Pending slow un-responsive HP laptop - HJT log

Discussion in 'Virus, Spyware and Malware Removal' started by Razza, Jan 31, 2010.

Recommended: Click here to Fix Errors and Optimize Windows

Thread Status:
Not open for further replies.

  1. Razza Silver Member

    Silver
    Message Count:
    102
    Likes Received:
    0
    My System
    Loading...
    Hi PCHF,
    My HP laptop has started 2 run slow and often becomes unresponive,my mom has recently started to use my laptop and i wonder has she done something to slow it down or installed a virus.....I would be very grateful if the security anylists could take a gander and let me know where my issues are,thank you very very much in advance...........




    R@ZZ@;)

    Attached Files:

    Razza, Jan 31, 2010
    #1

  2. georgeks Tech Support Team

    PCHF Staff
    Message Count:
    4,057
    Likes Received:
    618
    My System
    Loading...
    Hello Razza

    HJT Logs is not my strong point-to say the least-but out of curiosity, what Model and Part Number is it?
    georgeks, Jan 31, 2010
    #2

  3. Pancake Security Team

    PCHF Staff
    Message Count:
    13,580
    Likes Received:
    609
    My System
    Loading...
    Pancake, Jan 31, 2010
    #3

  4. Google Advertisement

  5. Razza Silver Member

    Silver
    Message Count:
    102
    Likes Received:
    0
    My System
    Loading...
    here are the pre-work programme logs,hope they help,thanks 4 the help.....R@ZZ@



    DDS (Ver_09-12-01.01) - NTFSx86
    Run by Barry Fleming at 7:13:56.60 on 01/02/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.959.298 [GMT 0:00]
    AV: avast! antivirus 4.8.1368 [VPS 100131-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
    FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    ============== Running Processes ===============
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
    C:\Program Files\Oxigen\bin\Oxigen.exe
    C:\Program Files\Oxigen\bin\OxiTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Barry Fleming.PC223012518012\Desktop\dds.scr
    ============== Pseudo HJT Report ===============
    uStart Page = hxxp://www.tattoodle.com?tid={9C6202CF-F499-4db6-BDFA-B84E86424E4F}
    uSearch Page =
    uSearch Bar =
    uInternet Settings,ProxyOverride = local;*.local
    mSearchAssistant =
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
    TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe"
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTProAgent.exe" -autorun
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
    mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
    mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
    mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
    mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [Zone Labs Client] c:\program files\zone labs\zonealarm\zlclient.exe
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
    mRun: [SpybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe"
    mRun: [OxigenClientAdmin] "c:\program files\oxigen\bin\Oxigen.exe"
    mRun: [OxigenTrayIcon] "c:\program files\oxigen\bin\OxiTray.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\barryf~1.pc2\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppavi~1.lnk - c:\program files\hewlett-packard\hp pavilion webcam\HPWebcam.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    ================= FIREFOX ===================
    FF - ProfilePath - c:\docume~1\barryf~1.pc2\applic~1\mozilla\firefox\profiles\n63obsbq.default\
    FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com
    FF - component: c:\program files\mozilla firefox\components\AdVComponent.dll
    FF - plugin: c:\program files\veetle\player\npvlc.dll
    FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: XUL Cache: No Registry Reference - c:\program files\mozilla firefox\extensions\{20335143-8917-48A9-9B7E-D12EC8B9041F}
    FF - HiddenExtension: XUL Cache: No Registry Reference - c:\program files\mozilla firefox\extensions\{B7EF5863-ACE6-44D0-AB01-B44A6F80D82C}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    ============= SERVICES / DRIVERS ===============
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-8-22 114768]
    R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-12-1 372824]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-22 20560]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-8-22 138680]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
    R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-8-22 254040]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-8-22 352920]
    S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2010-1-14 102656]
    S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
    S3 SysProtDrv.sys;SysProtDrv.sys;\??\c:\documents and settings\barry fleming.pc223012518012\desktop\sysprot\sysprotdrv.sys --> c:\documents and settings\barry fleming.pc223012518012\desktop\sysprot\SysProtDrv.sys [?]
    =============== Created Last 30 ================
    2010-01-31 20:56:50 0 d-----w- c:\program files\uTorrent
    2010-01-31 20:56:12 0 d-----w- c:\docume~1\barryf~1.pc2\applic~1\uTorrent
    2010-01-31 15:17:15 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2010-01-31 15:17:15 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2010-01-31 15:16:16 0 d-----w- c:\program files\iPod
    2010-01-31 15:16:06 0 d-----w- c:\program files\iTunes
    2010-01-31 15:16:06 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    2010-01-31 15:12:25 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2010-01-31 15:12:25 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
    2010-01-28 17:09:13 0 d-----w- c:\program files\Oxigen
    2010-01-28 17:07:13 0 d-----w- c:\program files\OxigenInstall
    2010-01-17 18:52:35 0 d-----w- c:\docume~1\barryf~1.pc2\applic~1\THQ
    2010-01-17 18:24:57 0 d-----w- c:\program files\THQ
    2010-01-14 18:21:42 0 d-----w- c:\docume~1\barryf~1.pc2\applic~1\Birdstep Technology
    2010-01-14 18:21:05 0 d-----w- c:\docume~1\alluse~1\applic~1\Birdstep Technology
    2010-01-14 18:20:04 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
    2010-01-14 18:20:04 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
    2010-01-14 18:20:04 112640 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
    2010-01-14 18:20:04 102656 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
    2010-01-14 18:20:04 102400 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
    2010-01-14 18:19:59 70667 ----a-w- c:\windows\Huawei ModemsUninstall.exe
    2010-01-14 18:19:59 0 d-----w- c:\program files\Huawei Modems
    2010-01-14 18:19:58 10240 ------w- c:\windows\system32\drivers\mdvrmng.sys
    2010-01-14 18:19:05 0 d-----w- c:\program files\3 Mobile Broadband
    2010-01-14 18:18:05 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2010-01-14 18:18:05 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
    2010-01-13 08:20:20 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
    2010-01-12 17:28:46 0 d-----w- c:\program files\EACom
    2010-01-05 17:12:33 0 d-----w- c:\program files\common files\Blizzard Entertainment
    2010-01-05 17:12:29 0 d-----w- c:\program files\World of Warcraft Trial
    ==================== Find3M ====================
    2010-01-31 20:22:24 9851 ----a-w- c:\program files\hijackthis.log
    2010-01-18 12:41:16 4212 ---h--w- c:\windows\system32\zllictbl.dat
    2010-01-16 00:07:18 6172 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-01-09 23:22:52 87608 ----a-w- c:\docume~1\barryf~1.pc2\applic~1\inst.exe
    2010-01-09 23:22:52 47360 ----a-w- c:\docume~1\barryf~1.pc2\applic~1\pcouffin.sys
    2009-12-29 22:41:11 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
    2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
    2007-06-28 13:36:16 401720 ----a-w- c:\program files\HijackThis.exe
    2009-05-03 12:13:04 22 --sha-w- c:\windows\sminst\HPCD.sys
    ============= FINISH: 7:15:06.82 ===============

    Attached Files:

    Razza, Feb 1, 2010
    #4

  6. Pancake Security Team

    PCHF Staff
    Message Count:
    13,580
    Likes Received:
    609
    My System
    Loading...
    Run both these programs.

    Please download Malwarebytes' Anti-Malware from one of these places:
    |MG| Malwarebytes Anti-Malware 1.44 Download
    http://www.besttechie.net/tools/mbam-setup.exe


    Double Click mbam-setup.exe to install the application.
    If it will not run make a copy of the MBAM.exe and rename MBAM.exe to xxx.exe and run that.Keep the genuine MBAM.exe as we may need to run that later as is.
    * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select "Perform Quick Scan", then click Scan.
    * The scan may take some time to finish,so please be patient.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Make sure that everything is checked, and click Remove Selected.
    * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    * Copy&Paste the entire report in your next reply.
    PLEASE NOTE:
    If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
    Once that Malwarebytes' Anti-Malware is done removing the malware and you have rebooted the computer, browse around and see if you are still having that problem.

    ===============================================

    Download Combofix.
    Please visit this webpage for download links, and instructions for running combofix:
    www.bleepingcomputer.com/combofix/how-to-use-combofix
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    You can get help on disabling your protection programs here : How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
    Please include the C:\ComboFix.txt in your next reply for further review.

    Caution.....
    Never use this program to remove files.Only use it with help from an experienced user.Wrongful use can damage your computer.
    Pancake, Feb 1, 2010
    #5

slow un-responsive HP laptop - HJT log

Recommended: Click here to Fix Errors and Optimize Windows
Thread Status:
Not open for further replies.