Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91681 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] Slow, unresponsive computer


  • This topic is locked This topic is locked
10 replies to this topic

#1 nanadeg

nanadeg

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 14 November 2009 - 09:02 AM

I have run adaware and malwarebytes along with comodo av, however have found no bugs, but computer continues to be nonresponsive and freezes. Here are all the logs from my new registration setup.. DDS (Ver_09-10-26.01) - NTFSx86 Run by Whitney Degering at 8:50:35.65 on Sat 11/14/2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.382.160 [GMT -6:00] AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B} FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\NETGEAR\MA111v2 USB Adapter\ma111v2.exe C:\Documents and Settings\Whitney Degering\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://www.msn.com BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll TB: The Shield Deluxe 2009 Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\pcsecurityshield\bitdefender 2009\IEToolbar.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [BDAgent] "c:\program files\pcsecurityshield\bitdefender 2009\bdagent.exe" mRun: [BitDefender Antiphishing Helper] "c:\program files\pcsecurityshield\bitdefender 2009\IEShow.exe" mRun: [EPSON Stylus CX5400] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400" mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\ma111c~1.lnk - c:\program files\netgear\ma111v2 usb adapter\MA111v2.exe StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab Notify: igfxcui - igfxsrvc.dll AppInit_DLLs: c:\windows\system32\guard32.dll ============= SERVICES / DRIVERS =============== R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-5-6 132296] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-5-6 25160] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1179232] R3 SISNPF;SIS Netgroup Packet Filter;c:\windows\system32\drivers\SISNPF.SYS [2004-5-3 74112] S2 gupdate1ca6255ddc45cfa;Google Update Service (gupdate1ca6255ddc45cfa);c:\program files\google\update\GoogleUpdate.exe [2009-11-10 133104] S3 Arrakis3;BitDefender Arrakis Server;"c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe" --> c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [?] S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys --> c:\windows\system32\drivers\bdfm.sys [?] =============== Created Last 30 ================ 2009-11-11 01:28:30 15880 ----a-w- c:\windows\system32\lsdelete.exe 2009-11-10 22:43:01 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2009-11-10 22:33:22 0 dc-h--w- c:\docume~1\alluse~1.win\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-11-10 22:32:32 0 d-----w- c:\program files\Lavasoft 2009-11-08 19:51:41 0 d-----w- c:\docume~1\whitne~1\applic~1\Malwarebytes 2009-11-08 19:37:32 0 d-sh--w- c:\documents and settings\whitney degering\PrivacIE 2009-11-08 19:33:03 0 d-sh--w- c:\documents and settings\whitney degering\IETldCache 2009-11-08 16:20:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-08 16:19:48 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes 2009-11-08 16:19:43 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-07 05:44:08 0 d-----w- c:\program files\EPSON 2009-10-17 03:44:52 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys 2009-10-17 03:44:52 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2009-10-17 03:44:16 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2009-10-17 03:44:16 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2009-10-16 23:41:27 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys ==================== Find3M ==================== 2009-10-17 04:03:36 179792 ----a-w- c:\windows\system32\guard32.dll 2009-10-17 04:03:22 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2009-10-17 04:03:19 132296 ----a-w- c:\windows\system32\drivers\cmdguard.sys 2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-20 20:09:06 1193832 ----a-w- c:\windows\system32\FM20.DLL 2006-01-18 18:24:07 774144 -c--a-w- c:\program files\RngInterstitial.dll 2004-05-28 21:48:26 154112 ----a-w- c:\windows\inf\ma111v2\MA111v2.sys 2004-03-12 20:33:08 212992 ----a-w- c:\windows\inf\ma111v2\CopyWHQLDriver.exe 2004-03-08 19:51:22 49152 ----a-w- c:\windows\inf\ma111v2\SiSWBase.dll 2004-03-08 19:51:22 237568 ----a-w- c:\windows\inf\ma111v2\SiSWPars.dll 2004-03-08 19:51:22 155648 ----a-w- c:\windows\inf\ma111v2\SiSWInst.dll 2001-10-05 18:53:04 21866 -c--a-w- c:\program files\common files\tppupd2k.dll 2009-04-15 03:01:10 16384 -csha-w- c:\windows\system32\config\systemprofile\cookies\index.dat 2009-04-15 03:01:10 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat 2009-03-15 18:12:40 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009031520090316\index.dat 2009-04-15 03:01:10 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat ============= FINISH: 8:53:20.45 =============== ################################################################################ #################### ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/11/14 08:56 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xEDEAC000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF79F6000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xECFA2000 Size: 49152 File Visible: No Signed: - Status: - SSDT ------------------- #: 011 Function Name: NtAdjustPrivilegesToken Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xee1ccd46 #: 031 Function Name: NtConnectPort Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xee1cc250 #: 037 Function Name: NtCreateFile Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xee1cc8ea #: 041 Function Name: NtCreateKey Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xee1cd2c2 #: 046 Function Name: NtCreatePort Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xee1cc132 #: 050 Function Name: NtCreateSection Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xee1ce254 #: 052 Function Name: NtCreateSymbolicLinkObject Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xee1ce52c #: 053 Function Name: NtCreateThread Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xee1cbcf8 #: 063 Function Name: NtDeleteKey Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xee1ccf2c #: 065 Function Name: NtDeleteValueKey Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xee1cd0dc #: 068 Function Name: NtDuplicateObject Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xee1cba5a #: 097 Function Name: NtLoadDriver Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xee1cded6 #: 105 Function Name: NtMakeTemporaryObject Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xee1cc4d4 #: 116 Function Name: NtOpenFile Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xee1ccb2e #: 122 Function Name: NtOpenProcess Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xee1cb78a #: 125 Function Name: NtOpenSection Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xee1cc764 #: 128 Function Name: NtOpenThread Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xee1cb902 #: 192 Function Name: NtRenameKey Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xee1cd688 #: 200 Function Name: NtRequestWaitReplyPort Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xee1cd9f0 #: 210 Function Name: NtSecureConnectPort Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xee1cdc72 #: 240 Function Name: NtSetSystemInformation Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xee1ce084 #: 247 Function Name: NtSetValueKey Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xee1cd488 #: 249 Function Name: NtShutdownSystem Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xee1cc46e #: 255 Function Name: NtSystemDebugControl Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xee1cc658 #: 257 Function Name: NtTerminateProcess Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xee1cbffc #: 258 Function Name: NtTerminateThread Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xee1cbeca ==EOF==

