Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC running very slow


  • This topic is locked This topic is locked
4 replies to this topic

#1 fiddystorms

fiddystorms

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 01 June 2012 - 07:13 PM

I am going to post this so I don't lose it in the event of another BSOD while running GMER and then post the log

The PC is lagging quite a bit. It was thoroughly infected before a friend asked me to clean it up. I believe it may be completely clean right now. The slowness could be a side effect of the PC having a half gig of RAM and that I am installing hundreds of Windows updates and running other tools (such as Ccleaner, Revo uninstall, Defraggler etc.)

I have already run combofix, MBAM, Smitfraudfix, Rkill, superantispyware, hijackthis as well as what was recommended in the bleepingcomputer tutorial.

as I was writing this I experienced a BSOD claiming Pwlyapod.sys caused a "Page Fault in non paged area"

technical info: 0x00000000 0xFF3C8008 0xA8A623CB 0x00000000

Pwlyapod.sys address: A8A623CB Base at A8A5E000 Date Stamp 4e21f298

I was installing some nonessential windows updates for software, running GMER and had google chrome open with a couple pages.

Since I already ran combofix I was instructed to start at step 6

I am going to post this so I don't lose it in the event of another BSOD while running GMER and then post the log
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512
Run by Bill Braaksma at 19:03:59 on 2012-06-01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.99 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Bill Braaksma\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Verizon\VSP\ServicepointService.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Bill Braaksma\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bill Braaksma\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bill Braaksma\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bill Braaksma\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Bill Braaksma\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\dotnetfx35_x86.exe
c:\74fed56541fa7d4b8cc5685d9c\dotnetfx35setup.exe
c:\d5b4b16bbd3f3f1a1f76d5f7dc05\setup.exe
C:\WINDOWS\system32\msiexec.exe
c:\WINDOWS\system32\MsiExec.exe
c:\WINDOWS\system32\MsiExec.exe
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0yahoo&bm=yh_home
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\bill braaksma\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
TCP: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{17C0F9D2-9F6C-4A3D-A1A4-2DCC84911A36} : DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-5-31 36000]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-3-11 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2012-3-11 31704]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-5-31 83392]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-9-27 10664]
.
=============== Created Last 30 ================
.
2012-06-01 22:56:07 -------- d-----w- C:\d5b4b16bbd3f3f1a1f76d5f7dc05
2012-06-01 22:55:27 -------- d-----w- C:\74fed56541fa7d4b8cc5685d9c
2012-06-01 22:55:10 -------- d-----w- c:\documents and settings\bill braaksma\application data\Windows Desktop Search
2012-06-01 22:53:19 -------- d-----w- c:\program files\Windows Desktop Search
2012-06-01 22:53:18 -------- d-----w- c:\windows\system32\GroupPolicy
2012-06-01 22:50:33 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2012-06-01 22:50:32 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2012-06-01 22:50:32 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2012-06-01 22:50:13 -------- d-----w- C:\f758c0400ace0805babc7c3166088341
2012-06-01 04:01:16 -------- d-----w- c:\documents and settings\all users\application data\Comodo
2012-06-01 04:00:49 -------- d-----w- c:\program files\COMODO
2012-06-01 03:38:56 -------- d-----w- c:\program files\VideoLAN
2012-06-01 03:03:35 -------- d-----w- c:\documents and settings\bill braaksma\application data\Avira
2012-06-01 02:44:09 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-06-01 02:44:08 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-06-01 02:44:02 -------- d-----w- c:\program files\Avira
2012-06-01 02:44:02 -------- d-----w- c:\documents and settings\all users\application data\Avira
2012-06-01 02:33:36 -------- d-----w- c:\program files\VS Revo Group
2012-05-31 21:43:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-31 21:43:17 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-05-31 19:30:33 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2012-05-31 19:30:31 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2012-05-31 19:30:14 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2012-05-31 19:30:13 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2012-05-31 19:29:56 978944 ------w- c:\windows\system32\dllcache\mfc42.dll
