Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Vista PC intermittently almost non-responsive

  1. #1
    Junior Member
    Join Date
    Mar 2007
    Location
    New York City
    Posts
    14

    Default Vista PC intermittently almost non-responsive

    I've received very good help here a few years back, and I'd be grateful if anybody would help me with my new problem.

    My PC is a Dell Inspiron 9400 laptop with 2MB RAM running Vista service pack 2 on a T5200 Core 2 Duo processor.

    I'm very close to ditching the computer and getting a new one, not least due to it's old age (4.5 years) but I'm concerned about copying any infected files to a new PC and face the same issues I'm struggling with now.

    I don't have a clear indication of virus/malware after scanning multiple times with Zonealarm, Malwarebytes, Trend Micro Housecall, and Superanitspyware, but ever so often the PC will start up and some process will hog all cpu resources and leave the computer close to unresponsive - and the only remedy is to restart, which usually stops the madness.

    Frequently the HD seems very busy when there should be no reason for it, and I've not always been able to pin down what caused it (various versions and potentially faulty installations of Zonealarm ISS appear to be partly responsible).

    A few weeks ago the un-responsiveness got so out of hand, that I chose to restore the system to the oldests available point, and surprisingly this cleared all symptoms for a day or two - then they slowly but surely returned.

    Zonealarm did report finding an unspecified trojan in autorun.inf yesterday, but also claimed to have treated it. I use a usb drive to transfer data to outside computers semi-public computers (university based).

    Here's my DDS.txt:

    ------------------
    .
    DDS (Ver_11-05-19.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by Giraffe at 11:16:00 on 2011-07-22
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2046.826 [GMT -4:00]
    .
    AV: ZoneAlarm Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: ZoneAlarm Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
    FW: ZoneAlarm Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\Ati2evxx.exe
    C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
    C:\Windows\System32\WLTRYSVC.EXE
    C:\Windows\System32\bcmwltry.exe
    C:\Windows\system32\brsvc01a.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\brss01a.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\TeamViewer\Version6\TeamViewer.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Windows\sttray.exe
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\Program Files\TeamViewer\Version6\tv_w32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
    C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\Giraffe\Downloads\dds.scr
    C:\Windows\system32\WSCRIPT.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uWindow Title = Internet Explorer provided by Dell
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    TB: Deposit IE Toolbar: {6aa40521-14e7-4b1d-b1b4-98528c1388c9} - c:\progra~1\deposi~1\dfmana~1\DEPOSI~1.DLL
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [<NO NAME>]
    uRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
    uRun: [Google Update] "c:\users\giraffe\appdata\local\google\update\GoogleUpdate.exe" /c
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
    mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
    mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
    mRun: [SigmatelSysTrayApp] sttray.exe
    mRun: [Smart File Advisor] "c:\program files\smart file advisor\sfa.exe" /checkassoc
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [ISW]
    mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
    StartupFolder: c:\users\giraffe\appdata\roaming\micros~1\windows\startm~1\programs\startup\ccc.lnk - c:\program files\ati technologies\ati.ace\core-static\CCC.exe
    StartupFolder: c:\users\giraffe\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{53a01cc6-14b0-4512-a2e7-10d39bf83dc4}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\poker\pokerstars\PokerStarsUpdate.exe
    IE: {D5AD327A-A089-4F04-89FD-4EA9812B3913} - {D5AD327A-A089-4F04-89FD-4EA9812B3913} - c:\progra~1\deposi~1\dfmana~1\DEPOSI~1.DLL
    Trusted Zone: cnchost.com\register
    DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
    DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
    DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
    DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-10-14 11352]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 67656]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-4-27 21504]
    R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-5-30 27016]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-3-15 809296]
    R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2010-12-7 2228008]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-4-27 16896]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-6 135664]
    S3 B-Service;B-Service;c:\users\giraffe\appdata\roaming\mikogo\B-Service.exe [2009-1-25 185640]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-11-6 135664]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-4-27 21504]
    S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-7-5 29824]
    S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-7-5 41344]
    S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-7-5 39936]
    S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-7-5 59776]
    S3 pwusbio;Pixelworks USB Driver;c:\windows\system32\drivers\pwusbio.sys [2007-2-17 20641]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 12872]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-5-30 493184]
    .
    =============== Created Last 30 ================
    .
    2011-07-22 12:49:49 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{2fecd652-1317-4d11-87d7-44fcf30aad80}\mpengine.dll
    2011-07-13 10:48:16 2043392 ----a-w- c:\windows\system32\win32k.sys
    2011-07-13 10:48:01 49152 ----a-w- c:\windows\system32\csrsrv.dll
    2011-07-13 10:48:01 375808 ----a-w- c:\windows\system32\winsrv.dll
    2011-07-10 14:49:56 -------- d-----w- c:\users\giraffe\appdata\local\Sun
    2011-07-09 17:04:00 388096 ----a-r- c:\users\giraffe\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-07-08 22:21:29 -------- d-----w- c:\users\giraffe\appdata\roaming\MailFrontier
    2011-07-08 22:06:47 -------- d-----w- c:\windows\Internet Logs
    2011-07-08 21:57:26 -------- d-----w- c:\users\giraffe\appdata\roaming\CheckPoint
    2011-07-08 21:56:08 -------- d-----w- c:\program files\zonealarm_security_suite
    2011-07-08 21:37:08 -------- d-----w- c:\program files\CheckPoint
    2011-07-08 18:34:52 -------- d-----w- c:\programdata\Kaspersky SDK
    2011-07-08 15:47:04 -------- d-----w- c:\programdata\AVG10
    2011-07-08 15:38:32 -------- d-----w- c:\program files\AVG
    2011-07-08 15:17:50 -------- d--h--w- c:\programdata\Common Files
    2011-07-08 15:15:16 -------- d-----w- c:\programdata\MFAData
    2011-07-08 15:11:34 -------- d-----w- c:\windows\Internet Logs(203)
    2011-07-04 19:53:44 -------- d-----w- c:\program files\common files\Java(3)
    2011-06-29 11:12:29 276992 ----a-w- c:\windows\system32\schannel.dll
    2011-06-25 18:22:35 -------- d-----w- c:\program files\Amazon
    2011-06-23 01:19:18 -------- d-----w- c:\program files\Veetle
    .
    ==================== Find3M ====================
    .
    2011-07-10 14:42:00 544656 ----a-w- c:\windows\system32\deployJava1.dll
    2011-06-20 03:07:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-24 23:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-05-07 21:51:26 451160 ----a-w- c:\windows\system32\drivers\vsdatant.sys
    2011-05-02 17:16:14 739328 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-29 13:25:10 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-04-29 13:25:09 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-04-29 13:24:50 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-04-29 13:24:42 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-04-29 13:24:40 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    .
    ============= FINISH: 11:19:27.46 ===============


