Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help laptop running real slow, qbooks won't function


  • This topic is locked This topic is locked
38 replies to this topic

#1 rdy2rac

rdy2rac

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 31 December 2008 - 05:14 PM

DDS (Version 1.1.0) - NTFSx86
Run by Robert Staley at 13:55:53.48 on Wed 12/31/2008
Internet Explorer: 8.0.6001.18241

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=userinit.exe,c:\windows\system32\twext.exe,c:\windows\system32\twex.exe,
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RegistryCleanFixMFC] c:\program files\registrycleaner\registrycleaner.exe
uRun: [MySpaceIM] "c:\program files\myspace\im\MySpaceIM.exe"
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [Google Update] "c:\documents and settings\robert staley\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [hpWirelessAssistant] "c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [SynTPLpr] "c:\program files\synaptics\syntp\SynTPLpr.exe"
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [Cpqset] "c:\program files\hpq\default settings\cpqset.exe"
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [eabconfg.cpl] "c:\program files\hpq\quick launch buttons\EabServr.exe" /Start
mRun: [csvdea]
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Sprint Connection Manager] "c:\program files\sprint\connection manager\SprintCM.exe" -a
mRun: [PalmTether] "c:\program files\palmtether\TetherApp.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SpySweeper] c:\program files\webroot\spy sweeper\SpySweeperUI.exe /startintray
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
dRun: [userinit] c:\windows\system32\twext.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
Trusted Zone: microsoft.com\office
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WRNotifier - WRLogonNTF.dll
AppInit_DLLs: avgrsstx.dll
SEH: {E60A0B68-353A-81DD-ED09-2A8101A1DFB1} - No File
LSA: Notification Packages = scecli scecli

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2008-12-31 13:46 <DIR> --d----- C:\hijackthis
2008-12-18 01:52 <DIR> --d----- c:\windows\ie8updates
2008-12-15 00:07 <DIR> --d----- c:\program files\Lavasoft
2008-12-15 00:06 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-14 23:56 <DIR> --dsh--- c:\windows\system32\twain_32

==================== Find3M ====================

2008-12-14 08:59 5,699,584 a------- c:\windows\system32\dllcache\mshtml.dll
2008-10-24 06:10 453,632 a------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 08:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-23 08:01 283,648 a------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-15 11:57 332,800 a------- c:\windows\system32\dllcache\netapi32.dll
2008-10-14 09:58 471,552 a------- c:\windows\uninstall.exe
2008-10-03 05:15 247,326 a------- c:\windows\system32\strmdll.dll
2008-10-03 05:15 247,326 a------- c:\windows\system32\dllcache\strmdll.dll
2008-09-16 20:02 109,136 ac------ c:\docume~1\robert~1\applic~1\GDIPFONTCACHEV1.DAT
2007-07-13 10:10 228 ac------ c:\docume~1\robert~1\applic~1\wklnhst.dat
2004-07-08 04:57 3,081,490 a------- c:\documents and settings\robert staley\Winavi- burn-on-dvds.exe

============= FINISH: 16:05:45.15 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:11:20 AM

Posted 10 January 2009 - 10:20 PM

Howdy, my name is Hoov, and I will be helping you with your dilemma.

Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread.

Here is what I am asking you to do during the repair of your computer

*Tell me everything that you have done, if anything, to try and fix this problem.

*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it.

*Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

*Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.

Now onto trying to fix your computer. I am looking over your log, and I will be back in a bit with some instructions.

Have you gone thru this Speed up a slow computer

Edited by Hoov, 10 January 2009 - 10:36 PM.

Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#3 rdy2rac

rdy2rac
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 10 January 2009 - 10:30 PM

thank you.

fyi i have ran malwarebytes since posting that log. i tried waiting it out but after a week with no response i decided to run that and it found 30 different malware infections.

i can try and run another log to show you the current statis.

#4 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:11:20 AM

Posted 10 January 2009 - 11:03 PM

Yes please. A new Malwarebytes' Antimalware, then after that a new DDS log as before. Sorry about taking so long in getting to you. BleepingComputer got swamped with logs right around the end of December. There are still lots of logs that have yet to be gotten to.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#5 rdy2rac

rdy2rac
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 11 January 2009 - 12:41 AM

its been 2 hours and the dds log program hasn't done anything. is there a trick to get this to log? i had a few issues the the time as well.

#6 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:11:20 AM

Posted 11 January 2009 - 07:27 AM

Nope. Try doing the Malwarebytes' Anti-Malware scan and post the log. Also please download HJT Installer from HEREClick the Download button. When the TrendMicro HJT install box appears, double click on the HJTInstall.exe. Click on Install.
* It will be installed by default here: C:\Program Files\Trend Micro\HijackThis.
* A shortcut to the application will also be placed on your Desktop.
* The program will open automatically after installation.
* You can double-click the icon that was placed on the Desktop to run subsequent HijackThis scans or you can use the icon inside the folder.
* The folder HijackThis is where you will find the HJT logs that you save.
* When you use the application to remove anything, you will also find the backup copies made by HJT inside this folder.
* The first time you open HijackThis, check the Main Menu button at the bottom center. When the main menu appears check the box "Show this window when I start HijackThis".
* Click on "Do a system scan and save logfile." When the log pops up in Notepad, copy and paste that file back here as a New Message in this forum.
* DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.
* Before closing HJT, please click on the AnalyzeThis button. "Analyze This" is for use by TrendMicro, and DOES NOT mean "Analyze My Log".
You will need to post your log on the Hijackthis Forum.
* Close the web page that appears and then close the program.

Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#7 rdy2rac

rdy2rac
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 11 January 2009 - 06:20 PM

here is the malbytes log from when i first scanned it.

Malwarebytes' Anti-Malware 1.32
Database version: 1616
Windows 5.1.2600 Service Pack 2

1/5/2009 2:37:55 AM
mbam-log-2009-01-05 (02-37-55).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 176795
Time elapsed: 1 hour(s), 34 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 21
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f63b171-e2f3-4362-a484-8563144d62e6} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Explorer.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (userinit.exe,C:\WINDOWS\system32\twext.exe,C:\WINDOWS\system32\twex.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Common (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain_32\user.ds.cla (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Common\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

#8 rdy2rac

rdy2rac
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 11 January 2009 - 06:29 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:27:40 PM, on 1/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PalmTether\TetherApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\PALMTE~1\PALMON~1.EXE
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Robert Staley\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Pidgin\pidgin.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe,
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Cpqset] "C:\Program Files\HPQ\Default Settings\cpqset.exe"
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sprint Connection Manager] "C:\Program Files\Sprint\Connection Manager\SprintCM.exe" -a
O4 - HKLM\..\Run: [PalmTether] "C:\Program Files\PalmTether\TetherApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegistryCleanFixMFC] C:\Program Files\RegistryCleaner\registrycleaner.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Robert Staley\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [userinit] C:\WINDOWS\system32\twext.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Pidgin.lnk = C:\Program Files\Pidgin\pidgin.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1184463842375
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10475 bytes

#9 rdy2rac

rdy2rac
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 11 January 2009 - 06:32 PM

todays log

Malwarebytes' Anti-Malware 1.32
Database version: 1616
Windows 5.1.2600 Service Pack 2

1/11/2009 6:17:43 PM
mbam-log-2009-01-11 (18-17-43).txt

Scan type: Full Scan (C:\|)
Objects scanned: 179114
Time elapsed: 3 hour(s), 8 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#10 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:11:20 AM

Posted 11 January 2009 - 07:49 PM

Thanks for the older log. Gives me a picture of what we started with. The newest log is good to except for 1 problem. This is a general rule when dealing with any scanner or tool that you use on your computer. Always do an update of the tool and its signatures before running the scan or tool.

It probably won't matter but I need you to update Malwarebytes' Anti-Malware and then do a full scan again. Also I am going to suggest that you uninstall all your P2P software. They are usually large pipes into your system allowing malware to have access. Also there is a disturbingly large amount of the files that get downloaded via P2P that is infected. By uninstalling it, it might make our job easier.

Also, do you have a Palm PDA? I ask because its software shows up, but its truncated, and I want to make sure its suppose to be installed.

Can you tell me what problems you are having now?

There is one more piece of software that is debatable. Viewpoint manager. Read about viewpoint and then the choice will be up to you.

Your Hijackthis log looks good. Can you run DDS now?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#11 rdy2rac

rdy2rac
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 11 January 2009 - 09:57 PM

ok i removed ares and limewire.

yes i have a palm Centro cellphone.

and i uninstalled viewpoint.

currently i'm having issues with slow response to programs. i click to open up iexplorer and it take a minute(seams like forever) where before it popped up instantly. same with clicking a link it seems to hang and sometimes i have to reclick the link.

when the wife tried using quickbooks it would pop-up a box saying server busy w/ a switch to program box.

#12 rdy2rac

rdy2rac
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 12 January 2009 - 12:36 AM

DDS (Version 1.1.0) - NTFSx86
Run by Robert Staley at 0:31:16.53 on Mon 01/12/2009
Internet Explorer: 8.0.6001.18241

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\twex.exe,
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RegistryCleanFixMFC] c:\program files\registrycleaner\registrycleaner.exe
uRun: [Google Update] "c:\documents and settings\robert staley\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [hpWirelessAssistant] "c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [SynTPLpr] "c:\program files\synaptics\syntp\SynTPLpr.exe"
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [Cpqset] "c:\program files\hpq\default settings\cpqset.exe"
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [eabconfg.cpl] "c:\program files\hpq\quick launch buttons\EabServr.exe" /Start
mRun: [csvdea]
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Sprint Connection Manager] "c:\program files\sprint\connection manager\SprintCM.exe" -a
mRun: [PalmTether] "c:\program files\palmtether\TetherApp.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SynTPStart] "c:\program files\synaptics\syntp\SynTPStart.exe"
mRun: [SpySweeper] c:\program files\webroot\spy sweeper\SpySweeperUI.exe /startintray
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
dRun: [userinit] c:\windows\system32\twext.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: microsoft.com\office
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WRNotifier - WRLogonNTF.dll
AppInit_DLLs: avgrsstx.dll
SEH: {E60A0B68-353A-81DD-ED09-2A8101A1DFB1} - No File
LSA: Notification Packages = scecli scecli

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-01-11 23:59 873,374 a------- c:\windows\system32\oem56.inf
2009-01-11 22:36 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-11 18:25 <DIR> --d----- c:\program files\Trend Micro
2009-01-05 02:06 <DIR> --d----- c:\docume~1\robert~1\applic~1\.purple
2009-01-05 02:05 <DIR> --d----- c:\program files\Pidgin
2009-01-05 02:04 <DIR> --d----- c:\program files\common files\GTK
2009-01-05 00:53 <DIR> --d----- c:\docume~1\robert~1\applic~1\Malwarebytes
2009-01-05 00:51 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-05 00:51 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-04 21:07 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-04 21:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-31 13:46 <DIR> --d----- C:\hijackthis
2008-12-18 01:52 <DIR> --d----- c:\windows\ie8updates
2008-12-17 12:56 <DIR> --dsh--- c:\windows\system32\twain32
2008-12-15 00:07 <DIR> --d----- c:\program files\Lavasoft
2008-12-15 00:06 <DIR> --d----- c:\program files\common files\Wise Installation Wizard

==================== Find3M ====================

2009-01-12 00:02 89,491 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-14 08:59 5,699,584 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-02 06:05 118,656 a------- c:\windows\system32\drivers\Rtnicxp.sys
2008-11-27 11:47 10,240 a------- c:\windows\system32\RtNicProp32.dll
2008-10-24 06:10 453,632 a------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 08:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-23 08:01 283,648 a------- c:\windows\system32\dllcache\gdi32.dll
2008-10-23 01:58 87,280 a------- c:\windows\system32\bcmwlcoi.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-15 11:57 332,800 a------- c:\windows\system32\dllcache\netapi32.dll
2008-10-14 09:58 471,552 a------- c:\windows\uninstall.exe
2008-09-16 20:02 109,136 ac------ c:\docume~1\robert~1\applic~1\GDIPFONTCACHEV1.DAT
2007-07-13 10:10 228 ac------ c:\docume~1\robert~1\applic~1\wklnhst.dat
2004-07-08 04:57 3,081,490 a------- c:\documents and settings\robert staley\Winavi- burn-on-dvds.exe

============= FINISH: 0:32:42.00 ===============

Attached Files

  • Attached File  DDSa.txt   6.68KB   10 downloads


#13 rdy2rac

rdy2rac
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 12 January 2009 - 12:58 AM

ok i did a windows update scan and found a update for my operating system. i went ahead and installed it. comp. is running like it use to. it ran the dds scan in about 2 minutes. i'm running a malware scan now.

#14 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:11:20 AM

Posted 12 January 2009 - 11:53 AM

I don't know why I didn't ask this before, but you have AVG and Symantec installed. Is it the Norton AV that is installed? Or did you try uninstalling it, and its just the remnants?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#15 rdy2rac

rdy2rac
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 12 January 2009 - 12:30 PM

i'm running avg currently, i bought norton with the computer and did not renew it. and i tried mcafee once as well. so how do i remove symantec and do you think thats causing some issues with the system performance?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users