Member Avatar for algismorales

Hi Daniweb,
I was wondering if you could please help me out. My laptop OS is Windows Vista, and last night after downloading Skype, my computer became erratic and very very slow. I uninstalled it immediately, but the computer's performance all of a sudden was shot. It took a long time for it to even startup this morning. Could it have been something related to downloading Skype?
I followed PhilliePhan's 'Read Me before posting a request for assistance' procedure, and below are attached the items requested:

MalwareByte's Anti-Malware log
(I had to run it 3 times because the first two times, it got stuck as it got started scanning the HKEY files. The third time after I clicked OK when the scan was done, it did not prompt me to Show Results and it did not give me the option to check any items and 'Remove Selected'. No malicious items were detected.)

GMEROne.log and GMERTwo.log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-04 16:43:08
Windows 6.0.6002 Service Pack 2
Running: g2koekje.exe; Driver: C:\Users\Algis\AppData\Local\Temp\fxldrpod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS (PandaShield driver/Panda Software) ZwEnumerateKey [0x8D87A3B2]
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS (PandaShield driver/Panda Software) ZwEnumerateValueKey [0x8D87A58A]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x8D8F1B9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x8D8F19C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x8D8F1AFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
Device \FileSystem\fastfat \Fat ShldDrv.SYS (PandaShield driver/Panda Software)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-04 19:04:39
Windows 6.0.6002 Service Pack 2
Running: g2koekje.exe; Driver: C:\Users\Algis\AppData\Local\Temp\fxldrpod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS (PandaShield driver/Panda Software) ZwCreateKey [0x8D87A1BA]
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS (PandaShield driver/Panda Software) ZwDeleteKey [0x8D87A2D6]
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS (PandaShield driver/Panda Software) ZwDeleteValueKey [0x8D87A42A]
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS (PandaShield driver/Panda Software) ZwEnumerateKey [0x8D87A3B2]
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS (PandaShield driver/Panda Software) ZwEnumerateValueKey [0x8D87A58A]
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS (PandaShield driver/Panda Software) ZwOpenKey [0x8D87A264]
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS (PandaShield driver/Panda Software) ZwQueryKey [0x8D87A33E]
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS (PandaShield driver/Panda Software) ZwQueryValueKey [0x8D87A512]
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS (PandaShield driver/Panda Software) ZwSetValueKey [0x8D87A498]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x8D8F1B9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x8D8F19C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x8D8F1AFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device aswSP.SYS (avast! self protection module/ALWIL Software)
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


DDS ScanLogs (DDS.txt and Attach.txt)

Can you help me please? Thank you kindly!

Algis

DDS.zip (4.89 KB) 
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4391

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

8/5/2010 3:52:00 AM
mbam-log-2010-08-05 (03-52-00).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 262397
Time elapsed: 1 hour(s), 17 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 4 Contributors
  • 4 Replies
  • 211 Views
  • 3 Days Discussion Span
  • Latest Post Latest Post by fred sheehan
Member Avatar for W1ND0W5

I think the logical thing to do is uninstall Skype, and clear the registry. The fact that MBAM stopped on the registry keys is not good.

Member Avatar for racoon8995

use ur recovery CD..or if u have a restore point use it.if problem persists backup your files and reinstall windows

Member Avatar for algismorales

I think the logical thing to do is uninstall Skype, and clear the registry. The fact that MBAM stopped on the registry keys is not good.

Hi W1NDOW5,
My OS is Windows Vista. Can you give me the procedure for cleaning the registry please? I uninstalled Skype but my laptop is still sluggish. From the moment I turn it on, it takes a while for it to connect to the internet, and a while until I'm able to open up any websites. Perhaps it's not a virus, but something in the registry.

Thank you!

Member Avatar for fred sheehan

You should have a restore point before skype was installed, type 'system restore' in PC search bar, bottom left by start button, this should launch system restore function, and allow you to restore to a point before Skype was installed.

To manually remove entries in registry is fine if you are confident, and dangerous to your OS if you are not, use a good registry cleaner or 'uninstaller' program it is safer.

look in 'programs' list for 'start up' folder, and make sure that Skype hasn't left something there.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.