2012-05-31 19:29:56 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2012-05-31 19:29:56 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2012-05-31 19:28:43 456320 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2012-05-31 19:27:51 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2012-05-31 19:27:32 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2012-05-31 19:26:36 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2012-05-31 19:22:05 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2012-05-31 19:21:16 852480 ------w- c:\windows\system32\dllcache\vgx.dll
2012-05-31 19:20:59 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2012-05-31 19:20:58 218112 ------w- c:\windows\system32\dllcache\wordpad.exe
2012-05-31 19:20:46 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2012-05-31 19:20:39 3072 ------w- c:\windows\system32\iacenc.dll
2012-05-31 19:20:39 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-05-31 19:20:25 139784 ------w- c:\windows\system32\dllcache\rdpwd.sys
2012-05-31 19:20:14 45568 ------w- c:\windows\system32\dllcache\wab.exe
2012-05-31 19:17:11 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2012-05-31 13:25:11 -------- d-----w- c:\windows\system32\scripting
2012-05-31 13:25:10 -------- d-----w- c:\windows\system32\en
2012-05-31 13:25:10 -------- d-----w- c:\windows\system32\bits
2012-05-31 13:19:51 -------- d-----w- c:\windows\network diagnostic
2012-05-31 04:16:29 -------- d-----w- c:\program files\Defraggler
2012-05-31 04:01:32 -------- d-----w- c:\program files\CCleaner
2012-05-31 01:00:32 -------- d-----w- c:\documents and settings\bill braaksma\application data\Malwarebytes
2012-05-31 01:00:24 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-05-31 00:57:19 -------- d-----w- C:\Malwarebytes
2012-05-30 20:43:30 180352 ----a-w- C:\activescan2_en.exe
2012-05-25 00:24:11 388096 ----a-r- c:\documents and settings\bill braaksma\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-05-24 23:34:23 1318 ----a-w- c:\windows\system32\tmp.reg
2012-05-24 21:26:40 -------- d-----w- c:\windows\Cookies
2012-05-24 21:25:39 -------- d-----w- c:\windows\Recent
2012-05-24 04:18:55 -------- d-sha-r- C:\cmdcons
2012-05-24 03:14:24 98816 ----a-w- c:\windows\sed.exe
2012-05-24 03:14:24 518144 ----a-w- c:\windows\SWREG.exe
2012-05-24 03:14:24 256000 ----a-w- c:\windows\PEV.exe
2012-05-24 03:14:24 208896 ----a-w- c:\windows\MBR.exe
2012-05-24 01:50:54 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-24 01:50:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-24 01:38:17 -------- d-----w- c:\program files\WinDirStat
2012-05-24 01:36:20 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-05-24 00:15:04 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2012-05-24 00:15:04 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll
.
==================== Find3M ====================
.
2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-12 01:13:46 494968 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-12 01:13:46 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-12 01:13:44 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-12 01:13:20 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-12 01:13:20 301224 ----a-w- c:\windows\system32\guard32.dll
2012-03-11 14:25:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-11 14:25:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 19:09:35.89 ===============

Attached Files


Edited by fiddystorms, 01 June 2012 - 10:34 PM.


BC AdBot (Login to Remove)

 


#2 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:06:02 AM

Posted 07 June 2012 - 08:23 AM

Greetings fiddystorms and Welcome to the forums,

Wow lol....Mcafee, Symantec, Comodo, Avira...which one of those do you want to use? It's no wonder your system is lagging and crashing. On your next reply, please post the combofix logs from 5/24 and 5/30 and let us know which antivirus/firewall product you want to use so we can see about removing all the others and their remnants. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#3 fiddystorms

fiddystorms
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 08 June 2012 - 05:26 PM

OK, I will. Sorry to reply with no logs, just wanted to let you know I'm here. I'll start this evening/

#4 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:06:02 AM

Posted 11 June 2012 - 01:29 PM

Still working on it fiddystorms?

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#5 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:06:02 AM

Posted 13 June 2012 - 06:31 AM

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to anyone of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users