    Thank you very much for any feedback and help!

    Johan

  2. #2
    Senior Member
    Join Date
    Aug 2010
    Location
    Near Atlanta, GA
    Posts
    189

    Default

    Hello McMelchior and welcome to the Safernetworking Forums .
    I'm RedCar92 and my name is Bill, I'll be glad to help you with your computer problems.

    • Please observe these rules while we work:
    • Read the entire procedure
    • It is important to perform ALL actions in sequence.
    • If you don't know, stop and ask! Don't keep going on.
    • Please reply to this thread. Do not start a new topic.
    • Stick with me till you're given the all clear. Malware removal can be stressful but we will clean it.
    • Remember, absence of symptoms does not mean the infection is all gone.
    • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.


    Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise, this will be a team effort.
    This may cause a delay, but I will do my best to keep it as short as possible.

    Please bear with me, I will post back to you as soon as I can.

    IMPORTANT NOTE : Please do not delete anything unless instructed to.
    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

    Doing so could make your pc inoperative and could require a full reinstall of your OS, losing all your programs and data.

    These tools MUST be run from the executable. (.exe) every time you run them
    with Admin Rights (Right click, choose "Run as Administrator")

    Stay with this topic until I give you the all clean post.

  3. #3
    Junior Member
    Join Date
    Mar 2007
    Location
    New York City
    Posts
    14

    Default

    Quote Originally Posted by redcar92 View Post
    Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise, this will be a team effort.
    This may cause a delay, but I will do my best to keep it as short as possible.

    Please bear with me, I will post back to you as soon as I can.
    Thank you very much to both you!

    I'm standby until I see more instructions from you.


  4. #4
    Senior Member
    Join Date
    Aug 2010
    Location
    Near Atlanta, GA
    Posts
    189

    Default

    Greetings McMelchior,

    First
    • Please download aswMBR ( 511KB ) to your desktop.
    • Double click the aswMBR.exe icon to run it
    • Click the Scan button to start the scan
    • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


    Next
    You mentioned that you used a flash memory extensively. These can be great virus carriers. I would recommend this.
    Download Flash_Disinfector.exe by sUBs[/b] from HERE and save it to your desktop.
    • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
    • Wait until it has finished scanning and then exit the program.
    • Reboot your computer when done.
    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

    Or
    If you use a flash drive it is recommended that you download and run Panda USB Vaccine from here . Panda USB Vaccine makes sure no viruses embed themselves in the autorun file on your USB drive, so you won't be infected by an autorun virus.

  5. #5
    Junior Member
    Join Date
    Mar 2007
    Location
    New York City
    Posts
    14

    Default

    Thank you, Bill.

