longer than 60000 ms to complete a request.

The process will be terminated.
Thread id : 3108 (0xc24)

Thread address : 0x12041BC3

Thread message :

Build VSCORE.13.3.2.137 / 5400.1158
Object being scanned = \Device\HarddiskVolume2\Documents and Settings\James M. Ruther\Desktop\SkypeSetup.exe
by C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)


System errors:
=============
Error: (02/27/2012 04:01:00 PM) (Source: 0) (User: )
Description: Broadcom NetXtreme 57xx Gigabit Controller

Error: (02/27/2012 02:44:56 AM) (Source: Service Control Manager) (User: )
Description: The lxee_device service terminated unexpectedly. It has done this 1 time(s).

Error: (02/26/2012 07:20:53 PM) (Source: 0) (User: )
Description: Broadcom NetXtreme 57xx Gigabit Controller

Error: (02/26/2012 01:33:04 PM) (Source: 0) (User: )
Description: Broadcom NetXtreme 57xx Gigabit Controller

Error: (02/26/2012 11:09:34 AM) (Source: Service Control Manager) (User: )
Description: The lxee_device service terminated unexpectedly. It has done this 1 time(s).

Error: (02/26/2012 00:32:41 AM) (Source: Service Control Manager) (User: )
Description: The McAfee McShield service terminated unexpectedly. It has done this 3 time(s).

Error: (02/25/2012 11:03:55 PM) (Source: Service Control Manager) (User: )
Description: The McAfee McShield service terminated unexpectedly. It has done this 2 time(s).

Error: (02/25/2012 09:51:28 PM) (Source: Service Control Manager) (User: )
Description: The McAfee McShield service terminated unexpectedly. It has done this 1 time(s).

Error: (02/25/2012 09:39:01 PM) (Source: 0) (User: )
Description: Broadcom NetXtreme 57xx Gigabit Controller

Error: (02/25/2012 09:34:05 PM) (Source: System Error) (User: )
Description: Error code 10000050, parameter1 a6ab6000, parameter2 00000000, parameter3 80509973, parameter4 00000000.


Microsoft Office Sessions:
=========================
Error: (04/30/2010 11:46:14 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4658 seconds with 0 seconds of active time. This session ended with a crash.

Error: (04/26/2010 08:49:28 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 139434 seconds with 1020 seconds of active time. This session ended with a crash.

Error: (05/12/2009 11:34:27 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 313145 seconds with 2640 seconds of active time. This session ended with a crash.

Error: (03/08/2009 08:45:44 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2560 seconds with 1140 seconds of active time. This session ended with a crash.

Error: (11/13/2008 03:07:28 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 109408 seconds with 960 seconds of active time. This session ended with a crash.


========================= Memory info: ===================================

Percentage of memory in use: 59%
Total physical RAM: 2037.89 MB
Available physical RAM: 834.32 MB
Total Pagefile: 3930.52 MB
Available Pagefile: 2906.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.02 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:111.69 GB) (Free:91.27 GB) NTFS
2 Drive d: (LifeCam_3_5) (CDROM) (Total:0.3 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\JIM_PC

Administrator Guest HelpAssistant
James M. Ruther SUPPORT_388945a0

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini022512-01.dmp

**** End of log ****

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:47 AM

Posted 27 February 2012 - 07:45 PM

Your McAfee is showing up in the error logs quite a bit.

If it's a paid antivirus then reinstall it now.

If it's a free program then can you uninstall the antivirus and install Avast. I would then like you to compare your system under the two different programs.
Posted Image
m0le is a proud member of UNITE

#15 BeegJeem1

BeegJeem1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 27 February 2012 - 07:57 PM

I am pretty sure it was paid for. I do not know how to reinstall, won't I need a CD or something? At the moment I do not have access to any of the materials I had when it was purchased. I do appreciate your help by the way.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users