Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not sure if infected but something is horribly wrong


  • Please log in to reply
1 reply to this topic

#1 Island Jim

Island Jim

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 24 December 2008 - 01:48 PM

Hi guys

I'm running vista with an 80GB HD (16GB free) and 1GB RAM.
Shortly after installing Coldfusion and MySQL I noticed how my startup time had gone from pretty fast, to about a whole cigarette and a cup of coffee before and applications would begin to run. I had a look at my proccesses, and I'm using about 700-800MB RAM with no apps running. I have set CF and MySQL to manual startup, and stopped all other services that I felt I could get away with (having limited knowledge) but it seems to have made no difference whatsoever.
I am reading as much as I can about memory management and services, but am also wondering if there is possibly some malware at work.

Would really appreciate it if someone could help me try and get a handle on this, as having my RAM maxed out is no good when using graphics and web designing apps. I have attached my 'ATTACH.txt' file and will post DDS log below.

Thanks for taking the time to read this.


DDS (Version 1.1.0) - NTFSx86
Run by James at 2:30:37.69 on Thu 12/25/2008
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_07
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.63.1033.18.1015.245 [GMT 8:00]

AV: avast! antivirus 4.8.1229 [VPS 081125-1] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\ATWTUSB.EXE
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\TBLMOUSE.EXE
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\James\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.gmail.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_PH&c=none&bd=smb&pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - Skype add-on (mastermind)
BHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - AVG Safe Search
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
uRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [atwtusb] atwtusb.exe beta
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~3.0_0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\james\appdata\roaming\mozilla\firefox\profiles\5q0ghxri.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/?shva=1#inbox
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\yahoo!\shared\npYState.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-9-12 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-9-12 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-9-12 51792]
S1 aiptektp;Pen Pad;c:\windows\system32\drivers\aiptektp.sys [2008-2-10 22528]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
S3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\hmumdm.sys [2008-5-16 92032]

=============== Created Last 30 ================

2008-12-24 08:50 <DIR> --d----- c:\users\james\appdata\roaming\MySQL
2008-12-24 08:13 <DIR> --d----- c:\program files\MySQL
2008-12-20 12:12 <DIR> --d----- c:\users\james\appdata\roaming\Uniblue
2008-12-14 01:26 22 a---h--- C:\qpmd8379.bin
2008-12-14 01:23 53,248 a------- c:\windows\system32\cfperfmon_8.dll
2008-12-14 01:16 <DIR> --d----- C:\ColdFusion8
2008-12-14 01:16 <DIR> --d-h--- c:\program files\Zero G Registry
2008-12-14 01:13 <DIR> --d-h--- c:\users\james\InstallAnywhere
2008-12-11 11:12 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-12-10 18:57 2,048 a------- c:\windows\system32\tzres.dll
2008-12-10 07:02 28,672 a------- c:\windows\system32\Apphlpdm.dll
2008-12-10 07:02 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2008-12-10 06:18 2,927,104 a------- c:\windows\explorer.exe
2008-12-10 06:18 827,392 a------- c:\windows\system32\wininet.dll
2008-12-10 06:00 2,868,736 a------- c:\windows\system32\mf.dll
2008-12-10 06:00 996,352 a------- c:\windows\system32\WMNetMgr.dll
2008-12-10 06:00 94,720 a------- c:\windows\system32\logagent.exe
2008-12-10 05:39 296,960 a------- c:\windows\system32\gdi32.dll
2008-12-07 15:14 29,272 a----r-- c:\windows\system32\AdobePDF.dll
2008-12-03 13:08 268 a---h--- C:\sqmdata00.sqm
2008-12-03 13:08 244 a---h--- C:\sqmnoopt00.sqm
2008-11-27 14:08 83,144 a------- c:\windows\system32\PICCLP32.OCX
2008-11-27 14:08 53,248 a------- c:\windows\system32\ArmAccess.dll
2008-11-27 14:08 608,448 a------- c:\windows\system32\COMCTL32.OCX
2008-11-27 14:08 494,352 a------- c:\windows\system32\SHDOC401.DLL
2008-11-27 14:08 164,144 a------- c:\windows\system32\COMCT232.OCX
2008-11-27 14:08 <DIR> --d----- c:\program files\PC Doc Pro
2008-11-26 19:26 56 a---h--- c:\windows\system32\ezsidmv.dat
2008-11-26 09:16 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2008-11-26 09:16 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2008-11-26 09:16 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2008-11-26 09:16 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2008-11-26 09:16 1,645,568 a------- c:\windows\system32\connect.dll
2008-11-25 20:12 <DIR> --d----- c:\program files\common files\Autodesk Shared
2008-11-25 20:09 <DIR> --d----- c:\programdata\Autodesk

==================== Find3M ====================

2008-12-20 14:39 143,360 a------- c:\windows\inf\infstrng.dat
2008-12-20 14:39 86,016 a------- c:\windows\inf\infstor.dat
2008-12-20 14:39 51,200 a------- c:\windows\inf\infpub.dat
2008-11-27 01:17 51,792 a------- c:\windows\system32\drivers\aswMonFlt.sys
2008-11-03 16:29 0 a---h--- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2008-11-01 11:44 52,736 a------- c:\windows\apppatch\iebrshim.dll
2008-11-01 11:44 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2008-11-01 11:44 541,696 a------- c:\windows\apppatch\AcLayers.dll
2008-11-01 11:44 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2008-11-01 11:44 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2008-10-17 04:56 1,524,736 a------- c:\windows\system32\wucltux.dll
2008-10-17 04:55 83,456 a------- c:\windows\system32\wudriver.dll
2008-10-16 14:08 162,064 a------- c:\windows\system32\wuwebv.dll
2008-10-16 13:56 31,232 a------- c:\windows\system32\wuapp.exe
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-17 13:00 174 a--sh--- c:\program files\desktop.ini
2008-09-17 12:36 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 20:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 20:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 20:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 20:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 17:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 17:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 17:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 17:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 2:32:52.41 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 sjpritch25

sjpritch25

  • Security Colleague
  • 895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:05:47 AM

Posted 05 January 2009 - 10:08 PM

Welcome to BC :thumbsup:

Honestly, that setup really isn't meant form developing. Most Vista basic pc's are designed for minimal computing. Mostly for internet surfing, email, word processor, and other low cpu use activities. We can try and clean up some startup stuff. Let me know though. Finally, 1GB of memory is a little small for even Vista Basic.
Microsoft MVP Consumer Security--2007-2010




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users