    The log is posted at the end of this post.

    Quote Originally Posted by redcar92 View Post
    Download Flash_Disinfector.exe by sUBs[/b] from HERE [...]

    Or
    [...] download and run Panda USB Vaccine from here
    I did run the flash_disinfector with no alerts showing up; I assume since you wrote "OR" that the second suggestion is not needed then?

    Again, than you very much for helping me out!

    Best,

    Johan

    aswMBR log:

    --------------

    aswMBR version 0.9.8.977 Copyright(c) 2011 AVAST Software
    Run date: 2011-07-24 14:49:18
    -----------------------------
    14:49:18.650 OS Version: Windows 6.0.6002 Service Pack 2
    14:49:18.650 Number of processors: 2 586 0xF06
    14:49:18.652 ComputerName: GIRAFFE-PC UserName: Giraffe
    14:49:31.207 Initialize success
    14:51:41.254 AVAST engine defs: 11072401
    14:51:56.729 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    14:51:56.733 Disk 0 Vendor: Hitachi_HTS541616J9SA00 SB4OC74P Size: 152627MB BusType: 3
    14:51:56.777 Disk 0 MBR read successfully
    14:51:56.782 Disk 0 MBR scan
    14:52:01.275 Disk 0 Windows VISTA default MBR code
    14:52:01.322 Disk 0 scanning sectors +312578048
    14:52:02.142 Disk 0 scanning C:\Windows\system32\drivers
    14:52:30.329 Service scanning
    14:52:34.648 Modules scanning
    14:52:57.463 Disk 0 trace - called modules:
    14:52:57.530 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys
    14:52:57.537 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88c3b558]
    14:52:57.543 3 CLASSPNP.SYS[8b3608b3] -> nt!IofCallDriver -> [0x87dd7bc8]
    14:52:57.565 5 acpi.sys[84e976bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8707ab98]
    14:52:58.912 AVAST engine scan C:\Windows
    14:53:08.845 AVAST engine scan C:\Windows\system32
    14:56:37.176 AVAST engine scan C:\Windows\system32\drivers
    14:56:54.415 AVAST engine scan C:\Users\Giraffe
    16:39:32.210 AVAST engine scan C:\ProgramData
    16:50:35.585 Scan finished successfully
    16:56:58.566 Disk 0 MBR has been saved successfully to "C:\Users\Giraffe\Desktop\MBR.dat"
    16:56:58.607 The log file has been saved successfully to "C:\Users\Giraffe\Desktop\aswMBR.txt"


    ---------------------------------------------------------

  6. #6
    Senior Member
    Join Date
    Aug 2010
    Location
    Near Atlanta, GA
    Posts
    189

    Default

    Greetings McMelchior,

    I see in your logs that you have Malwarebytes installed on your system.
    • Double click on MalwareBytes, mbam.exe to run it.
    • If Malwarebytes asks to update click on yes, if you are not asked.
    • Click on the Update tab then click on Check for updates.
    • After updates finish, click on the Scanner tab. Select Perform quick scan.
    • Click on Scan button.
    • When finished copy/paste the contents of mbam.txt into your next post please.


    Next
    Please use Internet Explorer to download and run the following scan: Eset Online Scanner
    • Place a check mark in the box YES, I accept the Terms Of Use
    • Click the Start button.
    • Now click the Install button.
    • Click Start. The scanner engine will initialize and update.
    • Do Not place a check mark in the box beside Remove found threats.
    • Click the Scan button. The scan will now run, please be patient.
    • When the scan finishes if there are any infections you will see a List of found threats.
    • Click Export to text file
    • Copy and paste the contents of the C:\Program Files\ESET\log.txt into your next reply.
    • If no threats are found there will be no list, this is good, just tell me that no threats were found.


    Logs to post:
    • mbam.txt
    • ESET report if available.

  7. #7
    Junior Member
    Join Date
    Mar 2007
    Location
    New York City
    Posts
    14

    Default

    Hi again Bill, here are both logs:

    ----------------------------------
    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7268

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 9.0.8112.16421

    7/24/2011 10:45:48 PM
    mbam-log-2011-07-24 (22-45-47).txt

    Scan type: Quick scan
    Objects scanned: 243166
    Time elapsed: 20 minute(s), 54 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    ----------------------------------------

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
    # OnlineScanner.ocx=1.0.0.6528
    # api_version=3.0.2
    # EOSSerial=687e5ce472cfcb48b677422e597e6e2d
    # end=stopped
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-07-25 03:14:54
    # local_time=2011-07-24 11:14:54 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=1033
    # osver=6.0.6002 NT Service Pack 2
    # compatibility_mode=1032 16777214 0 1 500100 500100 0 0
    # compatibility_mode=5892 16776573 100 100 0 148171127 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # compatibility_mode=9217 16776573 100 13 1314894 2518413 0 0
    # scanned=1354
    # found=0
    # cleaned=0
    # scan_time=140
    esets_scanner_update returned -1 esets_gle=53251
    # version=7
    # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
    # OnlineScanner.ocx=1.0.0.6528
    # api_version=3.0.2
    # EOSSerial=687e5ce472cfcb48b677422e597e6e2d
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-07-25 10:33:32
    # local_time=2011-07-25 06:33:32 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=1033
    # osver=6.0.6002 NT Service Pack 2
    # compatibility_mode=1032 16777214 0 1 500631 500631 0 0
    # compatibility_mode=5892 16776573 100 100 0 148171658 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # compatibility_mode=9217 16776573 100 13 1315425 2518944 0 0
    # scanned=696613
    # found=0
    # cleaned=0
    # scan_time=25927
    ---------------------------

    Best,

    Johan

  8. #8
    Senior Member
    Join Date
    Aug 2010
    Location
    Near Atlanta, GA
    Posts
    189

    Default

    Greetings Johan,
    Your problems do not seem to be malware related as your logs all appear clean.
    If you haven,t defragged your hard drive recently you may want to try Puran Defrag from here http://forums.whatthetech.com/index.php?showforum=126
    Also you may want to do scandisk to find bad hard drive sectors that really slow down a system.
    The techs at the next 2 sites may be able to help with your problem also.
    Here http://forums.whatthetech.com/index.php?showforum=119 for Windows Vista problems.
    Here http://forums.whatthetech.com/index.php?showforum=126 for hardware problems.

    Next
    To remove Hijackthis do the following:
    • Click Start Control PanelAdd or Remove Programs
    • Click on Hijackthis
    • Click on Remove
    • When done close all windows.
    • Navigate to C:\Program files\Trend Micro
    • Delete the Hijackthis folder.
    • Close all windows.


    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.


    You should keep Malwarebytes, ERUNT, and ESET. You should update and run them on a regular basis to keep your PC clean.
    Your PC looks to be All Clean from my end.

    You say that occasionally your PC will be very busy at bootup. This could be a function of updating programs or a hard disk type problem.
    If you haven,t defragged your hard drive recently you may want to try Puran Defrag from here http://forums.whatthetech.com/index.php?showforum=126
    Also you may want to do scandisk to find bad hard drive sectors that really slow down a system


    Below I have included a number of recommendations for how to protect your computer against malware infections.
    • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    • Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe.
    • Keep Windows updated by regularly checking their website at :
    • http://windowsupdate.microsoft.com/
    • This will ensure your computer has always the latest security updates available installed on your computer.
    • Make Internet Explorer more secure
      • Click Start > Run
      • Type Inetcpl.cpl & click OK
      • Click on the Security tab
      • Click Reset all zones to default level
      • Make sure the Internet Zone is selected & Click Custom level
      • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
      • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
    • Download TFC to your desktop
      • Close any open windows.
      • Double click the TFC icon to run the program
      • TFC will close all open programs itself in order to run,
      • Click the Start button to begin the process.
      • Allow TFC to run uninterrupted.
      • The program should not take long to finish it's job
      • Once its finished it should automatically reboot your machine,
      • if it doesn't, manually reboot to ensure a complete clean

      It's normal after running TFC cleaner that the PC will be slower to boot the first time.
    • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
      [
      • Green to go
      • Yellow for caution
      • Red to stop

      WOT has an addon available for both Firefox and IE
    • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
    • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
    • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
      Think Prevention.
      PC Safety and Security--What Do I Need?.


    **Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

    Now is the time to post any questions or issues that have not been resolved for you. This thread will close a few days after last post.

    Thanks for your patience and hard work.

  9. #9
    Junior Member
    Join Date
    Mar 2007
    Location
    New York City
    Posts
    14

    Default

    Thanks for your efforts, Bill!

    I do defrag on a regular basis, so since Dell's built-in hardware checking routines come up fine, I guess it points toward bad sectors on the HD?

    In order for me to plan accordingly, do you by any chance have an estimate of how long it will take to run scandisk on my 137GB 5200 rpm HD? As I rely on my PC if it takes more than 12 - 16 hours I will need to plan accordingly

    Again, thank you very much for investing time and effort in helping me!

    Best greetings,

    Johan

  10. #10
    Senior Member
    Join Date
    Aug 2010
    Location
    Near Atlanta, GA
    Posts
    189

    Default

    Johan, that scan depends, if bad sectors are found and repaired it could take quite some time, even over night. I am not really an expert on hard drives but the techs at the WTT hardware forums are pretty good. They can advise you better than I.
    As much as it may be a hard disk problem, it could also be a software problem, like a program trying to update and having trouble doing so.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •