[yamalow]

it says "no matches found for lpduuq on *"
but my computer seems to be running faster then ever before.
this happened yesterday but it only lasted for 5 min let me see if it happens again when i start opening some programs i use daily.

[Advertisements]

it freezes for about a minute again. Not sure what else to do.

[yamalow]

it freezes for about a minute again. Not sure what else to do.

[Jimmy2012]

Hello yamalow,

Please run the following program.



Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[yamalow]

i just realized that this all started the day after i changed from avir anti-virus to mbam. could the mbam be what is making my computer sluggish? I thought the the avira was not really doing anything so i decided to switch over.

heres the combofix log

ComboFix 09-04-01.01 - ben 2009-04-02 19:21:24.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.991.586 [GMT -4:00]
Running from: c:\documents and settings\ben\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-03-02 to 2009-04-02 )))))))))))))))))))))))))))))))
.

2009-03-29 14:39 . 2009-03-29 14:39 685,056 --a------ c:\windows\isRS-000.tmp
2009-03-25 17:38 . 2009-03-29 14:31 <DIR> d-------- C:\Rooter$
2009-03-25 14:43 . 2009-03-25 14:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-03-10 22:04 . 2009-03-10 22:04 <DIR> d-------- c:\documents and settings\ben\Application Data\AdobeUM
2009-03-07 17:23 . 2009-03-07 17:23 <DIR> d-------- c:\program files\NOS
2009-03-07 17:23 . 2009-03-07 17:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2009-03-06 15:05 . 2009-03-29 14:40 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-06 15:05 . 2009-03-06 15:05 <DIR> d-------- c:\documents and settings\ben\Application Data\Malwarebytes
2009-03-06 15:05 . 2009-03-06 15:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-06 15:05 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-06 15:05 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-02 23:06 --------- d-----w c:\program files\Warcraft III
2009-03-27 20:11 34 ----a-w c:\documents and settings\ben\jagex_runescape_preferences.dat
2009-03-26 01:50 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-25 18:58 --------- d-----w c:\documents and settings\ben\Application Data\BitTorrent
2009-03-06 00:37 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-28 17:26 --------- d-----w c:\documents and settings\ben\Application Data\Auslogics
2009-02-23 00:34 --------- d-----w c:\documents and settings\ben\Application Data\InterVideo
2009-02-21 06:29 --------- d-----w c:\program files\Auslogics
2009-02-21 05:15 --------- d-----w c:\program files\DivX
2009-02-18 04:42 --------- d-----w c:\documents and settings\ben\Application Data\DivX
2009-02-06 05:00 --------- d-----w c:\program files\PokerStars
2009-01-07 01:51 2,829 ------w c:\windows\War3Unin.pif
2009-01-07 01:51 139,264 ------w c:\windows\War3Unin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-02 7557120]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-11 136600]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-12-12 157312]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-14 503808]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-14 2341632]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-03-26 401040]
"nwiz"="nwiz.exe" [2006-03-02 c:\windows\system32\nwiz.exe]
"Mouse Suite 98 Daemon"="ICO.EXE" [2005-04-13 c:\windows\system32\ico.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]

c:\documents and settings\ben\Start Menu\Programs\Startup\
OneNote Table Of Contents.onetoc2 [2009-01-20 3656]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-03-06 179856]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [2006-07-14 3968]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-03-06 15504]
R3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [2009-01-05 16384]
R3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\pelusblf.sys [2009-01-05 9216]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-03-07 33752]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{129a2f61-db95-11dd-86f0-001617ac11b0}]
\Shell\AutoRun\command - D:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E17D8D3C-762E-E86C-BC90-D2638B15129B}]
c:\windows\alg.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-02 c:\windows\Tasks\Malwarebytes' Scheduled Update for ben.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-03-26 16:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.lenovo.com/us/en/
IE: &Download All with FlashGet - c:\documents and settings\Default User\Local Settings\Temp\flgpxtryd\jc_all.htm
IE: &Download with FlashGet - c:\documents and settings\Default User\Local Settings\Temp\flgpxtryd\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\ben\Application Data\Mozilla\Firefox\Profiles\ul8mikez.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-02 19:36:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\Zune\ZuneNss.exe
c:\windows\system32\FSRremoS.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\PELMICED.EXE
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2009-04-02 19:46:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-02 23:46:48

Pre-Run: 166,566,019,072 bytes free
Post-Run: 166,515,478,528 bytes free

135 --- E O F --- 2009-03-15 14:59:43

[Jimmy2012]

Hello yamalow,

could the mbam be what is making my computer sluggish?

Not sure, could you please try to turn off MBAM and then see if your computer is still going slow.

[yamalow]

ok well that seems top be working well. I hope it stays, but i still need an anti-virus what one would you recommend?

[Jimmy2012]

Hello yamalow,

Here are two to pick from, both are free.
AntiVir
AVG

I would recommend AntiVir.

Edited by Jimmy2012, 03 April 2009 - 03:00 PM.

[yamalow]

ok thank you so much for the help everything seems to be working great

[Jimmy2012]

Hello yamalow,
Your logs look clean.
Just a few more things to do.




Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Follow these steps to uninstall Combofix and tools used in the removal of malware

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  

Please download OTCleanIt and save it to your Desktop.

• Double-click OTCleanIt.exe
  
• Click the CleanUp! button to begin removing tools used to clean your computer
  
• If you are prompted to Reboot during the cleanup, please select Yes

Please remove any leftover tools used to clean your computer.








The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

1. Spywareguard: Is realtime protection from spyware.

2. Spywareblaster: Helps protect against any bad ActiveX from installing on your computer.

3. SuperAntiSpyware: Use this program to help remove any spyware that may have gotten on your computer.

4. FireFox: This is a great alternate browser over Internet Explorer. Firefox is much more secure then Internet Explorer and also has a bulilt in pop up blocker.

5. ATF Cleaner: This program cleans out your temporary files. This is a great tool that can help speed your computer up.

6. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

7. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

[yamalow]

i got through the second and third thing, but i could not get the java to install the newest environment. Also my computer went back to stalling again.

[Jimmy2012]

Hello yamalow,

but i could not get the java to install the newest environment.

What does it do when you try to install it?

Also my computer went back to stalling again.

As bad as it was before, or just a little this time?

[yamalow]

wen i go to install it says it is preparing but i let it sit for 30 min when i went somewhere and it never loaded.

It stalled a little this time, and it was only when i was working with the java thing.

[Jimmy2012]

Hello yamalow,
Please see if it works this way.




Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:

• Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 13.
• Click the "Download" button to the right.
• Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
• Click on Continue.
• Click on the link to download Windows Offline Installation (jre-6u13-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u13-windows-i586-p.exe and select "Run as an Administrator.")

[yamalow]

My computer has gone back to the way it was before, but maybe worse. It is like the computer just stops until i hit ctr alt del then task manager takes about 2-3 min to pop up then it will go for anywhere between a min and a second. Im still trying to get this java thing to work but it is very frustrating when the computer stalls and you cant do anything.

[yamalow]

i finished installing java, the computer is very off and on. It will work great for a couple hours, then it will be just awful for 20 min.