Author Topic: Laptop processing slow and Crashing (Read 796 times)

StephenK · « **on:** January 05, 2008, 10:49:38 AM »

Ok well, this is my dad's laptop it's an HP not sure what model, but it's running Vista. It's having problems processing quickly and it crashes a lot at startup. Here is the hijackthis log. Please check it, make sure it's clean. You will see programs installed like CakeMania and stuff. My dad lets my little sister play games on here. Don't freak.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:40 AM, on 1/5/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\TrueSwitchComcast\TrueWizard.exe
C:\Windows\ehome\ehmsas.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [408809432] C:\PROGRA~1\eGames\WORDIS~1\Register\EGAMES~1.EXE /r "C:\PROGRA~1\eGames\WORDIS~1\Register\EGAMES~1.rpd"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueSwitchComcast\TrueWizard.exe
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://playgames.comcast.net/online2/pirat...rs.1.0.0.32.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.Email Removed.com/mail/w2/resources/...NPUplden-us.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://coupons.smartsource.com/download/cscmv5X.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash...h2.1.0.0.67.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://comcast.oberon-media.com/online2/lu...mjolauncher.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playgames.comcast.net/online2/zuma/...aploader_v5.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12736 bytes

StephenK · « **Reply #1 on:** January 05, 2008, 11:17:27 AM »

Here is a combofix log in advance:

ComboFix 08-01-05.8 - Todd 2008-01-05 11:03:30.1 - NTFSx86
MicrosoftÂ® Windows Vistaâ„¢ Home Premium 6.0.6000.0.1252.1.1033.18.381 [GMT -5:00]
Running from: C:\Users\Todd\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\Downloaded Program Files\Temp
C:\Windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
.

