Request for help: system "pauses" every few seconds

My problem:
Every 3 or 4 seconds, something causes my system to "pause" for a split-second. The mouse will pause where it was, any program (including video playback) will pause, any text I've been typingin will pause, only to jump back to life about 1/2 a second later. It's like little hiccups.

My system:
Dell Latitude D600 laptop
Windows XP Pro, SP2
1 GB RAM
Intel Pentium M processor, 1.4 GHz
1 hard disk with 2 partitions, each with several GB free

What I've done to try to fix it:
I followed all of the recommended steps - ran CCleaner, AdAware, SpyBot, MS AntiSpyware + Malicious Software Removal, ran the online virus scans at Bitdefender and PandaActive scan. No viruses were found, and mostly just tracking cookies. I've also run HijackThis!.

Logs and Info:
I've attached the BitDefender scan log, the Panda Active Scan log, the HijackThis log and startup list, and the output of the MS System Info program.

Help would be very appreciated - thanks!

 

Here is the System Info file. I had to zip the file, as it was too large to upload as a .txt.

 

You are strongly advised to do the following immediately:

1. Disconnect infected computer from the Internet and from any networked computers until the computer can be cleaned.

2. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

3. From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

There is evidence that the HackTool Rootkit is installed on your system.

Do the following:

Reinstall HijackThis to C:\Program Files\HJT. Do not run HJT from a temporary directory.

Running Spy Sweeper

Running WinPfind by OldTimer

Download Blacklight Beta from here:
http://www.f-secure.com/blacklight/try.shtml

• Hit I accept. It will take you to download page.
• Download blbeta.exe and save it to the Desktop.
• Once saved... double click blbeta.exe to install the program.
• Click accept agreement and Click scan
  This app too may fire off a warning from antivirus. Let the driver load.
  Wait for it to finish.
• If it displays any items...don't do anything with them yet. Just hit exit (close)
• It will drop a log on Desktop that starts with fsbl....big number

Please post contents of log.

Post the SpySweeper log, WinPFind.txt, the BlackLight results, and a fresh HijackThis log.

 

Thanks for the quick response. I ran the three programs as outlined above - SpySweeper didn't find anything, neither did BlackLight Beta. There is quite a lot of stuff in the WinPFind log.

All 3 logs are attached.

 

And here is the hijackthis log.

 

Scan with HijackThis and fix teh following:

Open Windows Explorer and delete the following:

Don't use NSConfig to get into Safe Mode are disable items. Enable Normal Startup in MSConfig and reboot.

Post a fresh HijackThis log.

 

Items were fixed w/HijackThis, I rebooted into normal mode and did another scan. The results are attached. I'm still having the same issue.

 

Are these entries correct?

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=themis:80;https=themis:80

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = usa.corp.powermeasurement.com
O17 - HKLM\Software\..\Telephony: DomainName = usa.corp.powermeasurement.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{327703D2-91EB-4762-A8E3-3068097CC518}: NameServer = 128.175.55.9,128.175.55.11
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = usa.corp.powermeasurement.com

If NmapWin is a tool that was installed on your computer, you can download it it from http://sourceforge.net/projects/nmapwin, and reinstall if necessary.

 

Yes, those settings are correct. I installed NMap myself, and also DmaeWare and VNC (which were detected by some of the spyware scanners, but I did not let them clean them up).

This may or may not be related, but I ran bootvis, and found that MRxSMB.sys is taking an awful long time to startup. There's a 2 minute portion of the startup where this driver is the only thing that is doing anything, and there is not disk/CPU usage. If this is a completely unrelated problem, ignore this and let's not get off onto any tangents, and just focus on one thing at a time.

 

I seem to have fixed the problem - I believe it was some sort of conflict between the Windows Zero Config service for my wireless network card and the stuff that was installed for the Intel ProSet, also used for managing the wireless card. I uninstalled ProSet, and I'm no longer getting the "pause". Odd, because I've had it installed for over a year, and haven't had any issues until this week.

Thanks for all the help!

 

Glad you found the problem. You logs have no other signs of malware.