Author Topic: [Inactive] PC takes a long time to respond  (Read 4219 times)

0 Members and 1 Guest are viewing this topic.

Offline badsketching

  • Bronze Member
  • Posts: 86
Re: [Inactive] PC takes a long time to respond
« Reply #15 on: December 21, 2011, 02:19:07 am »
i did the dds scan and noticed that the vuze tool bar was not uninstalled

the scan;;

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_30
Run by badsketching at 2:45:42 on 2011-12-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2815.1891 [GMT -5:00]
.
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Program Files\WTouch\WTouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173608112106p0395v1j5r4771s28r
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173608112106p0395v1j5r4771s28r
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173608112106p0395v1j5r4771s28r
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173608112106p0395v1j5r4771s28r
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
mWinlogon: Userinit=userinit.exe
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B5C7CAC9-7778-4536-B34B-A6C3F50F11E4} : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
AppInit_DLLs:     
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
AppInit_DLLs-X64:     
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1   www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\badsketching\AppData\Roaming\Mozilla\Firefox\Profiles\te99ffkj.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-1-12 810144]
R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-6-4 1150496]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-9-19 1153368]
R2 TabletServicePen;TabletServicePen;C:\Windows\system32\Pen_Tablet.exe --> C:\Windows\system32\Pen_Tablet.exe [?]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-8-14 240160]
R2 WTouchService;WTouch Service;C:\Program Files\WTouch\WTouchService.exe [2011-8-24 127784]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-12-21 07:25:04   69000   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EE300E2E-58B5-444C-AB54-E1910E8E2091}\offreg.dll
2011-12-20 13:45:43   13312   ----a-w-   C:\Windows\SysWow64\drivers\vdmymtaz.sys
2011-12-20 09:18:38   --------   d-----w-   C:\ProgramData\Kaspersky Lab
2011-12-20 08:26:22   8822856   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EE300E2E-58B5-444C-AB54-E1910E8E2091}\mpengine.dll
2011-12-19 05:31:19   388096   ----a-r-   C:\Users\badsketching\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-19 05:31:18   --------   d-----w-   C:\Program Files (x86)\Trend Micro
2011-12-18 08:58:45   414368   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-17 00:30:44   --------   d-----w-   C:\Users\badsketching\AppData\Local\Microsoft Games
2011-12-14 02:28:37   43520   ----a-w-   C:\Windows\System32\csrsrv.dll
2011-12-14 02:28:34   3145216   ----a-w-   C:\Windows\System32\win32k.sys
2011-12-14 02:28:32   723456   ----a-w-   C:\Windows\System32\EncDec.dll
2011-12-14 02:28:32   534528   ----a-w-   C:\Windows\SysWow64\EncDec.dll
2011-12-14 02:28:18   2048   ----a-w-   C:\Windows\SysWow64\tzres.dll
2011-12-14 02:28:18   2048   ----a-w-   C:\Windows\System32\tzres.dll
.
==================== Find3M  ====================
.
2011-12-19 18:58:57   41200   ----a-w-   C:\Windows\System32\cmdcsr.dll
2011-11-15 19:29:56   270720   ------w-   C:\Windows\System32\MpSigStub.exe
2011-11-10 10:54:13   472808   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2011-11-04 01:53:39   2309120   ----a-w-   C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47   1390080   ----a-w-   C:\Windows\System32\wininet.dll
2011-11-04 01:44:21   1493504   ----a-w-   C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42   1798144   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21   1427456   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47   1127424   ----a-w-   C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2011-09-29 16:29:28   1923952   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH:  2:48:12.53 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 8/22/2011 12:37:54 PM
System Uptime: 12/21/2011 2:21:53 AM (0 hours ago)
.
Motherboard: eMachines |  | EMCP73VT-PM
Processor: Intel(R) Celeron(R) CPU          420  @ 1.60GHz | CPU 1 | 1600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 197.32 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP52: 11/26/2011 2:35:43 AM - Windows Update
RP53: 11/29/2011 1:50:36 PM - Restore Operation
RP54: 12/10/2011 6:12:01 PM - Windows Update
RP55: 12/14/2011 1:59:07 AM - Windows Update
RP56: 12/19/2011 12:30:49 AM - Installed HiJackThis
RP57: 12/19/2011 9:23:48 PM - Installed Java(TM) 6 Update 30
RP58: 12/20/2011 3:25:53 AM - Windows Update
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Photoshop CS4
Adobe Reader 9.4.6 MUI
Advertising Center
Amnesia - The Dark Descent
Bamboo
Choice Guard
Compatibility Pack for the 2007 Office system
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
eMachines Games
eMachines Recovery Management
eMachines Registration
eMachines ScreenSaver
eMachines Updater
HiJackThis
Identity Card
ImagXpress
Java Auto Updater
Java(TM) 6 Update 30
Junk Mail filter update
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Visio 2010
Microsoft Office Visio MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visio 2010 Service Pack 1 (SP1)
Microsoft Visio Professional 2010
Microsoft Works
Mozilla Firefox 8.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio 2010 (KB2553374) 32-Bit Edition
Skype™ 5.5
Spybot - Search & Destroy
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
VLC media player 1.1.11
Vuze Remote Toolbar
WebTablet IE Plugin
WebTablet Netscape Plugin
Welcome Center
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinRAR 4.01 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
12/21/2011 2:47:27 AM, Error: nvstor64 [3]  - Data error on device.    Device: \Device\RaidPort0  Model: Hitachi HDT721032SLA380  Firmware Version: ST2O  Serial Number:       STA2L7MV0HNM7D  Port: 0
12/21/2011 2:33:53 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
12/21/2011 2:24:03 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
12/21/2011 2:22:00 AM, Error: Application Popup [1060]  - \??\C:\Windows\SysWow64\Drivers\vdmymtaz.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
.
==== End Of File ===========================

