In the last few days my laptop ( Dell Latitude D600 ) has been on a sudden go slow/ stop, affecting Outlook, Internet Explorer, Firefox etc... I have ad to reboot the machine every 15 minutes or so today trying to get to the bottom of it.
In Task manager I note that this is even happening when my machine seems to be only running at 20-30 % capacity. I've noticed that avgnsx.exe seems to be involved when the problem is happening ( certainly when attempting to download fixes), but also some of the Windows search related .exe's ( searchprotocolhost.exe etc.)
I have uninstalled Firefox, as there was an update recently and I'm not sure if that caused some of the problem, also skype is playing up ( Disk I/O errors). I also unistalled and reinstalled AVGto try that.
I found what seems to be a similar problem on this website, ref t264454, and as a first step I downloaded Combofix and this is the log it has given :
ComboFix 10-04-28.08 - Private User 29/04/2010 15:13:59.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.428 [GMT 1:00]
Running from: c:\documents and settings\Private User\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Private User\Application Data\inst.exe
c:\windows\eSellerateEngine.dll
c:\windows\system32\hookdll.dll
c:\windows\system32\uninstall.exe
.
((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-29 )))))))))))))))))))))))))))))))
.
2010-04-29 07:39 . 2010-04-29 14:20 -------- d-----w- c:\documents and settings\Private User\Application Data\Skype
2010-04-28 11:51 . 2010-04-28 11:51 -------- d-----w- c:\documents and settings\Private User\Local Settings\Application Data\Sophos
2010-04-28 11:41 . 2010-04-28 11:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2010-04-28 11:39 . 2010-04-28 11:39 -------- dc----w- C:\stdtsa
2010-04-28 09:59 . 2010-04-29 10:41 -------- d-----w- c:\documents and settings\Private User\Application Data\vlc
2010-04-28 09:49 . 2010-04-28 09:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-28 09:05 . 2010-04-28 09:05 -------- d-----w- c:\program files\VideoLAN
2010-04-28 08:38 . 2010-04-28 08:38 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-04-28 08:38 . 2010-04-28 08:38 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-04-28 08:38 . 2010-04-28 08:38 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-04-28 08:38 . 2010-04-28 08:38 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-28 08:36 . 2010-04-28 08:16 800536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-04-28 08:36 . 2010-04-28 08:16 613656 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-04-28 08:36 . 2010-04-28 08:16 1658136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-28 08:36 . 2010-04-28 08:16 1007896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-04-28 08:17 . 2010-04-28 08:38 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-28 08:17 . 2010-04-28 08:38 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-28 08:17 . 2010-04-28 08:38 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-28 08:17 . 2010-04-29 07:02 -------- d-----w- c:\windows\system32\drivers\Avg
2010-04-28 08:16 . 2010-04-28 08:16 -------- d-----w- c:\program files\AVG
2010-04-28 08:16 . 2010-04-28 08:16 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-04-28 05:52 . 2010-04-28 05:52 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Trusteer
2010-04-22 12:29 . 2010-04-22 12:29 -------- d-----w- c:\documents and settings\Private User\Application Data\Trusteer
2010-04-22 12:28 . 2010-04-22 12:28 -------- d-----w- c:\program files\Trusteer
2010-04-22 07:26 . 2010-04-22 07:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Trusteer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-29 07:49 . 2010-01-06 14:55 -------- d-----r- c:\program files\Skype
2010-04-29 07:04 . 2008-11-13 19:27 -------- d-----w- c:\documents and settings\Private User\Application Data\skypePM
2010-04-28 10:25 . 2007-08-25 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-28 07:34 . 2008-12-01 10:41 -------- d-----w- c:\program files\Common Files\Apple
2010-04-28 06:51 . 2007-08-22 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-28 06:47 . 2007-10-15 07:52 -------- d-----w- c:\documents and settings\Private User\Application Data\Image Zone Express
2010-04-22 12:43 . 2008-07-02 16:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-22 12:42 . 2008-07-17 05:52 5918776 -c--a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-07 06:33 . 2007-09-24 12:38 -------- d-----w- c:\program files\ArcSoft
2010-04-07 06:33 . 2006-02-15 09:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-29 23:46 . 2008-08-02 10:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 23:45 . 2008-07-02 16:50 20824 -c--a-w- c:\windows\system32\drivers\mbam.sys
2010-03-27 13:58 . 2010-03-27 13:58 -------- d-----w- c:\program files\Common Files\Skype
2010-03-10 06:15 . 2004-08-12 13:32 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-08-12 13:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-12 13:22 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 08:10 . 2004-08-12 13:25 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 13:05 . 2010-02-16 13:05 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-02-16 06:49 . 2010-02-16 06:49 52224 ----a-w- c:\documents and settings\Private User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-16 06:49 . 2009-04-23 09:10 117760 ----a-w- c:\documents and settings\Private User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-12 10:03 . 2010-02-24 08:31 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2004-08-12 13:17 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-12 13:30 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"ClearHistory"="c:\program files\Clear History\ClearHistory.exe" [2007-08-16 1201152]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-20 26192680]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2004-05-24 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
"btbb_wcm_McciTrayApp"="c:\program files\btbb_wcm\McciTrayApp.exe" [2005-12-29 543232]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 196608]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe" [2007-05-23 936960]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\Dell\Bluetooth Software\BTTray.exe [2004-4-26 561213]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-30 06:56 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-28 08:38 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-06-17 12:14 180290 ----a-w- c:\windows\system32\LgNotify.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 15:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
2007-05-23 06:22 936960 ------w- c:\program files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClearHistory]
2007-08-16 09:05 1201152 -c--a-w- c:\program files\Clear History\ClearHistory.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2006-01-13 06:46 196608 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\TomTom HOME 2\\xulrunner\\TomTomHOMERuntime.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\SkyGolf\\SkyCaddie Desktop\\SkyCaddieDesktop.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [28/04/2010 09:17 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [28/04/2010 09:17 242896]
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [23/03/2010 16:39 58984]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [23/03/2010 16:39 125160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [19/08/2008 23:34 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [19/08/2008 23:34 74480]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [28/04/2010 09:38 308064]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [23/03/2010 16:39 779496]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 12:31 92008]
R3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [23/08/2007 14:42 18864]
S2 gupdate1c9aea965664210;Google Update Service (gupdate1c9aea965664210);c:\program files\Google\Update\GoogleUpdate.exe [27/03/2009 07:58 133104]
S3 DVBT_Loader;DVB-T Adapter firmware loader;c:\windows\system32\drivers\DVBT_Loader.sys [25/09/2007 15:02 44800]
S3 GenDTV;DVB-T receiver Driver;c:\windows\system32\drivers\Geniausb.sys [25/09/2007 15:07 84992]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [19/08/2008 23:34 7408]
.
Contents of the 'Scheduled Tasks' folder
2010-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2010-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-27 06:58]
2010-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-27 06:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://cm.my.yahoo.com/
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\Dell\Bluetooth Software\btsendto_ie_ctx.htm
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
AddRemove-Kremlin 2.21 - c:\program files\Mach5 Software\Kremlin\Remove.exe
AddRemove-SLABCOMM - c:\windows\system32\uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-29 15:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(996)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LgNotify.dll
.
Completion time: 2010-04-29 15:23:36
ComboFix-quarantined-files.txt 2010-04-29 14:23
Pre-Run: 3,949,535,232 bytes free
Post-Run: 4,188,172,288 bytes free
- - End Of File - - 83254D6F282A61531D480AE83731545C
Thanks for any help you can give
Sign In
Create Account
