Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help


  • Please log in to reply
1 reply to this topic

#1 mcswainhouse

mcswainhouse

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 09 January 2009 - 06:28 PM

my pc is slow and gives a lot of error messages. ive tried a bunch of things to no avail. here is the dds:

DDS (Ver_09-01-07.01) - NTFSx86
Run by Owner at 17:24:07.04 on Fri 01/09/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.172 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\msiexec.exe
E:\files\setup.exe
C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe
C:\Documents and Settings\Owner\Local Settings\Temp\{A6359CCF-215D-43D9-8366-479D231F2A72}\newtest.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\AIM6\aim6.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uLocal Page = \blank.htm
uStart Page = hxxp://google.atcomet.com/b/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uWinlogon: Shell=c:\windows\explorer.exe c:\docume~1\owner\taskmgr.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: {3bb2aafd-2202-4ceb-946d-3a12679db29b} - c:\windows\system32\qoMdArop.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: {dab6cb0e-0780-49fd-9cfc-98def46c5671} - c:\windows\system32\urqqoPIb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {e56d5504-b701-4b7c-92cf-dd27fc7c41f6} - c:\windows\system32\efcDUoMG.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: Search panel: {f1d7ba44-64c0-8c7e-1973-adee8f29ce6c} - c:\windows\system32\qqpunhdoexuxtwdp.dll
uRun: [BitComet] "c:\program files\bitcomet\BitComet.exe" /tray
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [BackupNotify] c:\program files\hp\digital imaging\bin\backupnotify.exe
uRun: [MSMSGS] "c:\program files\messenger\MSMSGS.EXE" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Twain] c:\documents and settings\owner\application data\twain\Twain.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [wcmdmgr] c:\windows\wt\updater\wcmdmgrl.exe -launch
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SoundMan] SOUNDMAN.EXE
mRunOnce: [WMC_0] c:\windows\system32\cmd.exe /c """""c:\windows\inf\unregmp2.exe"" /ShowWMP"""
mRunOnce: [IERESETATTRIB] %SystemRoot%\system32\cmd.exe /d /q /c %SystemRoot%\system32\ieudinit.exe -ResetFileAttributes
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
mExplorerRun: [Task] c:\docume~1\owner\taskmgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\usb f5d7050\wireless utility\Belkinwcui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\paltalk.lnk - c:\program files\paltalk messenger\paltalk.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\versio~1.lnk - c:\windows\installer\{64a32253-a906-4aeb-b6a7-a90512b68d87}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe
IE: &Search
IE: Add To HP Organize... - c:\progra~1\hewlet~1\hporga~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: ssqQHaYS - ssqQHaYS.dll
AppInit_DLLs: avgrsstx.dll kjsekw.dll tsrial.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\efcDUoMG

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\uda39abf.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\google updater\2.4.1441.4352\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {2F95A9DF-847E-4F16-8EF1-D46E244A429B} - c:\documents and settings\owner\local settings\application data\{2F95A9DF-847E-4F16-8EF1-D46E244A429B}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-30 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-11-30 26824]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-9-3 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-9-3 55024]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-9-3 7408]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-11-30 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-11-30 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-30 76040]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-12-28 24652]
S4 mrtRate;mrtRate; [x]
S4 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2008-6-23 26144]

=============== Created Last 30 ================

2009-01-09 16:19 4,441 a------- c:\windows\system32\spupdsvc.inf
2009-01-09 13:12 402,944 a----r-- c:\windows\system32\drivers\BLKWGU.sys
2009-01-09 12:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2008-12-28 16:28 <DIR> --d----- c:\docume~1\owner\applic~1\QQ Games Plugin
2008-12-28 16:10 <DIR> --d----- c:\docume~1\owner\applic~1\Tencent
2008-12-28 16:10 <DIR> --d----- c:\docume~1\owner\applic~1\QQ Games
2008-12-28 16:10 <DIR> --d----- c:\program files\Tencent
2008-12-28 16:09 <DIR> --d----- c:\program files\AIMTunes
2008-12-28 16:09 21 a------- c:\windows\atid.ini
2008-12-28 16:07 <DIR> --d----- c:\program files\Viewpoint
2008-12-28 16:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\acccore
2008-12-28 16:06 <DIR> --d----- c:\program files\common files\AOL
2008-12-28 16:06 <DIR> --d----- c:\program files\AIM6
2008-12-28 16:05 1,222 a---h--- C:\IPH.PH
2008-12-17 19:07 <DIR> --d----- C:\!KillBox
2008-12-17 18:37 49,152 a------- c:\windows\system32\ChCfg.exe
2008-12-17 18:36 10,528,768 a------- c:\windows\system32\RTLCPL.exe
2008-12-17 18:36 141,016 a------- c:\windows\system32\alsndmgr.wav
2008-12-17 18:36 <DIR> --d----- c:\program files\Realtek AC97
2008-12-17 18:36 577,536 a------- c:\windows\soundman.exe
2008-12-17 18:36 315,392 a------- c:\windows\alcupd.exe
2008-12-17 18:36 217,088 a------- c:\windows\Alcrmv.exe
2008-12-17 18:36 147,456 a------- c:\windows\system32\RtlCPAPI.dll
2008-12-17 18:09 186,097 a------- c:\windows\system32\nvapps.xml
2008-12-17 18:08 446,464 a------- c:\windows\system32\NVUNINST.EXE
2008-12-17 18:08 <DIR> --d----- C:\NVIDIA
2008-12-17 17:58 <DIR> --d----- c:\program files\SystemRequirementsLab
2008-12-17 14:16 <DIR> --d----- c:\docume~1\owner\applic~1\VersionTracker Pro
2008-12-17 14:11 <DIR> --d----- c:\program files\TechTracker
2008-12-17 07:17 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2008-12-17 07:17 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-17 07:17 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-17 07:17 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-17 07:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-15 07:33 <DIR> --d----- c:\program files\Sun
2008-12-15 07:33 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-15 07:33 73,728 a------- c:\windows\system32\javacpl.cpl
2008-12-12 21:52 881,868 a--sh--- c:\windows\system32\GMoUDcfe.ini2
2008-12-12 21:52 881,868 a--sh--- c:\windows\system32\GMoUDcfe.ini

==================== Find3M ====================

2008-12-12 10:41 882,959 a--sh--- c:\windows\system32\bIPoqqru.ini2
2008-12-05 12:36 886,822 a--sh--- c:\windows\system32\porAdMoq.ini2
2008-12-04 00:58 14,336 a------- c:\windows\system32\svchost.exe
2008-12-04 00:52 142,336 a------- c:\windows\upesavadebiberer.dll
2008-11-30 13:42 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-11-30 13:42 76,040 a------- c:\windows\system32\drivers\avgtdix.sys
2008-11-30 13:42 97,928 a------- c:\windows\system32\drivers\avgldx86.sys
2008-09-21 04:23 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090120080908\index.dat
2008-09-21 04:23 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092120080922\index.dat

============= FINISH: 17:24:44.40 ===============

BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:02 PM

Posted 10 January 2009 - 10:49 AM

Hello Mcswainhouse and welcome to Bleeping Computer,

1. Please download GooredFix and save it to your Desktop.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

2. Please download ComboFix from one of the locations below, and save it to your Desktop.

Link
Link
Link

Double click the ComboFix icon to run it.
If ComboFix askes you to install the Recovery Console, please do so..
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.
Once the Recovery Console is installed, continue with the malware scan.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users