Offline badsketching

  • Bronze Member
  • Posts: 86
Re: [Inactive] PC takes a long time to respond
« Reply #16 on: December 21, 2011, 02:55:22 am »
oh frap
i forgot to mention
after my last post yesterday that was around 9am
i stayed on just in case u posted back
well, around 10:30am i was listening to music and finishing some math equations
when my pc suddenly beeped and turned off
basically it gave me the finger.... is what i like to believe it did xD

i had a headache and damn tired so i just went to sleep

when i awoke i wondered why it would just turn off like that
well maybe it over heated
so i opened the case up and clean out the fan
wish i had thermal paste but it still had some so i think it'll be fine
both fan we're beyond dusty
now its not making so much noise
but it still stalls


just thought u should know what happened
even though it probably has nothing to do with what is actually wrong with it

Offline badsketching

  • Bronze Member
  • Posts: 86
Re: [Inactive] PC takes a long time to respond
« Reply #17 on: December 21, 2011, 04:22:44 am »
frap, frap, frap
now the stalls, pauses, what ever you want to call it are becoming much more frequent
cant even listen to a 3 min song without windows stopping, being unresponsive

actual before it beeped and shut off yesterday
it was doing the same as now
frequently stopping

Offline 1972vet

  • Microsoft® MVP
  • Malware Removal Staff
  • Diamond Member
  • Posts: 8290
  • Patience is bitter indeed, but its fruit is sweet.
Re: [Inactive] PC takes a long time to respond
« Reply #18 on: December 21, 2011, 06:12:44 am »
How old is that thing? As dirty as it seemed to be, from your description, the slow performance would most certainly result. If you haven't already, please uninstall the Vuze toolbar. Update your on board antivirus and run a complete system scan. Post those results. Thanks! 
Disabled Veteran
U.S.C.G. 1972 - 1978
Membership: U.N.I.T.E., A.S.A.P.

2009-12

Performance and Maintenance for Windows XP, Windows Vista and Windows Seven

Offline badsketching

  • Bronze Member
  • Posts: 86
Re: [Inactive] PC takes a long time to respond
« Reply #19 on: December 21, 2011, 06:41:30 am »
its 3 yrs old
and i've tried to uninstall vuze toolbar
but it hasnt uninstalled D:


i thought so too but windows still stops working
and its just stuck for a min or more

Offline 1972vet

  • Microsoft® MVP
  • Malware Removal Staff
  • Diamond Member
  • Posts: 8290
  • Patience is bitter indeed, but its fruit is sweet.
Re: [Inactive] PC takes a long time to respond
« Reply #20 on: December 21, 2011, 06:59:19 am »
Please disable the active protection component of your antivirus and antispyware programs by following the directions that apply Here.
...of those, many people overlook the Windows Defender since, for most, there is no icon for it in the system tray. Scroll through those directives above and look for this application specifically, to make certain it is disabled.

Please download combofix from This Webpage...and read through the instructions there for running the tool.

***Important Note***
Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

If you have Windows Vista or Windows 7, you can skip the recovery console step...in Vista/7 it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista or Windows 7 installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.


The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware.  It's a simple procedure that will only take a few moments.

Once installed, a blue screen prompt should appear that reads as follows:

The Recovery Console was successfully installed.

When you see that screen, please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a log file for you. Please post that log back here on your next reply. Thanks!

Note:
Do not mouseclick combofix's window while it's running....that may cause the scan to stall

Disabled Veteran
U.S.C.G. 1972 - 1978
Membership: U.N.I.T.E., A.S.A.P.

2009-12

Performance and Maintenance for Windows XP, Windows Vista and Windows Seven

Offline badsketching

  • Bronze Member
  • Posts: 86
Re: [Inactive] PC takes a long time to respond
« Reply #21 on: December 21, 2011, 09:00:04 pm »
so, just to make sure i dont have to do all that recovery console part because i run windows7

i just make sure both NOD32 and windows firewall are down and then i run combofix, right?

Offline 1972vet

  • Microsoft® MVP
  • Malware Removal Staff
  • Diamond Member
  • Posts: 8290
  • Patience is bitter indeed, but its fruit is sweet.
Re: [Inactive] PC takes a long time to respond
« Reply #22 on: December 22, 2011, 04:16:08 am »
Correct.
Disabled Veteran
U.S.C.G. 1972 - 1978
Membership: U.N.I.T.E., A.S.A.P.

2009-12

Performance and Maintenance for Windows XP, Windows Vista and Windows Seven

Offline badsketching

  • Bronze Member
  • Posts: 86
Re: [Inactive] PC takes a long time to respond
« Reply #23 on: December 22, 2011, 05:03:04 am »
alrighty! here it is
damn, wft. i did disable windows defender D:

ComboFix 11-12-21.02 - badsketching 12/22/2011   5:25.1.1 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2815.1856 [GMT -5:00]
Running from: c:\users\badsketching\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\XSxS
.
.
(((((((((((((((((((((((((   Files Created from 2011-11-22 to 2011-12-22  )))))))))))))))))))))))))))))))
.
.
2011-12-21 11:41 . 2011-12-21 11:48   --------   d-----w-   c:\users\badsketching\AppData\Local\ElevatedDiagnostics
2011-12-20 13:45 . 2011-12-20 13:45   13312   ----a-w-   c:\windows\SysWow64\drivers\vdmymtaz.sys
2011-12-20 09:18 . 2011-12-20 09:18   --------   d-----w-   c:\programdata\Kaspersky Lab
2011-12-20 08:26 . 2011-11-21 11:40   8822856   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{EE300E2E-58B5-444C-AB54-E1910E8E2091}\mpengine.dll
2011-12-19 05:31 . 2011-12-19 05:31   388096   ----a-r-   c:\users\badsketching\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-19 05:31 . 2011-12-19 05:31   --------   d-----w-   c:\program files (x86)\Trend Micro
2011-12-18 08:58 . 2011-12-18 08:58   414368   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-17 00:30 . 2011-12-17 00:37   --------   d-----w-   c:\users\badsketching\AppData\Local\Microsoft Games
2011-12-14 07:02 . 2011-11-04 01:44   1390080   ----a-w-   c:\windows\system32\wininet.dll
2011-12-14 02:28 . 2011-10-26 05:21   43520   ----a-w-   c:\windows\system32\csrsrv.dll
2011-12-14 02:28 . 2011-11-24 04:52   3145216   ----a-w-   c:\windows\system32\win32k.sys
2011-12-14 02:28 . 2011-10-15 06:31   723456   ----a-w-   c:\windows\system32\EncDec.dll
2011-12-14 02:28 . 2011-10-15 05:38   534528   ----a-w-   c:\windows\SysWow64\EncDec.dll
2011-12-14 02:28 . 2011-11-05 05:32   2048   ----a-w-   c:\windows\system32\tzres.dll
2011-12-14 02:28 . 2011-11-05 04:26   2048   ----a-w-   c:\windows\SysWow64\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-19 18:58 . 2011-10-19 17:34   41200   ----a-w-   c:\windows\system32\cmdcsr.dll
2011-11-15 19:29 . 2011-08-23 12:29   270720   ------w-   c:\windows\system32\MpSigStub.exe
2011-11-10 10:54 . 2011-11-04 05:05   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2011-09-29 16:29 . 2011-11-09 18:21   1923952   ----a-w-   c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys

S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys

S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys

S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe

S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]
S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 127784]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys

.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2918656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173608112106p0395v1j5r4771s28r
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173608112106p0395v1j5r4771s28r
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\badsketching\AppData\Roaming\Mozilla\Firefox\Profiles\te99ffkj.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\08\03\18\12\07\02?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
.
**************************************************************************
.
Completion time: 2011-12-22  05:58:05 - machine was rebooted
ComboFix-quarantined-files.txt  2011-12-22 10:58
.
Pre-Run: 212,384,923,648 bytes free
Post-Run: 212,250,185,728 bytes free
.
- - End Of File - - B6EACCA9CB0F5C20B8706DDF7A984A9D

Offline 1972vet

  • Microsoft® MVP
  • Malware Removal Staff
  • Diamond Member
  • Posts: 8290
  • Patience is bitter indeed, but its fruit is sweet.
Re: [Inactive] PC takes a long time to respond
« Reply #24 on: December 22, 2011, 06:03:46 am »
The process "WispTis.exe" that you have running, is associated with a poor system performance due to it's RAM usage. It's not a malicious process by any means, but it has caused users plenty of issues with regard to it's resource hogging. That process, on your system, is probably running alongside the Pen_tablet.exe at startup. If you navigate to the program and prevent it from running on startup, your poor performance issues may resolve. Keep in mind though, whenever you start it again, the system's RAM will be consumed by the "WispTis" process. That service also seems to admire the adobe products and runs along with the Adobe reader. You might also try disabling that program from running on startup.

You can read more about it's peculiarities Here... if you like. Although that article seems to relate to Windows XP, I can assure you, it is still an issue with later versions of the Windows O/S.

Please open a blank Notepad by clicking start-->run...Then, in the run box type Notepad.exe and click "OK".
Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

Combofix will run again automatically. Please post back the new log that will be generated and advise how the system is performing for you now. Thanks!
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall



KILLALL::

Regnull::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]

Reglock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
Disabled Veteran
U.S.C.G. 1972 - 1978
Membership: U.N.I.T.E., A.S.A.P.

2009-12

Performance and Maintenance for Windows XP, Windows Vista and Windows Seven

Offline badsketching

  • Bronze Member
  • Posts: 86
Re: [Inactive] PC takes a long time to respond
« Reply #25 on: December 22, 2011, 08:36:24 am »
new combofix log


ComboFix 11-12-21.02 - badsketching 12/22/2011   9:00.3.1 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2815.1866 [GMT -5:00]
Running from: c:\users\badsketching\Desktop\ComboFix.exe
Command switches used :: c:\users\badsketching\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2011-11-22 to 2011-12-22  )))))))))))))))))))))))))))))))
.
.
2011-12-22 14:14 . 2011-12-22 14:14   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-12-21 11:41 . 2011-12-21 11:48   --------   d-----w-   c:\users\badsketching\AppData\Local\ElevatedDiagnostics
2011-12-20 13:45 . 2011-12-20 13:45   13312   ----a-w-   c:\windows\SysWow64\drivers\vdmymtaz.sys
2011-12-20 09:18 . 2011-12-20 09:18   --------   d-----w-   c:\programdata\Kaspersky Lab
2011-12-20 08:26 . 2011-11-21 11:40   8822856   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{EE300E2E-58B5-444C-AB54-E1910E8E2091}\mpengine.dll
2011-12-19 05:31 . 2011-12-19 05:31   388096   ----a-r-   c:\users\badsketching\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-19 05:31 . 2011-12-19 05:31   --------   d-----w-   c:\program files (x86)\Trend Micro
2011-12-18 08:58 . 2011-12-18 08:58   414368   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-17 00:30 . 2011-12-17 00:37   --------   d-----w-   c:\users\badsketching\AppData\Local\Microsoft Games
2011-12-14 07:02 . 2011-11-04 01:44   1390080   ----a-w-   c:\windows\system32\wininet.dll
2011-12-14 02:28 . 2011-10-26 05:21   43520   ----a-w-   c:\windows\system32\csrsrv.dll
2011-12-14 02:28 . 2011-11-24 04:52   3145216   ----a-w-   c:\windows\system32\win32k.sys
2011-12-14 02:28 . 2011-10-15 06:31   723456   ----a-w-   c:\windows\system32\EncDec.dll
2011-12-14 02:28 . 2011-10-15 05:38   534528   ----a-w-   c:\windows\SysWow64\EncDec.dll
2011-12-14 02:28 . 2011-11-05 05:32   2048   ----a-w-   c:\windows\system32\tzres.dll
2011-12-14 02:28 . 2011-11-05 04:26   2048   ----a-w-   c:\windows\SysWow64\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-19 18:58 . 2011-10-19 17:34   41200   ----a-w-   c:\windows\system32\cmdcsr.dll
2011-11-15 19:29 . 2011-08-23 12:29   270720   ------w-   c:\windows\system32\MpSigStub.exe
2011-11-10 10:54 . 2011-11-04 05:05   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2011-09-29 16:29 . 2011-11-09 18:21   1923952   ----a-w-   c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-12-22_10.43.06   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-14 23:47 . 2011-12-22 14:17   33372              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-22 14:17   42890              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-22 16:46 . 2011-12-22 14:17   10738              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-976630607-1368529340-602481738-1001_UserData.bin
- 2011-08-25 12:36 . 2011-12-22 10:42   13222              c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Pen_Tablet.dat
+ 2011-08-25 12:36 . 2011-12-22 14:15   13222              c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Pen_Tablet.dat
+ 2011-12-22 14:15 . 2011-12-22 14:15   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-22 10:42 . 2011-12-22 10:42   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-22 10:42 . 2011-12-22 10:42   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-22 14:15 . 2011-12-22 14:15   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2011-12-22 09:46   623940              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-22 13:40   623940              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-22 13:40   106316              c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-12-22 09:46   106316              c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-12-22 10:41   461264              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-12-22 14:14   461264              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-08-23 19:47 . 2011-12-22 10:41   4160680              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-976630607-1368529340-602481738-1001-12288.dat
+ 2011-08-23 19:47 . 2011-12-22 14:14   4160680              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-976630607-1368529340-602481738-1001-12288.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys

S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys

S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys

S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe

S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]
S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 127784]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys

.
.
.
--------- x86-64 -----------
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173608112106p0395v1j5r4771s28r
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173608112106p0395v1j5r4771s28r
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\badsketching\AppData\Roaming\Mozilla\Firefox\Profiles\te99ffkj.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
.
**************************************************************************
.
Completion time: 2011-12-22  09:31:13 - machine was rebooted
ComboFix-quarantined-files.txt  2011-12-22 14:31
ComboFix2.txt  2011-12-22 10:58
.
Pre-Run: 212,112,986,112 bytes free
Post-Run: 211,807,522,816 bytes free
.
- - End Of File - - AC1137DC511C95235227B3489237D677

Offline 1972vet

  • Microsoft® MVP
  • Malware Removal Staff
  • Diamond Member
  • Posts: 8290
  • Patience is bitter indeed, but its fruit is sweet.
Re: [Inactive] PC takes a long time to respond
« Reply #26 on: December 22, 2011, 09:04:31 am »
Quote
...Combofix will run again automatically. Please post back the new log that will be generated and advise how the system is performing for you now. Thanks!
Note:
...also, please navigate to c:\qoobox and open it. Inside that folder you'll see several text files. Look for the one labeled ComboFix2.txt and copy it's contents. Post that back here on your next reply. Thanks!
Disabled Veteran
U.S.C.G. 1972 - 1978
Membership: U.N.I.T.E., A.S.A.P.

2009-12

Performance and Maintenance for Windows XP, Windows Vista and Windows Seven

Offline badsketching

  • Bronze Member
  • Posts: 86
Re: [Inactive] PC takes a long time to respond
« Reply #27 on: December 22, 2011, 05:24:51 pm »
its still stalling  :m

heres the combofix2.txt

ComboFix 11-12-21.02 - badsketching 12/22/2011   5:25.1.1 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2815.1856 [GMT -5:00]
Running from: c:\users\badsketching\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\XSxS
.
.
(((((((((((((((((((((((((   Files Created from 2011-11-22 to 2011-12-22  )))))))))))))))))))))))))))))))
.
.
2011-12-21 11:41 . 2011-12-21 11:48   --------   d-----w-   c:\users\badsketching\AppData\Local\ElevatedDiagnostics
2011-12-20 13:45 . 2011-12-20 13:45   13312   ----a-w-   c:\windows\SysWow64\drivers\vdmymtaz.sys
2011-12-20 09:18 . 2011-12-20 09:18   --------   d-----w-   c:\programdata\Kaspersky Lab
2011-12-20 08:26 . 2011-11-21 11:40   8822856   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{EE300E2E-58B5-444C-AB54-E1910E8E2091}\mpengine.dll
2011-12-19 05:31 . 2011-12-19 05:31   388096   ----a-r-   c:\users\badsketching\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-19 05:31 . 2011-12-19 05:31   --------   d-----w-   c:\program files (x86)\Trend Micro
2011-12-18 08:58 . 2011-12-18 08:58   414368   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-17 00:30 . 2011-12-17 00:37   --------   d-----w-   c:\users\badsketching\AppData\Local\Microsoft Games
2011-12-14 07:02 . 2011-11-04 01:44   1390080   ----a-w-   c:\windows\system32\wininet.dll
2011-12-14 02:28 . 2011-10-26 05:21   43520   ----a-w-   c:\windows\system32\csrsrv.dll
2011-12-14 02:28 . 2011-11-24 04:52   3145216   ----a-w-   c:\windows\system32\win32k.sys
2011-12-14 02:28 . 2011-10-15 06:31   723456   ----a-w-   c:\windows\system32\EncDec.dll
2011-12-14 02:28 . 2011-10-15 05:38   534528   ----a-w-   c:\windows\SysWow64\EncDec.dll
2011-12-14 02:28 . 2011-11-05 05:32   2048   ----a-w-   c:\windows\system32\tzres.dll
2011-12-14 02:28 . 2011-11-05 04:26   2048   ----a-w-   c:\windows\SysWow64\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-19 18:58 . 2011-10-19 17:34   41200   ----a-w-   c:\windows\system32\cmdcsr.dll
2011-11-15 19:29 . 2011-08-23 12:29   270720   ------w-   c:\windows\system32\MpSigStub.exe
2011-11-10 10:54 . 2011-11-04 05:05   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2011-09-29 16:29 . 2011-11-09 18:21   1923952   ----a-w-   c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys

S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys

S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys

S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe

S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]
S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 127784]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys

.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2918656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173608112106p0395v1j5r4771s28r
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173608112106p0395v1j5r4771s28r
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\badsketching\AppData\Roaming\Mozilla\Firefox\Profiles\te99ffkj.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\08\03\18\12\07\02?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
.
**************************************************************************
.
Completion time: 2011-12-22  05:58:05 - machine was rebooted
ComboFix-quarantined-files.txt  2011-12-22 10:58
.
Pre-Run: 212,384,923,648 bytes free
Post-Run: 212,250,185,728 bytes free
.
- - End Of File - - B6EACCA9CB0F5C20B8706DDF7A984A9D

Offline 1972vet

  • Microsoft® MVP
  • Malware Removal Staff
  • Diamond Member
  • Posts: 8290
  • Patience is bitter indeed, but its fruit is sweet.
Re: [Inactive] PC takes a long time to respond
« Reply #28 on: December 22, 2011, 06:15:50 pm »
You've run combofix three times...you've shown me logs numbered one and three. I still need to see number two. Thanks!
Disabled Veteran
U.S.C.G. 1972 - 1978
Membership: U.N.I.T.E., A.S.A.P.

2009-12

Performance and Maintenance for Windows XP, Windows Vista and Windows Seven

Offline badsketching

  • Bronze Member
  • Posts: 86
Re: [Inactive] PC takes a long time to respond
« Reply #29 on: December 22, 2011, 08:34:00 pm »
the second one
i started combofix but it insisted that NOD32 was still running
so i had to stop it