PDA

View Full Version : Extremely slow laptop I think its infected



EAHUFF
2013-07-07, 04:27
While this laptop is older recently it has gotten extremely slow loading and internet use. Any assistance would be appreciated.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Butch Tuthill at 17:47:06 on 2013-07-06
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.411 [GMT -7:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.0.1\ToolbarUpdater.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
uRun: [ROC_ROC_APR2013_AV] c:\documents and settings\butch tuthill\application data\avg april 2013 campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 39228938aa0447d38175d15c83279067-a2a9668d078a01e46722d44183cb80ce7e100132 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\stsystra.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
StartupFolder: c:\docume~1\butcht~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1348110943625
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{55CC3C06-FF9D-4411-976C-861CC07D26CF} : DHCPNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{6A70B8EF-4201-4BB5-924C-D0F02D29C6B0} : DHCPNameServer = 192.168.0.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 245048]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-16 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 170808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 182072]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-5-5 33624]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-4-18 283136]
R2 vToolbarUpdater15.0.1;vToolbarUpdater15.0.1;c:\program files\common files\avg secure search\vtoolbarupdater\15.0.1\ToolbarUpdater.exe [2013-5-5 990896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-12 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-06-22 00:47:18 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-22 00:47:17 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-07 22:30:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:30:05 43520 ------w- c:\windows\system32\licmgr10.dll
2013-05-07 22:30:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53:29 385024 ------w- c:\windows\system32\html.iec
2013-05-05 21:13:55 33624 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-05-03 01:26:26 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:18 2070144 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 17:47:43.28 ===============


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-06 17:52:00
-----------------------------
17:52:00.375 OS Version: Windows 5.1.2600 Service Pack 3
17:52:00.375 Number of processors: 1 586 0x4C02
17:52:00.375 ComputerName: MARIEMOM UserName:
17:52:00.671 Initialize success
18:15:56.796 AVAST engine defs: 13070601
18:16:32.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:16:32.625 Disk 0 Vendor: WDC_WD600BEVS-75LAT0 02.06M02 Size: 57231MB BusType: 3
18:16:32.843 Disk 0 MBR read successfully
18:16:32.843 Disk 0 MBR scan
18:16:32.921 Disk 0 Windows XP default MBR code
18:16:32.921 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 70 MB offset 63
18:16:32.937 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 53615 MB offset 144585
18:16:32.984 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3537 MB offset 109948860
18:16:32.984 Disk 0 scanning sectors +117194175
18:16:33.031 Disk 0 scanning C:\WINDOWS\system32\drivers
18:16:48.406 Service scanning
18:17:09.484 Modules scanning
18:17:16.125 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
18:17:17.453 Disk 0 trace - called modules:
18:17:17.468 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
18:17:17.468 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84b54ab8]
18:17:17.468 3 CLASSPNP.SYS[f7544fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x84b69b00]
18:17:18.078 AVAST engine scan C:\WINDOWS
18:17:23.984 AVAST engine scan C:\WINDOWS\system32
18:22:32.890 AVAST engine scan C:\WINDOWS\system32\drivers
18:22:53.578 AVAST engine scan C:\Documents and Settings\Butch Tuthill
18:23:49.906 AVAST engine scan C:\Documents and Settings\All Users
18:24:44.234 Scan finished successfully
18:25:12.062 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Butch Tuthill\Desktop\Do Not Delete\MBR.dat"
18:25:12.062 The log file has been saved successfully to "C:\Documents and Settings\Butch Tuthill\Desktop\Do Not Delete\aswMBR.txt"

Blade81
2013-07-17, 11:29
Hi,

Please post fresh DDS logs including both dds.txt & attach.txt contents.

EAHUFF
2013-07-18, 09:09
Here is the new DDS and attached is the other report requested. Thanks!

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Butch Tuthill at 23:02:09 on 2013-07-17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.431 [GMT -7:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.0.1\ToolbarUpdater.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Reader 11.0\Reader\Reader_sl.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
uRun: [ROC_ROC_APR2013_AV] c:\documents and settings\butch tuthill\application data\avg april 2013 campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 39228938aa0447d38175d15c83279067-a2a9668d078a01e46722d44183cb80ce7e100132 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\stsystra.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
StartupFolder: c:\docume~1\butcht~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1348110943625
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{55CC3C06-FF9D-4411-976C-861CC07D26CF} : DHCPNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{6A70B8EF-4201-4BB5-924C-D0F02D29C6B0} : DHCPNameServer = 192.168.0.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 245048]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-16 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 170808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 182072]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-5-5 33624]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-4-18 283136]
R2 vToolbarUpdater15.0.1;vToolbarUpdater15.0.1;c:\program files\common files\avg secure search\vtoolbarupdater\15.0.1\ToolbarUpdater.exe [2013-5-5 990896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-12 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-07-07 00:24:32 -------- d-----w- c:\documents and settings\butch tuthill\application data\Malwarebytes
2013-07-07 00:23:10 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-07-07 00:23:01 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-07 00:23:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2013-06-22 00:47:18 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-22 00:47:17 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-07 22:30:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:30:05 43520 ------w- c:\windows\system32\licmgr10.dll
2013-05-07 22:30:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53:29 385024 ------w- c:\windows\system32\html.iec
2013-05-05 21:13:55 33624 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-05-03 01:26:26 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:18 2070144 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 23:03:21.65 ===============


10831

Blade81
2013-07-18, 23:41
Hi,

Logs look ok. Latest versions of AVG antivirus protection have caused some slowness on some systems. It would be recommended to try some alternative antivirus protection to see if it helps (AVG remover can be found here (http://download.avg.com/filedir/util/avgrem/avg_remover_stf_x86_2013_3341.exe)).

A couple of free alternatives:
Avast! (http://www.avast.com/eng/download-avast-home.html)
Microsoft Security Essentials (http://windows.microsoft.com/en-us/windows/security-essentials-download)


Also, has the hard drive been defragged recently?

EAHUFF
2013-07-19, 09:11
Actually it was a used laptop when my wife bought it and I took a bunch of trash off of it about 9 months ago. It never was a speed demon but it seems to have recently gotten slow so I assumed it was infected.

To answer your question/concerns.

Never liked AVG so I will switch it out to AVAST

I did defrag it when I removed all the trash on it about 9 months ago but will again. Is there anything better than the defragmenter that comes with Windows? Ive always just used that one but wasn't sure.

Thanks for your help

Blade81
2013-07-20, 02:35
Hi,

For defragging you could try Mydefrag (http://www.mydefrag.com/).

EAHUFF
2013-07-20, 09:22
Thanks for the assistance and advice. Much appreciated!

Blade81
2013-07-21, 14:16
You're welcome :)

Blade81
2013-08-14, 07:54
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.