PDA

View Full Version : Crazy Problems!



moonlightandroses
2013-11-22, 04:52
Having crazy issues...HIGH CPU, Slow Internet, Shock Wave Freezes...suspecting virus or malware.

Previous topic: http://forums.spybot.info/showthread.php?69751-HIGH-CPU-Background-programs-Disabling-of-Spy-Bot-guessing-Virus-or-Malware

Below are DDS and aswMBR logs:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16736
Run by Lorrie at 20:36:27 on 2013-11-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.1353 [GMT -6:00]
.
AV: Spybot - Search and Destroy *Enabled/Updated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Windstream\Diagnostic Tools\HsdService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Windstream\Diagnostic Tools\DiagnosticTools.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe
C:\Program Files\Windstream\Service Agent\ServicepointService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://vp.crossmark.com/
uProxyServer = localhost:21320
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} -
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} -
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
mRun: [Windstream Service Agent.exe] "c:\program files\windstream\service agent\Windstream Service Agent.exe" /AUTORUN
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [DiagnosticTools.exe] "c:\program files\windstream\diagnostic tools\DiagnosticTools.exe" /AUTORUN
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 6.0\apdproxy.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\Marketsplash Print Software.lnk.disabled
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.254.254
TCP: Interfaces\{07BECF09-966E-474F-AC4E-E355ECB076C6} : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{733263B9-EEB7-459C-A510-3A00B34297FF} : DHCPNameServer = 192.168.254.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - <Clsid value has no data>
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\17.1.2\ViProtocol.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\lorrie\appdata\roaming\mozilla\firefox\profiles\8ds89fh7.default-1379420438382\
FF - prefs.js: browser.startup.homepage - www.ebay.com (http://www.ebay.com)
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\windstream\service agent\nprpspa.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_152.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SDHookDriver;Hook Test Driver;c:\program files\spybot - search & destroy 2\SDHookDrv32.sys [2013-11-17 46248]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-27 176128]
R2 HsdService;HsdService;c:\program files\windstream\diagnostic tools\HsdService.exe [2012-6-29 1393976]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-11-17 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-11-17 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-11-17 171416]
R2 ServicepointService;ServicepointService;c:\program files\windstream\service agent\ServicepointService.exe [2012-6-29 10315064]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
R4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-7-20 208184]
R4 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-7-20 60216]
R4 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-10 22328]
R4 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-7-20 246072]
R4 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-7-1 96568]
R4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-5 39224]
R4 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182072]
R4 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-9-1 37664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 GamesAppService;GamesAppService;"c:\program files\wildtangent games\app\gamesappservice.exe" --> c:\program files\wildtangent games\app\GamesAppService.exe [?]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-15 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-27 1343400]
S4 AVGIDSAgent;AVGIDSAgent;"c:\program files\avg\avg2013\avgidsagent.exe" --> c:\program files\avg\avg2013\avgidsagent.exe [?]
S4 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-7-20 171320]
S4 avgwd;AVG WatchDog;"c:\program files\avg\avg2013\avgwdsvc.exe" --> c:\program files\avg\avg2013\avgwdsvc.exe [?]
S4 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]
S4 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;c:\program files\common files\avg secure search\vtoolbarupdater\17.1.2\ToolbarUpdater.exe [2013-11-18 1734680]
.
=============== Created Last 30 ================
.
2013-11-20 15:17:21 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-20 15:17:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-11-19 22:39:59 -------- d-----w- c:\program files\AVG Secure Search
2013-11-17 21:30:46 1796096 ----a-w- c:\windows\system32\authui.dll
2013-11-17 21:30:46 168960 ----a-w- c:\windows\system32\credui.dll
2013-11-17 21:30:46 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-17 21:30:34 247808 ----a-w- c:\windows\system32\schannel.dll
2013-11-17 21:30:33 99840 ----a-w- c:\windows\system32\sspicli.dll
