Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Help my pc is dying

958 views 2 replies 1 participant last post by  miavalentina 
#1 ·
The same this is happening with my pc that happened with my last one which i had to replace 2 and half years ago.
The fan is going ten to the dozen,pages are not loading or freezing,its taking ages for my pc to start up or even turn off. I really cannot afford to be paying out for another pc..ok so the one i have is not 'high spec' but surely these pc's arent meant to just last 2/3 years..are they?

Reading on another post i decided to download Combofix (i have commodo firewall,anti virusand safe surf already).The commodo does not seem to be doing its job properly (or maybe its me) not sure whether i should delete this programme and try another? On running Combofix the safe surf popped up asking me if i wanted to disable all applications or remove just the ones i add below..i didnt touch it as i havent a clue!

Here is the log,please tell me what to do next and an understanding of my log would be great,is my pc on its way out or is this just a whole load of virus's etc..?

Thankyou in advance

ComboFix 09-10-01.05 - 03/10/2009 23:52.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.445.200 [GMT 1:00]
Running from: c:\documents and settings\Desktop\ComboFix.exe
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\My Documents\My Music\My Music.url
c:\program files\TinyProxy
c:\program files\VirusIsolator
c:\program files\VirusIsolator\vscan.tsi
c:\program files\VirusIsolator\zlib.dll
c:\program files\webmediaviewer
c:\program files\webmediaviewer\hpmom.exe
c:\recycler\S-1-5-21-1533800857-3409057941-3787361992-1003
c:\windows\bemark2.dat
c:\windows\desktop
c:\windows\f49f4daa.dat
c:\windows\fmark2.dat
c:\windows\Installer\2594e63.msp
c:\windows\Installer\2da0e1a.msp
c:\windows\Installer\3223a5.msi
c:\windows\Installer\3304593.msp
c:\windows\Installer\3cd5c0d.msp
c:\windows\Installer\4a2e78e.msp
c:\windows\Installer\4a2e790.msp
c:\windows\Installer\4a2e792.msp
c:\windows\Installer\d25d07.msp
c:\windows\Installer\da366d.msp
c:\windows\Installer\f82321.msp
c:\windows\tmark2.dat
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-09-03 to 2009-10-03 )))))))))))))))))))))))))))))))
.
2009-10-03 13:59 . 2009-10-03 14:00 -------- d-----w- c:\documents and settings\Application Data\HpUpdate
2009-09-23 18:01 . 2009-09-23 18:01 -------- d-----w- C:\ConvertTemp
2009-09-09 23:05 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-03 23:07 . 2008-12-30 18:47 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-10-03 23:07 . 2008-12-30 18:47 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-10-02 22:59 . 2008-06-19 20:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-29 23:18 . 2008-10-28 19:29 -------- d-----w- c:\documents and settings\Application Data\Skype
2009-09-27 19:54 . 2007-01-17 18:38 46234 ----a-w- c:\documents and settings\Application Data\wklnhst.dat
2009-09-10 08:31 . 2009-03-14 16:37 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-03 21:24 . 2009-02-15 01:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-03 21:23 . 2009-02-15 01:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-05 17:12 . 2009-01-07 18:10 157508 ----a-w- c:\windows\hpoins29.dat
2009-08-05 09:01 . 2005-04-25 23:05 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2005-04-25 23:05 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 22:43 . 2005-04-25 23:06 286208 ----a-w- c:\windows\system32\wmpdxm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-19 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2008-11-18 278264]
"COMODO Internet Security"="c:\program files\Comodo\COMODO Internet Security\cfp.exe" [2008-11-18 1797880]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"KMCONFIG"="c:\program files\Silvercrest MTS2218 driver\StartAutorun.exe" [2008-05-30 212992]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-09 198160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-27 98304]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2004-12-08 550912]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-04-16 16143872]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Install Pending Files.LNK - c:\program files\SIFXINST\SIFXINST.EXE [2006-8-31 729088]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher S.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher S.lnk
backup=c:\windows\pss\Exif Launcher S.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8448:TCP"= 8448:TCP:127.0.0.1/255.255.255.255:Disabled:proxy
"1:TCP"= 1:TCP:
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [18/11/2008 19:22 99856]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [18/11/2008 19:22 31504]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [14/03/2009 17:36 55152]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Silvercrest MTS2218 driver\KMWDSrv.exe [30/05/2008 01:17 208896]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [15/10/2007 12:26 1213728]
S2 Google Updater Service (gusvc) ;Google Updater Service (gusvc) ;c:\program files\tinyproxy\tinyproxy.exe --> c:\program files\tinyproxy\tinyproxy.exe [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-10-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-03 11:39]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://windiwsfsearch.com/search?q={searchTerms}
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
Trusted Zone: facebook.com\www
Trusted Zone: google.ie\www
Trusted Zone: hotmail.com\www
TCP: {9993C0D6-979C-481B-941A-A84154982240} = 213.94.190.194,213.94.190.236
DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} - hxxp://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
.
- - - - ORPHANS REMOVED - - - -
BHO-{3FB1AAE9-EDAB-4953-83E3-61DE0085F150} - c:\windows\system32\ssqOiJdE.dll
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll
HKCU-Run-gcbmmlcx - c:\windows\system32\enehwvab.exe
HKLM-Run-LogitechVideoRepair - c:\program files\Logitech\Video\ISStart.exe
HKLM-Run-sysberay2 - c:\windows\che6.exe
HKLM-Run-systray - c:\windows\mstre8.exe
HKLM-Explorer_Run-uYUMg0BQYQ - c:\documents and settings\All Users\Application Data\unsvejut\srodqhav.exe
SSODL-vadokmxt-{431C9290-3C70-4C47-BF34-401CCE23A5B3} - c:\windows\vadokmxt.dll
SSODL-wdpoefan-{A0FF7DA4-796E-4CB8-8894-A7F07B420F54} - c:\windows\wdpoefan.dll
Notify-fccDSigg - fccDSigg.dll
AddRemove-Browser Toolbar - c:\program files\WebMediaViewer\browseu.exe

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-04 00:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(588)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3624)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Comodo\COMODO Internet Security\cmdagent.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Silvercrest MTS2218 driver\KMCONFIG.exe
c:\program files\Silvercrest MTS2218 driver\KMProcess.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-10-03 0:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-03 23:16
Pre-Run: 54,728,822,784 bytes free
Post-Run: 55,234,109,440 bytes free
223 --- E O F --- 2009-09-10 01:35
 
See less See more
#2 ·
So many programmes seem to be running on start up and i keep getting notifications that my pc needs to increase my memory and my pages seem to close without me having closed them.
Please also could a moderator take my name off the google search results,i have edited my log after seeing my name in google but its still there.
Thanks
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top