1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Not Responding Error on all windows

Discussion in 'Virus & Other Malware Removal' started by mjgrim57, Nov 15, 2011.

Thread Status:
Not open for further replies.
  1. mjgrim57

    mjgrim57 Thread Starter

    Joined:
    Nov 15, 2011
    Messages:
    1
    Nearly every window or program that I start will show "Not Responding" in the title bar. My computer is running exceedingly and excruciatingly slow. A simple reboot takes 20 minutes on the average and I don't know why. Here are the logs:

    Code:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:52:44 PM, on 11/15/2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v8.00 (8.00.7601.17514)
    Boot mode: Normal
    
    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\CtHelper.exe
    C:\Windows\System32\Ctxfihlp.exe
    C:\Program Files\Lexmark 6500 Series\lxdfmon.exe
    C:\Windows\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\Lexmark 6500 Series\lxdfamon.exe
    C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    G:\HijackThis (Standalone).exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\DllHost.exe
    
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    O1 - Hosts: ::1 localhost
    O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKLM\..\Run: [lxdfmon.exe] "C:\Program Files\Lexmark 6500 Series\lxdfmon.exe"
    O4 - HKLM\..\Run: [lxdfamon] "C:\Program Files\Lexmark 6500 Series\lxdfamon.exe"
    O4 - HKLM\..\Run: [Lexmark 6500 Series Fax Server] "C:\Program Files\Lexmark 6500 Series\fm3032.exe" /s
    O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [KodakHomeCenter] "C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [KodakHomeCenter] "C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'Default user')
    O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - E:\QuickBooks\HelpAsyncPluggableProtocol.dll (file missing)
    O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
    O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    O23 - Service: lxdfCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdfserv.exe
    O23 - Service: lxdf_device -   - C:\Windows\system32\lxdfcoms.exe
    O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    
    --
    End of file - 8147 bytes
    
    Code:
    .
    DDS (Ver_2011-08-26.01) - NTFSx86 
    Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 1.6.0_29
    Run by Donnie at 22:15:35 on 2011-11-15
    Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.2815.1653 [GMT -6:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\System32\svchost.exe -k Akamai
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
    C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    C:\Windows\system32\lxdfcoms.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\System32\CtHelper.exe
    C:\Windows\System32\Ctxfihlp.exe
    C:\Program Files\Lexmark 6500 Series\lxdfmon.exe
    C:\Windows\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\Lexmark 6500 Series\lxdfamon.exe
    C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\Program Files\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe
    c:\program files\windows defender\MpCmdRun.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [CTHelper] CTHELPER.EXE
    mRun: [CTxfiHlp] CTXFIHLP.EXE
    mRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
    mRun: [lxdfmon.exe] "c:\program files\lexmark 6500 series\lxdfmon.exe"
    mRun: [lxdfamon] "c:\program files\lexmark 6500 series\lxdfamon.exe"
    mRun: [Lexmark 6500 Series Fax Server] "c:\program files\lexmark 6500 series\fm3032.exe" /s
    mRun: [Conime] %windir%\system32\conime.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    dRun: [DevconDefaultDB] c:\windows\system32\READREG /SILENT /FAIL=1
    dRun: [CtxfiReg] CTXFIREG.exe /FAIL1
    dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe"
    StartupFolder: c:\users\donnie\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
    Trusted Zone: intuit.com\ttlc
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{05BED48F-70DD-4EC5-8E4E-94381BBC863F} : DhcpNameServer = 192.168.1.254
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - 
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\donnie\appdata\roaming\mozilla\firefox\profiles\5pexebwq.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-i3752&p=
    FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
    FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
    FF - component: c:\users\donnie\appdata\roaming\mozilla\firefox\profiles\5pexebwq.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
    FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    ============= SERVICES / DRIVERS ===============
    .
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
    R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2011-9-5 393648]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-8 374152]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-3-22 47640]
    R2 lxdf_device;lxdf_device;c:\windows\system32\lxdfcoms.exe -service --> c:\windows\system32\lxdfcoms.exe -service [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 lxdfCATSCustConnectService;lxdfCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdfserv.exe [2007-5-29 99248]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\common files\creative labs shared\service\AL1Licensing.exe [2007-7-6 79360]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 QtsDongle;DetailCAD USB Software Key;c:\windows\system32\qtsusk.sys [2008-5-7 10752]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-5-24 15872]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-24 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-16 1343400]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
    S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
    .
    =============== Created Last 30 ================
    .
    2011-11-16 03:33:31    56200    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{5696e6e4-7ef1-4c85-b595-db85cd421766}\offreg.dll
    2011-11-15 19:59:51    --------    d-----w-    c:\windows\pss
    2011-11-15 08:00:47    6668624    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
    2011-11-15 07:56:45    6668624    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{5696e6e4-7ef1-4c85-b595-db85cd421766}\mpengine.dll
    2011-11-11 14:47:05    1290608    ----a-w-    c:\windows\system32\drivers\tcpip.sys
    2011-11-11 14:46:32    708608    ----a-w-    c:\program files\common files\system\wab32.dll
    2011-11-11 14:45:40    2341888    ----a-w-    c:\windows\system32\win32k.sys
    2011-11-11 13:06:38    --------    d-----w-    c:\users\donnie\appdata\local\Akamai
    2011-10-31 19:28:50    6144    ----a-w-    c:\program files\internet explorer\iecompat.dll
    2011-10-19 21:30:05    75776    ----a-w-    c:\windows\system32\psisrndr.ax
    2011-10-19 21:30:05    465408    ----a-w-    c:\windows\system32\psisdecd.dll
    2011-10-19 21:29:50    571904    ----a-w-    c:\windows\system32\oleaut32.dll
    2011-10-19 21:29:50    233472    ----a-w-    c:\windows\system32\oleacc.dll
    2011-10-19 21:23:41    981504    ----a-w-    c:\windows\system32\wininet.dll
    2011-10-19 21:23:40    860672    ----a-w-    c:\program files\internet explorer\iedvtool.dll
    2011-10-19 21:23:37    163328    ----a-w-    c:\program files\internet explorer\ieproxy.dll
    2011-10-19 21:23:34    1638912    ----a-w-    c:\windows\system32\mshtml.tlb
    .
    ==================== Find3M  ====================
    .
    2011-10-03 10:06:03    472808    ----a-w-    c:\windows\system32\deployJava1.dll
    2011-09-30 20:52:39    404640    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    =================== ROOTKIT  ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.1.7601 Disk: WDC_WD25 rev.02.0 -> Harddisk0\DR0 -> \Device\00000067 
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys 
    c:\windows\system32\drivers\nvstor.sys NVIDIA Corporation NVIDIA nForce(TM) SATA Driver
    1 ntkrnlpa!IofCallDriver[0x8347B52A] -> \Device\Harddisk0\DR0[0x86BA92E0]
    3 CLASSPNP[0x8B6B859E] -> ntkrnlpa!IofCallDriver[0x8347B52A] -> [0x85A35B40]
    5 ACPI[0x8AEAC3D4] -> ntkrnlpa!IofCallDriver[0x8347B52A] -> \Device\00000065[0x86833030]
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0;  }
    user != kernel MBR !!! 
    .
    ============= FINISH: 22:16:22.43 ===============
    
    Code:
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-11-15 22:34:53
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000065 WDC_WD25 rev.02.0
    Running: 89xqtmeu.exe; Driver: C:\Users\Donnie\AppData\Local\Temp\pwriapod.sys
    
    
    ---- Kernel code sections - GMER 1.0.15 ----
    
    .text           ntkrnlpa.exe!ZwSaveKey + 13D1                                                         83482349 1 Byte  [06]
    .text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                834BBD52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    ?               C:\Users\Donnie\AppData\Local\Temp\mbr.sys                                            The system cannot find the file specified. !
    
    ---- User code sections - GMER 1.0.15 ----
    
    .text           C:\Program Files\Mozilla Firefox\plugin-container.exe[620] USER32.dll!SetWindowLongA  75B08BA3 5 Bytes  JMP 60F0E349 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text           C:\Program Files\Mozilla Firefox\plugin-container.exe[620] USER32.dll!SetWindowLongW  75B14449 5 Bytes  JMP 60F0E2DB C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text           C:\Program Files\Mozilla Firefox\plugin-container.exe[620] USER32.dll!GetWindowInfo   75B14B5E 5 Bytes  JMP 60CC89A7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text           C:\Program Files\Mozilla Firefox\plugin-container.exe[620] USER32.dll!TrackPopupMenu  75B22228 5 Bytes  JMP 60CC8F65 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text           C:\Program Files\Mozilla Firefox\firefox.exe[2608] ntdll.dll!LdrLoadDll               777122B8 5 Bytes  JMP 60B4FAE0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text           C:\Program Files\Mozilla Firefox\firefox.exe[2608] USER32.dll!GetWindowInfo           75B14B5E 5 Bytes  JMP 60CCF855 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text           C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3340] ntdll.dll!LdrLoadDll       777122B8 5 Bytes  JMP 003E142F C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Thunderbird/Mozilla Messaging)
    
    ---- Devices - GMER 1.0.15 ----
    
    AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice  \Driver\volmgr \Device\HarddiskVolume8                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice  \Driver\volmgr \Device\HarddiskVolume9                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    
    Device          \Driver\ACPI_HAL \Device\0000004e                                                     halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
    
    AttachedDevice  \FileSystem\fastfat \Fat                                                              fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    
    ---- EOF - GMER 1.0.15 ----
    
     

    Attached Files:

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1027067

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice