PDA

View Full Version : Chrome won't load! System slowed to a halt! What do I have????


Onychophoran
2012-09-11, 13:46
Iexplorer seems to be the only browser that the computer will allow me to run... I have no idea what's stopping cpu processes for a short while then it frees up again. This is driving me crazy!
Jason
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by OEMuser at 20:18:53 on 2012-09-10
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3326.1158 [GMT 10:00]
.
AV: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.81\aaCenter.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SecCopy\SecCopy.exe
C:\Users\OEMuser\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Second Copy] "c:\program files\seccopy\SecCopy.exe"
mRun: "c:\program files\spyware doctor\pctsGui.exe" /hideGUI
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\oemuser\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\oemuser\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\oemuser\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://teds.lifepics.com/NET/Uploader/LPUploader57.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6FCAE459-69BA-4A7D-A83D-EBFB2800A316} : DhcpNameServer = 192.168.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-4-8 383368]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-1-6 342168]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-1-6 909728]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-9-8 54328]
R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-9-8 574424]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-4-8 254944]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-11-11 203120]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-28 63960]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-6-30 575448]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2011-11-11 402368]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2011-11-11 1118680]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2011-11-11 70768]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-4-8 70568]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-9-8 35264]
R3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c988e6db5c7e84;Google Update Service (gupdate1c988e6db5c7e84);c:\program files\google\update\GoogleUpdate.exe [2009-2-7 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-6 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-7 133104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-09-10 07:48:22 -------- d-----w- c:\users\oemuser\appdata\roaming\NVIDIA
2012-09-09 10:51:04 -------- d-----w- c:\users\oemuser\appdata\roaming\Auslogics
2012-09-09 10:50:47 -------- d-----w- c:\program files\Auslogics
2012-09-08 12:26:34 -------- d-----w- C:\2fae363671e7d90997a43bdd9d15e4a0
2012-09-08 12:22:39 -------- d--h--w- c:\windows\msdownld.tmp
2012-09-08 12:22:24 -------- d-----w- c:\windows\system32\directx
2012-09-08 11:56:58 24576 ----a-w- c:\windows\system32\AsIO.dll
2012-09-08 11:56:58 12400 ----a-w- c:\windows\system32\drivers\AsIO.sys
2012-09-08 11:56:52 -------- d-----w- c:\program files\ASUS
2012-09-08 09:25:02 -------- d-----w- c:\windows\pss
2012-09-08 09:16:53 -------- d-----w- c:\program files\CCleaner
2012-09-08 05:49:54 574424 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2012-09-08 05:49:54 54328 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2012-09-08 05:49:54 35264 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2012-09-08 05:39:41 7022536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3e6eac97-2cff-4de5-92ec-8ee8f031ee64}\mpengine.dll
2012-08-15 03:17:05 623616 ----a-w- c:\windows\system32\localspl.dll
.
==================== Find3M ====================
.
2012-08-15 07:28:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 07:28:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 07:28:08 9232584 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-07-04 14:02:46 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-22 05:35:16 70568 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-06-22 05:34:52 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-06-22 05:29:42 107896 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2012-06-22 05:29:36 254944 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-06-22 01:39:14 70768 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-06-22 01:39:02 149464 ----a-w- c:\windows\SGDetectionTool.dll
2012-06-22 01:39:00 2267096 ----a-w- c:\windows\PCTBDCore.dll
2012-06-22 01:39:00 1689560 ----a-w- c:\windows\PCTBDRes.dll
2012-06-22 01:38:38 767960 ----a-w- c:\windows\BDTSupport.dll
.
============= FINISH: 20:20:40.34 ===============

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-10 20:25:54
-----------------------------
20:25:54.493 OS Version: Windows 6.0.6002 Service Pack 2
20:25:54.493 Number of processors: 4 586 0xF0B
20:25:54.494 ComputerName: SMITHPC UserName: OEMuser
20:25:56.305 Initialize success
20:36:00.266 AVAST engine defs: 12091000
20:37:06.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-6
20:37:06.143 Disk 0 Vendor: WDC_WD6400AACS-00G8B0 05.04C05 Size: 610480MB BusType: 3
20:37:06.187 Disk 0 MBR read successfully
20:37:06.189 Disk 0 MBR scan
20:37:06.194 Disk 0 Windows VISTA default MBR code
20:37:06.199 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 610478 MB offset 2048
20:37:06.205 Disk 0 scanning sectors +1250260992
20:37:06.336 Disk 0 scanning C:\Windows\system32\drivers
20:37:17.372 Service scanning
20:37:37.433 Modules scanning
20:37:52.096 Disk 0 trace - called modules:
20:37:52.115 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
20:37:52.119 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8f136588]
20:37:52.448 3 CLASSPNP.SYS[93fa18b3] -> nt!IofCallDriver -> [0x8f033088]
20:37:52.454 5 PCTCore.sys[9381b82d] -> nt!IofCallDriver -> [0x8e5af918]
20:37:52.461 7 acpi.sys[936cb6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-6[0x8e5a9b98]
20:37:53.867 AVAST engine scan C:\Windows
20:38:23.397 AVAST engine scan C:\Windows\system32
20:41:11.180 AVAST engine scan C:\Windows\system32\drivers
20:41:25.245 AVAST engine scan C:\Users\OEMuser
20:54:01.291 AVAST engine scan C:\ProgramData
20:55:59.933 Scan finished successfully
21:19:56.707 Disk 0 MBR has been saved successfully to "C:\Users\OEMuser\Documents\MBR.dat"
21:19:56.712 The log file has been saved successfully to "C:\Users\OEMuser\Documents\aswMBR.txt"
----------------------------------------------------------
[I]Edit
First topic closed: http://forums.spybot.info/showthread.php?p=430835#post430835
Onychophoran
2012-09-13, 13:36
Please close. I fixed it myself. The reason why I restarted the thread was due to the fact that many other people requiring assistance have received help who posted well after this thread. Your introductory threads on how to receive help does not include this fact.
tashi
2012-09-13, 17:48
http://forums.spybot.info/showpost.php?p=430835&postcount=3


Originally Posted by Onychophoran http://forums.spybot.info/images/buttons/viewpost.gif (http://forums.spybot.info/showthread.php?p=430832#post430832)
Remove this thread. 0 replies... maybe the title wasn't interesting enough.



Hello Onychophoran,

:blink:

This topic was started yesterday, three posts were merged.

Your new topic: http://forums.spybot.info/showthread.php?t=66713

"BEFORE You POST"(Please read this Procedure Before Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Help in this forum is provided by volunteers, it is not a shop. :wink:

Waiting for help in the Malware Forum FOUR days or longer? (http://forums.spybot.info/showthread.php?t=1137)

Best regards.


Please close. I fixed it myself. The reason why I restarted the thread was due to the fact that many other people requiring assistance have received help who posted well after this thread. Your introductory threads on how to receive help does not include this fact.
From the forum FAQ linked previously.


Please do not start more than one topic for the same computer during the same period. It will either be removed, closed or merged with your original thread.

Glad you were able to fix the issue.

:greeting: (http://forums.spybot.info/showpost.php?p=430835&postcount=3)