    Advertisements

Register to Remove


#2 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,136 posts

Posted 16 November 2009 - 11:44 PM

Hi nanadeg,

:welcome:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please download the OTM by OldTimer.
  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
    (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines inside the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
    
    :Services
    bdfm
    Arrakis3
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BDAgent"=-
    "BitDefender Antiphishing Helper"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "381ffde8-2394-4f90-b10d-fc6124a40f8c"=-
    
    :Files
    c:\windows\system32\drivers\bdfm.sys
    c:\program files\common files\bitdefender
    c:\program files\pcsecurityshield
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#3 nanadeg

nanadeg

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 17 November 2009 - 09:51 PM

OTM Results: All processes killed ========== PROCESSES ========== ========== SERVICES/DRIVERS ========== Service bdfm stopped successfully! Service bdfm deleted successfully! Service Arrakis3 stopped successfully! Service Arrakis3 deleted successfully! ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BDAgent deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BitDefender Antiphishing Helper deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\381ffde8-2394-4f90-b10d-fc6124a40f8c not found. ========== FILES ========== File/Folder c:\windows\system32\drivers\bdfm.sys not found. File/Folder c:\program files\common files\bitdefender not found. File/Folder c:\program files\pcsecurityshield not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 24679539 bytes ->Temporary Internet Files folder emptied: 26092369 bytes User: All Users User: All Users.WINDOWS User: COLLIN ->Apple Safari cache emptied: 103738 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: Default User.WINDOWS ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Guest ->Temp folder emptied: 89834 bytes ->Temporary Internet Files folder emptied: 39582913 bytes ->Java cache emptied: 2236855 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService.NT AUTHORITY ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService.NT AUTHORITY ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33237 bytes User: Whitney Degering ->Temp folder emptied: 15023468 bytes ->Temporary Internet Files folder emptied: 47150508 bytes ->Google Chrome cache emptied: 253943735 bytes %systemdrive% .tmp files removed: 393220 bytes %systemroot% .tmp files removed: 2176856 bytes %systemroot%\System32 .tmp files removed: 2577 bytes Windows Temp folder emptied: 542016 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 96202 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 393.24 mb OTM by OldTimer - Version 3.1.2.0 log created on 11172009_195745 Files moved on Reboot... File move failed. C:\Documents and Settings\COLLIN\Local Settings\Application Data\Apple Computer\Safari\FontsList.plist scheduled to be moved on reboot. C:\WINDOWS\temp\FIL480.tmp moved successfully. C:\WINDOWS\temp\FIL498.tmp moved successfully. C:\WINDOWS\temp\FIL49A.tmp moved successfully. C:\WINDOWS\temp\FIL49C.tmp moved successfully. C:\WINDOWS\temp\FIL49E.tmp moved successfully. C:\WINDOWS\temp\REG481.tmp moved successfully. C:\WINDOWS\temp\REG499.tmp moved successfully. C:\WINDOWS\temp\REG49B.tmp moved successfully. C:\WINDOWS\temp\REG49D.tmp moved successfully. C:\WINDOWS\temp\REG49F.tmp moved successfully. C:\WINDOWS\temp\~DF392.tmp moved successfully. C:\WINDOWS\temp\~DFA0C1.tmp moved successfully. C:\WINDOWS\temp\~DFF5E5.tmp moved successfully. C:\WINDOWS\temp\~DFF992.tmp moved successfully. C:\WINDOWS\temp\~DFFCE1.tmp moved successfully. Registry entries deleted on Reboot... ESET Results: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=548e6834638acb4f85eb2104947f4256 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2009-11-18 03:42:38 # local_time=2009-11-17 09:42:38 (-0600, Central Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=3073 16777189 80 89 0 1838005 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=41665 # found=0 # cleaned=0 # scan_time=4254

#4 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,136 posts

Posted 17 November 2009 - 11:21 PM

nanadeg, Do you notice any difference?

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#5 nanadeg

nanadeg

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 18 November 2009 - 08:26 PM

Seems to come and go.... Will work almost perfect and in the same browsing sessions bog down again. Not sure what is going on..

#6 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,136 posts

Posted 18 November 2009 - 08:39 PM

nanadeg, Please post me a new DDS log and I'll see if I can find anything else.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#7 nanadeg

nanadeg

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 18 November 2009 - 08:53 PM

DDS (Ver_09-06-26.01) - NTFSx86 Run by Whitney Degering at 20:47:05.31 on Wed 11/18/2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.382.103 [GMT -6:00] AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B} FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NETGEAR\MA111v2 USB Adapter\MA111v2.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Whitney Degering\Local Settings\Temporary Internet Files\Content.IE5\XR32J9KM\dds[1].scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://www.msn.com BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll TB: The Shield Deluxe 2009 Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\pcsecurityshield\bitdefender 2009\IEToolbar.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [EPSON Stylus CX5400] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400" mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\ma111c~1.lnk - c:\program files\netgear\ma111v2 usb adapter\MA111v2.exe StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab Notify: igfxcui - igfxsrvc.dll AppInit_DLLs: c:\windows\system32\guard32.dll ============= SERVICES / DRIVERS =============== R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-5-6 132808] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-5-6 25160] R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-5-6 723632] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1179232] R3 SISNPF;SIS Netgroup Packet Filter;c:\windows\system32\drivers\SISNPF.SYS [2004-5-3 74112] S2 gupdate1ca6255ddc45cfa;Google Update Service (gupdate1ca6255ddc45cfa);c:\program files\google\update\GoogleUpdate.exe [2009-11-10 133104] =============== Created Last 30 ================ 2009-11-17 19:57 <DIR> --d----- C:\_OTM 2009-11-10 19:28 15,880 a------- c:\windows\system32\lsdelete.exe 2009-11-10 16:43 93,360 a------- c:\windows\system32\drivers\SBREDrv.sys 2009-11-10 16:33 <DIR> -cd-h--- c:\docume~1\alluse~1.win\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-11-10 16:32 <DIR> --d----- c:\program files\Lavasoft 2009-11-08 13:51 <DIR> --d----- c:\docume~1\whitne~1\applic~1\Malwarebytes 2009-11-08 13:37 <DIR> --dsh--- c:\documents and settings\whitney degering\PrivacIE 2009-11-08 13:33 <DIR> --dsh--- c:\documents and settings\whitney degering\IETldCache 2009-11-08 13:32 <DIR> --d----- c:\documents and settings\Whitney Degering 2009-11-08 10:20 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-08 10:19 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Malwarebytes 2009-11-08 10:19 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-11-06 23:44 <DIR> --d----- c:\program files\EPSON ==================== Find3M ==================== 2009-11-18 20:43 131,408 a------- c:\windows\system32\drivers\sfi.dat 2009-11-17 21:54 171,552 a------- c:\windows\system32\guard32.dll 2009-11-17 21:54 132,808 a------- c:\windows\system32\drivers\cmdguard.sys 2009-11-17 21:54 25,160 a------- c:\windows\system32\drivers\cmdhlp.sys 2009-09-11 08:18 136,192 a------- c:\windows\system32\msv1_0.dll 2009-09-04 15:03 58,880 a------- c:\windows\system32\msasn1.dll 2009-08-29 02:08 916,480 a------- c:\windows\system32\wininet.dll 2009-08-26 02:00 247,326 a------- c:\windows\system32\strmdll.dll 2006-01-18 12:24 774,144 ac------ c:\program files\RngInterstitial.dll 2004-05-28 15:48 154,112 a------- c:\windows\inf\ma111v2\MA111v2.sys 2004-03-12 14:33 212,992 a------- c:\windows\inf\ma111v2\CopyWHQLDriver.exe 2004-03-08 13:51 237,568 a------- c:\windows\inf\ma111v2\SiSWPars.dll 2004-03-08 13:51 155,648 a------- c:\windows\inf\ma111v2\SiSWInst.dll 2004-03-08 13:51 49,152 a------- c:\windows\inf\ma111v2\SiSWBase.dll 2001-10-05 12:53 21,866 ac------ c:\program files\common files\tppupd2k.dll 2009-04-14 21:01 16,384 ac-sh--- c:\windows\system32\config\systemprofile\cookies\index.dat 2009-04-14 21:01 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat 2009-03-15 12:12 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009031520090316\index.dat ============= FINISH: 20:49:12.76 ===============

#8 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,136 posts

Posted 18 November 2009 - 09:38 PM

nanadeg, DDS produces two logs. The second one is attach.txt. Would you please re-run DDS and past me attach.txt?

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#9 nanadeg

nanadeg

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 23 November 2009 - 05:06 PM

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-06-26.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 3/14/2009 6:54:37 PM System Uptime: 11/17/2009 10:12:59 PM (22 hours ago) Motherboard: Dell Computer Corp. | | 0F5949 Processor: Intel® Celeron® CPU 2.40GHz | Microprocessor | 2392/400mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 34 GiB total, 23.443 GiB free. D: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP162: 10/11/2009 2:49:42 PM - Installed NETGEAR MA111v2 802.11b Wireless USB Adapter RP163: 10/11/2009 2:52:49 PM - Unsigned driver install RP164: 10/12/2009 3:00:34 AM - Software Distribution Service 3.0 RP165: 10/12/2009 7:51:19 AM - Software Distribution Service 3.0 RP166: 10/12/2009 8:07:05 AM - Software Distribution Service 3.0 RP167: 10/13/2009 9:06:50 AM - System Checkpoint RP168: 10/14/2009 9:21:53 AM - System Checkpoint RP169: 10/14/2009 5:01:56 PM - Software Distribution Service 3.0 RP170: 10/15/2009 5:10:11 PM - System Checkpoint RP171: 10/16/2009 3:00:22 AM - Software Distribution Service 3.0 RP172: 10/16/2009 12:21:05 PM - Software Distribution Service 3.0 RP173: 10/17/2009 12:37:52 PM - System Checkpoint RP174: 10/18/2009 1:07:14 PM - System Checkpoint RP175: 10/19/2009 1:10:28 PM - System Checkpoint RP176: 10/20/2009 1:17:01 PM - System Checkpoint RP177: 10/21/2009 1:17:28 PM - System Checkpoint RP178: 10/22/2009 1:37:59 PM - System Checkpoint RP179: 10/23/2009 2:38:00 PM - System Checkpoint RP180: 10/24/2009 3:37:58 PM - System Checkpoint RP181: 10/25/2009 3:38:07 PM - System Checkpoint RP182: 10/26/2009 4:38:11 PM - System Checkpoint RP183: 10/27/2009 5:38:13 PM - System Checkpoint RP184: 10/28/2009 7:17:30 PM - System Checkpoint RP185: 10/29/2009 8:12:02 PM - System Checkpoint RP186: 10/30/2009 9:12:03 PM - System Checkpoint RP187: 10/31/2009 10:12:22 PM - System Checkpoint RP188: 11/1/2009 10:31:49 PM - System Checkpoint RP189: 11/2/2009 11:07:13 PM - System Checkpoint RP190: 11/4/2009 12:07:28 AM - System Checkpoint RP191: 11/4/2009 10:37:50 AM - Software Distribution Service 3.0 RP192: 11/5/2009 10:56:31 AM - System Checkpoint RP193: 11/6/2009 10:47:56 AM - Advanced Registry Optimizer - Before One Click RP194: 11/7/2009 11:18:08 AM - System Checkpoint RP195: 11/8/2009 12:00:45 PM - System Checkpoint RP196: 11/9/2009 12:07:50 PM - System Checkpoint RP197: 11/10/2009 1:17:39 PM - System Checkpoint RP198: 11/10/2009 10:59:53 PM - Software Distribution Service 3.0 RP199: 11/11/2009 11:07:40 PM - System Checkpoint RP200: 11/13/2009 12:07:39 AM - System Checkpoint RP201: 11/14/2009 12:22:18 AM - System Checkpoint RP202: 11/15/2009 1:07:40 AM - System Checkpoint RP203: 11/16/2009 2:07:45 AM - System Checkpoint RP204: 11/17/2009 3:07:46 AM - System Checkpoint RP205: 11/18/2009 3:27:45 AM - System Checkpoint ==== Installed Programs ====================== ABBYY FineReader 5.0 Sprint Plus Acrobat.com Ad-Aware Adobe AIR Adobe Flash Player 10 Plugin Adobe Reader 9.2 Advanced Registry Optimizer ArcSoft Software Suite Broadcom 440x 10/100 Integrated Controller COMODO Internet Security EPSON Copy Utility EPSON EIC CX5400 EPSON Photo Print EPSON Printer Software EPSON Scan ERUNT 1.1j Google Chrome Google Update Helper Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB970653-v3) Intel® 537EP V9x DF PCI Modem Intel® Extreme Graphics Driver Malwarebytes' Anti-Malware Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office XP Small Business Microsoft Silverlight Modem Helper NETGEAR MA111v2 802.11b Wireless USB Adapter OGA Notifier 2.0.0048.0 Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Update for Windows Internet Explorer 8 (KB968220) Update for Windows Internet Explorer 8 (KB976749) Update for Windows XP (KB951978) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB973815) Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Internet Explorer 8 Windows XP Service Pack 3 ==== Event Viewer Messages From Past Week ======== 11/17/2009 7:57:51 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s). 11/11/2009 1:04:03 PM, error: Service Control Manager [7000] - The BitDefender Desktop Update Service service failed to start due to the following error: The system cannot find the path specified. ==== End Of File ===========================

#10 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,136 posts

Posted 23 November 2009 - 06:37 PM

nanadeg,

I'm not finding anything. Let's give this tool a run.

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#11 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,136 posts

Posted 29 November 2009 - 10:21 AM

Due to inactivity this topic will be closed. If you need help please start a new thread.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users