I've received very good help here a few years back, and I'd be grateful if anybody would help me with my new problem.

My PC is a Dell Inspiron 9400 laptop with 2MB RAM running Vista service pack 2 on a T5200 Core 2 Duo processor.

I'm very close to ditching the computer and getting a new one, not least due to it's old age (4.5 years) but I'm concerned about copying any infected files to a new PC and face the same issues I'm struggling with now.

I don't have a clear indication of virus/malware after scanning multiple times with Zonealarm, Malwarebytes, Trend Micro Housecall, and Superanitspyware, but ever so often the PC will start up and some process will hog all cpu resources and leave the computer close to unresponsive - and the only remedy is to restart, which usually stops the madness.

Frequently the HD seems very busy when there should be no reason for it, and I've not always been able to pin down what caused it (various versions and potentially faulty installations of Zonealarm ISS appear to be partly responsible).

A few weeks ago the un-responsiveness got so out of hand, that I chose to restore the system to the oldests available point, and surprisingly this cleared all symptoms for a day or two - then they slowly but surely returned.

Zonealarm did report finding an unspecified trojan in autorun.inf yesterday, but also claimed to have treated it. I use a usb drive to transfer data to outside computers semi-public computers (university based).

Here's my DDS.txt:

------------------
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Giraffe at 11:16:00 on 2011-07-22
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2046.826 [GMT -4:00]
.
AV: ZoneAlarm Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\brsvc01a.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\brss01a.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\sttray.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\TeamViewer\Version6\tv_w32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Giraffe\Downloads\dds.scr
C:\Windows\system32\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Deposit IE Toolbar: {6aa40521-14e7-4b1d-b1b4-98528c1388c9} - c:\progra~1\deposi~1\dfmana~1\DEPOSI~1.DLL
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [<NO NAME>]
uRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
uRun: [Google Update] "c:\users\giraffe\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [Smart File Advisor] "c:\program files\smart file advisor\sfa.exe" /checkassoc
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISW]
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
StartupFolder: c:\users\giraffe\appdata\roaming\micros~1\windows\startm~1\programs\startup\ccc.lnk - c:\program files\ati technologies\ati.ace\core-static\CCC.exe
StartupFolder: c:\users\giraffe\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{53a01cc6-14b0-4512-a2e7-10d39bf83dc4}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\poker\pokerstars\PokerStarsUpdate.exe
IE: {D5AD327A-A089-4F04-89FD-4EA9812B3913} - {D5AD327A-A089-4F04-89FD-4EA9812B3913} - c:\progra~1\deposi~1\dfmana~1\DEPOSI~1.DLL
Trusted Zone: cnchost.com\register
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-10-14 11352]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 67656]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-4-27 21504]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-5-30 27016]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-3-15 809296]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2010-12-7 2228008]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-4-27 16896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-6 135664]
S3 B-Service;B-Service;c:\users\giraffe\appdata\roaming\mikogo\B-Service.exe [2009-1-25 185640]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-11-6 135664]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-4-27 21504]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-7-5 29824]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-7-5 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-7-5 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-7-5 59776]
S3 pwusbio;Pixelworks USB Driver;c:\windows\system32\drivers\pwusbio.sys [2007-2-17 20641]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 12872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-5-30 493184]
.
=============== Created Last 30 ================
.
2011-07-22 12:49:49 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{2fecd652-1317-4d11-87d7-44fcf30aad80}\mpengine.dll
2011-07-13 10:48:16 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 10:48:01 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-13 10:48:01 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-10 14:49:56 -------- d-----w- c:\users\giraffe\appdata\local\Sun
2011-07-09 17:04:00 388096 ----a-r- c:\users\giraffe\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-07-08 22:21:29 -------- d-----w- c:\users\giraffe\appdata\roaming\MailFrontier
2011-07-08 22:06:47 -------- d-----w- c:\windows\Internet Logs
2011-07-08 21:57:26 -------- d-----w- c:\users\giraffe\appdata\roaming\CheckPoint
2011-07-08 21:56:08 -------- d-----w- c:\program files\zonealarm_security_suite
2011-07-08 21:37:08 -------- d-----w- c:\program files\CheckPoint
2011-07-08 18:34:52 -------- d-----w- c:\programdata\Kaspersky SDK
2011-07-08 15:47:04 -------- d-----w- c:\programdata\AVG10
2011-07-08 15:38:32 -------- d-----w- c:\program files\AVG
2011-07-08 15:17:50 -------- d--h--w- c:\programdata\Common Files
2011-07-08 15:15:16 -------- d-----w- c:\programdata\MFAData
2011-07-08 15:11:34 -------- d-----w- c:\windows\Internet Logs(203)
2011-07-04 19:53:44 -------- d-----w- c:\program files\common files\Java(3)
2011-06-29 11:12:29 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-25 18:22:35 -------- d-----w- c:\program files\Amazon
2011-06-23 01:19:18 -------- d-----w- c:\program files\Veetle
.
==================== Find3M ====================
.
2011-07-10 14:42:00 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-20 03:07:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-24 23:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-07 21:51:26 451160 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2011-05-02 17:16:14 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 13:25:10 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 13:25:09 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-29 13:24:50 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-29 13:24:42 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-29 13:24:40 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
============= FINISH: 11:19:27.46 ===============


Thank you very much for any feedback and help!