2008-01-05 11:02 . 2000-08-31 08:00   51,200   --a------   C:\Windows\NirCmd.exe
2008-01-05 10:47 . 2008-01-05 10:47   <DIR>   d--------   C:\Program Files\Trend Micro
2008-01-04 20:35 . 2008-01-04 20:35   107,888   --a------   C:\Windows\System32\CmdLineExt.dll
2008-01-01 16:08 . 2008-01-01 16:08   <DIR>   dr-h-----   C:\Users\Todd\AppData\Roaming\SecuROM
2008-01-01 16:06 . 2008-01-01 16:06   <DIR>   d--------   C:\Program Files\Games A Go-Go
2007-12-25 19:09 . 2007-12-25 19:09   <DIR>   d--------   C:\Users\Todd\AppData\Roaming\acccore
2007-12-25 19:07 . 2007-12-25 19:07   <DIR>   d--------   C:\Users\All Users\Viewpoint
2007-12-25 19:07 . 2007-12-25 19:07   <DIR>   d--------   C:\ProgramData\Viewpoint
2007-12-25 19:07 . 2007-12-25 19:08   <DIR>   d--------   C:\Program Files\Viewpoint
2007-12-25 19:06 . 2007-12-25 19:10   <DIR>   d--------   C:\Users\All Users\AOL OCP
2007-12-25 19:06 . 2007-12-25 19:06   <DIR>   d--------   C:\Users\All Users\AOL
2007-12-25 19:06 . 2007-12-25 19:10   <DIR>   d--------   C:\ProgramData\AOL OCP
2007-12-25 19:06 . 2007-12-25 19:06   <DIR>   d--------   C:\ProgramData\AOL
2007-12-25 19:06 . 2007-12-25 19:06   <DIR>   d--------   C:\Program Files\Common Files\AOL
2007-12-25 19:06 . 2007-12-25 19:09   <DIR>   d--------   C:\Program Files\AIM6
2007-12-25 19:06 . 2007-12-25 19:09   430   --ah-----   C:\IPH.PH
2007-12-25 09:22 . 2007-12-25 09:22   416   --a------   C:\Windows\MVPWORD.INI
2007-12-25 08:41 . 1999-05-07 07:24   244,232   --a------   C:\Windows\System32\msflxgrd.ocx
2007-12-25 08:39 . 1999-12-07 12:00   1,384,448   --a------   C:\Windows\System32\temp.007
2007-12-25 08:39 . 2000-01-05 15:10   614,672   --a------   C:\Windows\System32\temp.006
2007-12-25 08:39 . 2000-01-05 15:10   164,112   --a------   C:\Windows\System32\temp.005
2007-12-25 08:39 . 2000-01-05 15:10   143,632   --a------   C:\Windows\System32\temp.008
2007-12-25 08:39 . 2000-03-21 00:55   118,784   --a------   C:\Windows\System32\vbalNCSM6.dll
2007-12-25 08:39 . 1999-02-19 08:54   40,960   --a------   C:\Windows\System32\SSubTmr6.dll
2007-12-25 08:39 . 1998-05-31 00:00   22,288   --a------   C:\Windows\System32\temp.009
2007-12-25 08:39 . 2000-01-05 15:10   16,896   --a------   C:\Windows\System32\temp.004
2007-12-25 08:38 . 2007-12-25 21:53   <DIR>   d--------   C:\Program Files\eGames
2007-12-25 08:38 . 1999-12-07 12:00   1,384,448   --a------   C:\Windows\System32\temp.003
2007-12-25 08:38 . 2000-01-05 15:10   614,672   --a------   C:\Windows\System32\temp.002
2007-12-25 08:38 . 2000-01-05 15:10   164,112   --a------   C:\Windows\System32\temp.001
2007-12-25 08:38 . 1999-03-25 23:00   101,888   --a------   C:\Windows\System32\Vb6stkit.dll
2007-12-25 08:38 . 2000-07-17 13:41   70,088   --a------   C:\Windows\System32\Project2-1.ocx
2007-12-25 08:38 . 2000-01-05 15:10   16,896   --a------   C:\Windows\System32\temp.000
2007-12-25 08:38 . 2000-03-21 15:37   1,760   --a------   C:\Windows\System32\objsafe.tlb
2007-12-25 08:38 . 2000-04-06 14:58   1,453   --a------   C:\Windows\System32\Project2.INF
2007-12-14 12:55 . 2007-12-14 12:55   <DIR>   d--------   C:\Users\Todd\AppData\Roaming\Yahoo!
2007-12-14 12:54 . 2007-12-14 12:54   <DIR>   d--------   C:\Windows\cache
2007-12-14 12:10 . 2007-12-14 12:10   <DIR>   d--------   C:\Program Files\Common Files\Avery
2007-12-14 12:10 . 2007-12-14 12:16   <DIR>   d--------   C:\Program Files\Avery Wizard 3.1
2007-12-13 08:59 . 2007-12-13 08:59   16,080   --a------   C:\Windows\System32\results.xml
2007-12-13 03:07 . 2007-12-13 03:07   1,327,104   --a------   C:\Windows\System32\quartz.dll
2007-12-13 03:06 . 2007-12-13 03:06   223,232   --a------   C:\Windows\System32\WMASF.DLL
2007-12-13 03:06 . 2007-12-13 03:06   9,728   --a------   C:\Windows\System32\LAPRXY.DLL
2007-12-13 03:06 . 2007-12-13 03:06   2,048   --a------   C:\Windows\System32\asferror.dll
2007-12-13 03:03 . 2007-12-13 03:03   3,504,824   --a------   C:\Windows\System32\ntkrnlpa.exe
2007-12-13 03:03 . 2007-12-13 03:03   3,470,520   --a------   C:\Windows\System32\ntoskrnl.exe
2007-12-13 03:02 . 2007-12-13 03:02   2,048   --a------   C:\Windows\System32\tzres.dll
2007-12-12 08:49 . 2007-12-12 08:49   <DIR>   d--------   C:\Windows\System32\Lang
2007-12-12 08:49 . 2007-12-13 08:59   <DIR>   d--------   C:\Intel
2007-12-09 19:23 . 2007-12-09 19:23   <DIR>   d--------   C:\Users\All Users\WLInstaller
2007-12-09 19:23 . 2007-12-09 19:23   <DIR>   d--------   C:\ProgramData\WLInstaller
2007-12-09 19:23 . 2007-12-09 19:23   <DIR>   d--------   C:\Program Files\Windows Live
2007-12-09 19:23 . 2007-12-09 19:26   <DIR>   d--hsc---   C:\Program Files\Common Files\WindowsLiveInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 02:31   ---------   d---a-w   C:\ProgramData\TEMP
2008-01-02 16:38   ---------   d-----w   C:\ProgramData\GamesBar
2007-12-21 00:37   ---------   d-----w   C:\Program Files\Comcast Play Games
2007-12-18 09:21   ---------   d-----w   C:\Program Files\McAfee
2007-12-14 17:57   ---------   d-----w   C:\ProgramData\Yahoo! Companion
2007-12-14 17:13   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-12-14 17:09   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2007-12-13 08:05   84,992   ----a-w   C:\Windows\system32\drivers\srvnet.sys
2007-12-13 08:05   58,368   ----a-w   C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-13 08:05   56,320   ----a-w   C:\Windows\System32\iesetup.dll
2007-12-13 08:05   52,736   ----a-w   C:\Windows\AppPatch\iebrshim.dll
2007-12-13 08:05   26,624   ----a-w   C:\Windows\System32\ieUnatt.exe
2007-12-13 08:05   130,048   ----a-w   C:\Windows\system32\drivers\srv2.sys
2007-12-13 08:05   101,888   ----a-w   C:\Windows\system32\drivers\mrxsmb.sys
2007-12-12 23:26   ---------   d-----w   C:\Users\Todd\AppData\Roaming\iWin
2007-12-06 22:52   ---------   d-----w   C:\Program Files\iWin Games
2007-12-02 21:18   ---------   d-----w   C:\ProgramData\PopCap Games
2007-11-20 00:59   ---------   d-----w   C:\Program Files\iWin.com
2007-11-19 23:25   ---------   d-----w   C:\Program Files\GamesBar
2007-11-19 23:25   ---------   d-----w   C:\Program Files\Common Files\Oberon Media
2007-11-18 08:01   1,244,672   ----a-w   C:\Windows\System32\mcmde.dll
2007-11-14 21:36   704,000   ----a-w   C:\Windows\System32\PhotoScreensaver.scr
2007-11-14 21:36   67,584   ----a-w   C:\Windows\System32\wlanhlp.dll
2007-11-14 21:36   542,720   ----a-w   C:\Windows\System32\sysmain.dll
2007-11-14 21:36   502,784   ----a-w   C:\Windows\System32\wlansvc.dll
2007-11-14 21:36   47,104   ----a-w   C:\Windows\System32\wlanapi.dll
2007-11-14 21:36   297,984   ----a-w   C:\Windows\System32\wlansec.dll
2007-11-14 21:36   290,816   ----a-w   C:\Windows\System32\wlanmsm.dll
2007-11-14 21:36   28,344   ----a-w   C:\Windows\system32\drivers\battc.sys
2007-11-14 21:36   258,232   ----a-w   C:\Windows\system32\drivers\acpi.sys
2007-11-14 21:36   24,064   ----a-w   C:\Windows\System32\wtsapi32.dll
2007-11-14 21:36   20,920   ----a-w   C:\Windows\system32\drivers\compbatt.sys
2007-11-14 21:36   2,923,520   ----a-w   C:\Windows\explorer.exe
2007-11-14 21:36   2,027,008   ----a-w   C:\Windows\System32\win32k.sys
2007-11-14 21:36   14,208   ----a-w   C:\Windows\system32\drivers\CmBatt.sys
2007-11-14 21:36   11,264   ----a-w   C:\Windows\system32\drivers\wmiacpi.sys
2007-11-14 20:31   8,704   ----a-w   C:\Windows\System32\hcrstco.dll
2007-11-14 20:31   8,704   ----a-w   C:\Windows\System32\hccoin.dll
2007-11-14 20:31   5,888   ----a-w   C:\Windows\system32\drivers\usbd.sys
2007-11-14 20:31   38,400   ----a-w   C:\Windows\system32\drivers\usbehci.sys
2007-11-14 20:31   23,040   ----a-w   C:\Windows\system32\drivers\usbuhci.sys
2007-11-14 20:31   224,768   ----a-w   C:\Windows\system32\drivers\usbport.sys
2007-11-14 20:31   192,000   ----a-w   C:\Windows\system32\drivers\usbhub.sys
2007-11-14 20:31   ---------   d-----w   C:\Program Files\Windows Mail
2007-11-06 18:36   29,952   ----a-w   C:\Windows\Help\OEM\scripts\HPScript.exe
2007-10-31 18:03   245,408   ----a-w   C:\Windows\System32\unicows.dll
2007-10-19 13:10   21,760   ----a-w   C:\Windows\Help\OEM\scripts\HCNetworkTest.exe
2007-10-13 23:58   8,147,968   ----a-w   C:\Windows\System32\wmploc.DLL
2007-10-13 23:58   7,680   ----a-w   C:\Windows\System32\spwmp.dll
2007-10-13 23:58   4,096   ----a-w   C:\Windows\System32\dxmasf.dll
2007-10-13 23:58   356,864   ----a-w   C:\Windows\System32\MediaMetadataHandler.dll
2007-10-13 23:55   84,480   ----a-w   C:\Windows\System32\INETRES.dll
2007-10-13 23:55   737,792   ----a-w   C:\Windows\System32\inetcomm.dll
2007-10-13 23:54   788,992   ----a-w   C:\Windows\System32\rpcrt4.dll
2007-08-30 07:11   174   --sha-w   C:\Program Files\desktop.ini
2007-08-09 00:42   956   ----a-w   C:\Users\Todd\AppData\Roaming\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}]
2007-06-19 10:09   380928   --a------   C:\Program Files\GamesBar\oberontb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}]
2007-02-13 11:58   78848   --a------   C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{DE9C389F-3316-41A7-809B-AA305ED9D922}

[HKEY_CLASSES_ROOT\clsid\{6f282b65-56bf-4bd1-a8b2-a4449a05863d}]
[HKEY_CLASSES_ROOT\Oberontb.Band.1]
[HKEY_CLASSES_ROOT\TypeLib\{AD76633E-E50D-4844-9E7F-4DFBC7C18467}]
[HKEY_CLASSES_ROOT\Oberontb.Band]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 07:35 1196032]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2006-11-21 19:36 1474560]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-08-30 14:59 171448]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-12-18 14:04 50528]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 07:35 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-15 07:39 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 00:02 815104]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-11-24 18:33 167936]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 02:11 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 13:58 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-06-05 08:12 71176]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 12:56 317152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 12:32 472800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-12-06 23:36 77824]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-02-26 18:54 131072]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-02-26 18:54 151552]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-02-26 18:54 126976]
"408809432"="C:\PROGRA~1\eGames\WORDIS~1\Register\EGAMES~1.exe" [2004-06-29 18:12 53322]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 23:24:54]
TrueAssistant.lnk - C:\Program Files\TrueSwitchComcast\TrueWizard.exe [2007-07-02 04:16:26]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - C:\Program Files\HP Connections\6811507\Program\HP Connections.exe [2006-12-06 23:17:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)

R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 12:39]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-02-26 18:54]
R3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-09 04:02]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 02:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted   REG_MULTI_SZ    hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs   REG_MULTI_SZ    BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e22ce3b-bda4-11db-b994-806e6f6e6963}]
\shell\AutoRun\command - E:\Setup.exe

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-07-18 20:01:16 C:\Windows\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2007-07-18 20:01:16 C:\Windows\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-01-04 19:51:32 C:\Windows\Tasks\User_Feed_Synchronization-{A1F043E3-32A8-482F-83B3-A5E3EDE190BD}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 11:09:21
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-05 11:10:29
.
2008-01-04 01:06:36   --- E O F ---

guestolo · « **Reply #2 on:** January 05, 2008, 01:09:36 PM »

Please supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

and don't run combofix on this computer again, unless advised please

TheTechGuide Forum

News:

Author Topic: Laptop processing slow and Crashing (Read 796 times)

StephenK

Laptop processing slow and Crashing

StephenK

Laptop processing slow and Crashing

guestolo

Laptop processing slow and Crashing