2013-11-17 21:30:33 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-11-17 21:30:33 369848 ----a-w- c:\windows\system32\drivers\cng.sys
2013-11-17 21:30:33 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-11-17 21:30:33 22016 ----a-w- c:\windows\system32\secur32.dll
2013-11-17 21:30:33 22016 ----a-w- c:\windows\system32\lsass.exe
2013-11-17 21:30:33 15872 ----a-w- c:\windows\system32\sspisrv.dll
2013-11-17 21:30:33 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-11-17 21:30:33 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2013-11-17 21:29:04 305152 ----a-w- c:\windows\system32\gdi32.dll
2013-11-17 21:29:01 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-17 21:29:01 656896 ----a-w- c:\windows\system32\nshwfp.dll
2013-11-17 21:29:01 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-17 21:24:32 18968 ----a-w- c:\windows\system32\sdnclean.exe
2013-11-16 13:25:01 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-11-16 13:24:48 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-11-16 12:57:08 -------- d-----w- c:\users\lorrie\appdata\local\LogMeIn Rescue Applet
2013-11-16 12:46:07 -------- d-----w- c:\users\lorrie\appdata\local\SlimWare Utilities Inc
2013-11-16 12:46:03 -------- d-----w- c:\programdata\SlimWare Utilities Inc
2013-11-14 02:23:43 -------- d-----w- c:\program files\VS Revo Group
2013-11-13 14:02:14 -------- d-----w- c:\users\lorrie\appdata\local\Avg2013
2013-11-13 05:34:50 1168384 ----a-w- c:\windows\system32\crypt32.dll
2013-11-12 11:24:16 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-11-11 23:10:47 -------- d-----w- c:\programdata\Seagate
2013-11-11 23:10:45 -------- d-----w- c:\users\lorrie\appdata\roaming\Seagate
2013-11-07 20:15:27 -------- d-----w- c:\program files\SearchProtect
2013-11-07 20:15:26 -------- d-----w- c:\users\lorrie\appdata\local\SearchProtect
2013-11-03 11:50:01 -------- d-----w- c:\users\lorrie\appdata\roaming\LavasoftStatistics
2013-11-03 01:47:31 -------- d-----w- c:\programdata\Oracle
.
==================== Find3M ====================
.
2013-11-18 21:53:26 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-11-17 21:51:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-17 21:51:26 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-12 07:03:50 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-10-12 07:02:33 2877952 ----a-w- c:\windows\system32\jscript9.dll
2013-10-12 07:02:29 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-10-12 07:02:29 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-10-12 06:08:58 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-12 05:15:39 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-09-14 00:48:58 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-10 06:34:48 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-08 02:07:12 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:03:58 231424 ----a-w- c:\windows\system32\mswsock.dll
2013-09-05 06:43:42 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-08-29 01:51:45 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 01:50:30 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- c:\windows\system32\advapi32.dll
2013-08-28 01:04:30 2348544 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 00:57:20 434688 ----a-w- c:\windows\system32\scavengeui.dll
.
============= FINISH: 20:40:15.60 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-11-21 05:05:51
-----------------------------
05:05:51.918 OS Version: Windows 6.1.7601 Service Pack 1
05:05:51.918 Number of processors: 4 586 0xF0B
05:05:51.920 ComputerName: LORRIE-PC UserName: Lorrie
05:05:53.649 Initialize success
05:07:25.335 AVAST engine defs: 13111900
05:07:57.939 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
05:07:57.939 Disk 0 Vendor: ST3500630AS 3.ADG Size: 476940MB BusType: 3
05:07:58.064 Disk 0 MBR read successfully
05:07:58.064 Disk 0 MBR scan
05:07:58.080 Disk 0 Windows 7 default MBR code
05:07:58.080 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
05:07:58.095 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 98304
05:07:58.111 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461531 MB offset 31555584
05:07:58.111 Disk 0 scanning sectors +976771072
05:07:58.189 Disk 0 scanning C:\Windows\system32\drivers
05:08:09.655 Service scanning
05:08:36.471 Modules scanning
05:08:45.051 Disk 0 trace - called modules:
05:08:45.566 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll pciide.sys PCIIDEX.SYS atapi.sys
05:08:45.582 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x861ef8b8]
05:08:45.582 3 CLASSPNP.SYS[8b40459e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x853e9610]
05:08:46.486 AVAST engine scan C:\Windows
05:08:48.358 AVAST engine scan C:\Windows\system32
05:11:52.237 AVAST engine scan C:\Windows\system32\drivers
05:12:09.038 AVAST engine scan C:\Users\Lorrie
05:24:38.029 AVAST engine scan C:\ProgramData
05:27:19.926 Scan finished successfully
05:27:35.994 Disk 0 MBR has been saved successfully to "C:\Users\Lorrie\Documents\Computer fixes\MBR.dat"
05:27:35.994 The log file has been saved successfully to "C:\Users\Lorrie\Documents\Computer fixes\aswMBR.txt"