Johan

Hello McMelchior and welcome to the Safernetworking Forums .
I'm RedCar92 and my name is Bill, I'll be glad to help you with your computer problems.

Please observe these rules while we work: Read the entire procedure It is important to perform ALL actions in sequence. If you don't know, stop and ask! Don't keep going on. Please reply to this thread. Do not start a new topic. Stick with me till you're given the all clear. Malware removal can be stressful but we will clean it. Remember, absence of symptoms does not mean the infection is all gone. Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise, this will be a team effort.
This may cause a delay, but I will do my best to keep it as short as possible.

Please bear with me, I will post back to you as soon as I can.

IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperative and could require a full reinstall of your OS, losing all your programs and data.

These tools MUST be run from the executable. (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")
Stay with this topic until I give you the all clean post.

Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise, this will be a team effort.
This may cause a delay, but I will do my best to keep it as short as possible.

Please bear with me, I will post back to you as soon as I can.

Thank you very much to both you!

I'm standby until I see more instructions from you.

:)

Greetings McMelchior,

First

Please download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe icon to run it
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


Next
You mentioned that you used a flash memory extensively. These can be great virus carriers. I would recommend this.
Download Flash_Disinfector.exe by sUBs[/b] from HERE (http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe) and save it to your desktop. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
Wait until it has finished scanning and then exit the program.
Reboot your computer when done.Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Or
If you use a flash drive it is recommended that you download and run Panda USB Vaccine from here (http://www.pandasecurity.com/homeusers/downloads/usbvaccine) . Panda USB Vaccine makes sure no viruses embed themselves in the autorun file on your USB drive, so you won't be infected by an autorun virus.

Thank you, Bill.

The log is posted at the end of this post.


Download Flash_Disinfector.exe by sUBs[/b] from HERE (http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe) [...]

Or
[...] download and run Panda USB Vaccine from here (http://www.pandasecurity.com/homeusers/downloads/usbvaccine)

I did run the flash_disinfector with no alerts showing up; I assume since you wrote "OR" that the second suggestion is not needed then?

Again, than you very much for helping me out!

Best,

Johan

aswMBR log:

--------------

aswMBR version 0.9.8.977 Copyright(c) 2011 AVAST Software
Run date: 2011-07-24 14:49:18
-----------------------------
14:49:18.650 OS Version: Windows 6.0.6002 Service Pack 2
14:49:18.650 Number of processors: 2 586 0xF06
14:49:18.652 ComputerName: GIRAFFE-PC UserName: Giraffe
14:49:31.207 Initialize success
14:51:41.254 AVAST engine defs: 11072401
14:51:56.729 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:51:56.733 Disk 0 Vendor: Hitachi_HTS541616J9SA00 SB4OC74P Size: 152627MB BusType: 3
14:51:56.777 Disk 0 MBR read successfully
14:51:56.782 Disk 0 MBR scan
14:52:01.275 Disk 0 Windows VISTA default MBR code
14:52:01.322 Disk 0 scanning sectors +312578048
14:52:02.142 Disk 0 scanning C:\Windows\system32\drivers
14:52:30.329 Service scanning
14:52:34.648 Modules scanning
14:52:57.463 Disk 0 trace - called modules:
14:52:57.530 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys
14:52:57.537 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88c3b558]
14:52:57.543 3 CLASSPNP.SYS[8b3608b3] -> nt!IofCallDriver -> [0x87dd7bc8]
14:52:57.565 5 acpi.sys[84e976bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8707ab98]
14:52:58.912 AVAST engine scan C:\Windows
14:53:08.845 AVAST engine scan C:\Windows\system32
14:56:37.176 AVAST engine scan C:\Windows\system32\drivers
14:56:54.415 AVAST engine scan C:\Users\Giraffe
16:39:32.210 AVAST engine scan C:\ProgramData
16:50:35.585 Scan finished successfully
16:56:58.566 Disk 0 MBR has been saved successfully to "C:\Users\Giraffe\Desktop\MBR.dat"
16:56:58.607 The log file has been saved successfully to "C:\Users\Giraffe\Desktop\aswMBR.txt"


---------------------------------------------------------

Greetings McMelchior,

I see in your logs that you have Malwarebytes installed on your system.


Double click on MalwareBytes, mbam.exe to run it.
If Malwarebytes asks to update click on yes, if you are not asked.
Click on the Update tab then click on Check for updates.
After updates finish, click on the Scanner tab. Select Perform quick scan.
Click on Scan button.
When finished copy/paste the contents of mbam.txt into your next post please.


Next
Please use Internet Explorer to download and run the following scan: Eset Online Scanner (http://www.eset.com/onlinescan/)
Place a check mark in the box YES, I accept the Terms Of Use
Click the Start button.
Now click the Install button.
Click Start. The scanner engine will initialize and update.
Do Not place a check mark in the box beside Remove found threats.
Click the Scan button. The scan will now run, please be patient.
When the scan finishes if there are any infections you will see a List of found threats.
Click Export to text file
Copy and paste the contents of the C:\Program Files\ESET\log.txt into your next reply.
If no threats are found there will be no list, this is good, just tell me that no threats were found.

Logs to post:


mbam.txt
ESET report if available.

Hi again Bill, here are both logs:

----------------------------------
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7268

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

7/24/2011 10:45:48 PM
mbam-log-2011-07-24 (22-45-47).txt

Scan type: Quick scan
Objects scanned: 243166
Time elapsed: 20 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
----------------------------------------

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=687e5ce472cfcb48b677422e597e6e2d
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-25 03:14:54
# local_time=2011-07-24 11:14:54 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1032 16777214 0 1 500100 500100 0 0
# compatibility_mode=5892 16776573 100 100 0 148171127 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16776573 100 13 1314894 2518413 0 0
# scanned=1354
# found=0
# cleaned=0
# scan_time=140
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=687e5ce472cfcb48b677422e597e6e2d
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-25 10:33:32
# local_time=2011-07-25 06:33:32 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1032 16777214 0 1 500631 500631 0 0
# compatibility_mode=5892 16776573 100 100 0 148171658 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16776573 100 13 1315425 2518944 0 0
# scanned=696613
# found=0
# cleaned=0
# scan_time=25927
---------------------------

Best,

Johan

Greetings Johan,
Your problems do not seem to be malware related as your logs all appear clean.
If you haven,t defragged your hard drive recently you may want to try Puran Defrag from here http://forums.whatthetech.com/index.php?showforum=126
Also you may want to do scandisk to find bad hard drive sectors that really slow down a system.
The techs at the next 2 sites may be able to help with your problem also.
Here http://forums.whatthetech.com/index.php?showforum=119 for Windows Vista problems.
Here http://forums.whatthetech.com/index.php?showforum=126 for hardware problems.

Next
To remove Hijackthis do the following:
Click Start → Control Panel → Add or Remove Programs
Click on Hijackthis
Click on Remove
When done close all windows.
Navigate to C:\Program files\Trend Micro
Delete the Hijackthis folder.
Close all windows.



Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.


You should keep Malwarebytes, ERUNT, and ESET. You should update and run them on a regular basis to keep your PC clean.
Your PC looks to be All Clean from my end.

You say that occasionally your PC will be very busy at bootup. This could be a function of updating programs or a hard disk type problem.
If you haven,t defragged your hard drive recently you may want to try Puran Defrag from here http://forums.whatthetech.com/index.php?showforum=126
Also you may want to do scandisk to find bad hard drive sectors that really slow down a system


Below I have included a number of recommendations for how to protect your computer against malware infections.


It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them (http://www.microsoft.com/protect/yourself/password/create.mspx) Then consider a password keeper (http://keepass.info/), to keep all your passwords safe.
Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
Make Internet Explorer more secure


Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.

Download TFC to your desktop (http://oldtimer.geekstogo.com/TFC.exe)


Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean

It's normal after running TFC cleaner that the PC will be slower to boot the first time.
WOT, Web of Trust (http://www.mywot.com/), warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
[

Green to go
Yellow for caution
Red to stop

WOT has an addon available for both Firefox and IE
Keep a backup of your important files (http://www.geekstogo.com/2008/06/19/options-for-home-computer-data-backup-part-1/) - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
ERUNT (http://www.snapfiles.com/get/erunt.html) (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
Think Prevention. (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)
PC Safety and Security--What Do I Need?. (http://www.techsupportforum.com/security-center/general-computer-security/115548-pc-safety-security-what-do-i-need.html)


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Now is the time to post any questions or issues that have not been resolved for you. This thread will close a few days after last post.

Thanks for your patience and hard work.

Thanks for your efforts, Bill!

I do defrag on a regular basis, so since Dell's built-in hardware checking routines come up fine, I guess it points toward bad sectors on the HD?

In order for me to plan accordingly, do you by any chance have an estimate of how long it will take to run scandisk on my 137GB 5200 rpm HD? As I rely on my PC if it takes more than 12 - 16 hours I will need to plan accordingly :)

Again, thank you very much for investing time and effort in helping me!

Best greetings,

Johan

Johan, that scan depends, if bad sectors are found and repaired it could take quite some time, even over night. I am not really an expert on hard drives but the techs at the WTT hardware forums are pretty good. They can advise you better than I.
As much as it may be a hard disk problem, it could also be a software problem, like a program trying to update and having trouble doing so.

Thanks, Bill,
I'll try the scandisk and resort to the suggested fora if that doesn't provide more insight and improvement.

GL with your learning process, and once again thank you!

Johan

My pleasure and good luck.