Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

laptop freezes, seems to be an AVG related problem


  • Please log in to reply

#1
johnb176

johnb176

    New Member

  • Member
  • Pip
  • 1 posts
Help please

In the last few days my laptop ( Dell Latitude D600 ) has been on a sudden go slow/ stop, affecting Outlook, Internet Explorer, Firefox etc... I have ad to reboot the machine every 15 minutes or so today trying to get to the bottom of it.

In Task manager I note that this is even happening when my machine seems to be only running at 20-30 % capacity. I've noticed that avgnsx.exe seems to be involved when the problem is happening ( certainly when attempting to download fixes), but also some of the Windows search related .exe's ( searchprotocolhost.exe etc.)

I have uninstalled Firefox, as there was an update recently and I'm not sure if that caused some of the problem, also skype is playing up ( Disk I/O errors). I also unistalled and reinstalled AVGto try that.

I found what seems to be a similar problem on this website, ref t264454, and as a first step I downloaded Combofix and this is the log it has given :

ComboFix 10-04-28.08 - Private User 29/04/2010 15:13:59.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.428 [GMT 1:00]
Running from: c:\documents and settings\Private User\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Private User\Application Data\inst.exe
c:\windows\eSellerateEngine.dll
c:\windows\system32\hookdll.dll
c:\windows\system32\uninstall.exe

.
((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-29 )))))))))))))))))))))))))))))))
.

2010-04-29 07:39 . 2010-04-29 14:20 -------- d-----w- c:\documents and settings\Private User\Application Data\Skype
2010-04-28 11:51 . 2010-04-28 11:51 -------- d-----w- c:\documents and settings\Private User\Local Settings\Application Data\Sophos
2010-04-28 11:41 . 2010-04-28 11:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2010-04-28 11:39 . 2010-04-28 11:39 -------- dc----w- C:\stdtsa
2010-04-28 09:59 . 2010-04-29 10:41 -------- d-----w- c:\documents and settings\Private User\Application Data\vlc
2010-04-28 09:49 . 2010-04-28 09:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-28 09:05 . 2010-04-28 09:05 -------- d-----w- c:\program files\VideoLAN
2010-04-28 08:38 . 2010-04-28 08:38 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-04-28 08:38 . 2010-04-28 08:38 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-04-28 08:38 . 2010-04-28 08:38 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-04-28 08:38 . 2010-04-28 08:38 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-28 08:36 . 2010-04-28 08:16 800536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-04-28 08:36 . 2010-04-28 08:16 613656 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-04-28 08:36 . 2010-04-28 08:16 1658136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-28 08:36 . 2010-04-28 08:16 1007896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-04-28 08:17 . 2010-04-28 08:38 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-28 08:17 . 2010-04-28 08:38 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-28 08:17 . 2010-04-28 08:38 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-28 08:17 . 2010-04-29 07:02 -------- d-----w- c:\windows\system32\drivers\Avg
2010-04-28 08:16 . 2010-04-28 08:16 -------- d-----w- c:\program files\AVG
2010-04-28 08:16 . 2010-04-28 08:16 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-04-28 05:52 . 2010-04-28 05:52 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Trusteer
2010-04-22 12:29 . 2010-04-22 12:29 -------- d-----w- c:\documents and settings\Private User\Application Data\Trusteer
2010-04-22 12:28 . 2010-04-22 12:28 -------- d-----w- c:\program files\Trusteer
2010-04-22 07:26 . 2010-04-22 07:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Trusteer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-29 07:49 . 2010-01-06 14:55 -------- d-----r- c:\program files\Skype
2010-04-29 07:04 . 2008-11-13 19:27 -------- d-----w- c:\documents and settings\Private User\Application Data\skypePM
2010-04-28 10:25 . 2007-08-25 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-28 07:34 . 2008-12-01 10:41 -------- d-----w- c:\program files\Common Files\Apple
2010-04-28 06:51 . 2007-08-22 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-28 06:47 . 2007-10-15 07:52 -------- d-----w- c:\documents and settings\Private User\Application Data\Image Zone Express
2010-04-22 12:43 . 2008-07-02 16:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-22 12:42 . 2008-07-17 05:52 5918776 -c--a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-07 06:33 . 2007-09-24 12:38 -------- d-----w- c:\program files\ArcSoft
2010-04-07 06:33 . 2006-02-15 09:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-29 23:46 . 2008-08-02 10:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 23:45 . 2008-07-02 16:50 20824 -c--a-w- c:\windows\system32\drivers\mbam.sys
2010-03-27 13:58 . 2010-03-27 13:58 -------- d-----w- c:\program files\Common Files\Skype
2010-03-10 06:15 . 2004-08-12 13:32 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-08-12 13:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-12 13:22 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 08:10 . 2004-08-12 13:25 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 13:05 . 2010-02-16 13:05 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-02-16 06:49 . 2010-02-16 06:49 52224 ----a-w- c:\documents and settings\Private User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-16 06:49 . 2009-04-23 09:10 117760 ----a-w- c:\documents and settings\Private User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-12 10:03 . 2010-02-24 08:31 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2004-08-12 13:17 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-12 13:30 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"ClearHistory"="c:\program files\Clear History\ClearHistory.exe" [2007-08-16 1201152]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-20 26192680]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2004-05-24 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
"btbb_wcm_McciTrayApp"="c:\program files\btbb_wcm\McciTrayApp.exe" [2005-12-29 543232]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 196608]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe" [2007-05-23 936960]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\Dell\Bluetooth Software\BTTray.exe [2004-4-26 561213]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-30 06:56 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-28 08:38 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-06-17 12:14 180290 ----a-w- c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 15:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
2007-05-23 06:22 936960 ------w- c:\program files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClearHistory]
2007-08-16 09:05 1201152 -c--a-w- c:\program files\Clear History\ClearHistory.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2006-01-13 06:46 196608 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\TomTom HOME 2\\xulrunner\\TomTomHOMERuntime.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\SkyGolf\\SkyCaddie Desktop\\SkyCaddieDesktop.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [28/04/2010 09:17 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [28/04/2010 09:17 242896]
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [23/03/2010 16:39 58984]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [23/03/2010 16:39 125160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [19/08/2008 23:34 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [19/08/2008 23:34 74480]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [28/04/2010 09:38 308064]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [23/03/2010 16:39 779496]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 12:31 92008]
R3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [23/08/2007 14:42 18864]
S2 gupdate1c9aea965664210;Google Update Service (gupdate1c9aea965664210);c:\program files\Google\Update\GoogleUpdate.exe [27/03/2009 07:58 133104]
S3 DVBT_Loader;DVB-T Adapter firmware loader;c:\windows\system32\drivers\DVBT_Loader.sys [25/09/2007 15:02 44800]
S3 GenDTV;DVB-T receiver Driver;c:\windows\system32\drivers\Geniausb.sys [25/09/2007 15:07 84992]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [19/08/2008 23:34 7408]
.
Contents of the 'Scheduled Tasks' folder

2010-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-27 06:58]

2010-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-27 06:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://cm.my.yahoo.com/
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\Dell\Bluetooth Software\btsendto_ie_ctx.htm
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
AddRemove-Kremlin 2.21 - c:\program files\Mach5 Software\Kremlin\Remove.exe
AddRemove-SLABCOMM - c:\windows\system32\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-29 15:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(996)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LgNotify.dll
.
Completion time: 2010-04-29 15:23:36
ComboFix-quarantined-files.txt 2010-04-29 14:23

Pre-Run: 3,949,535,232 bytes free
Post-Run: 4,188,172,288 bytes free

- - End Of File - - 83254D6F282A61531D480AE83731545C
Thanks for any help you can give
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP