Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My hijack this log


  • This topic is locked This topic is locked
8 replies to this topic

#1 Start

Start

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:27 PM

Posted 31 January 2009 - 05:25 AM

My computer is a bit strange these days. Please see if my log is strange. PS. I am using Windows Xp SP2 Chinese version, therefore, you might see some Chinese characters.

------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:21:58, on 31/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\PWC3800\PWCam.exe
C:\WINDOWS\VM_STI.EXE
C:\WINPENJR\Win32\pphidpad.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\jack lau\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PWCam] C:\Program Files\Common Files\PWC3800\PWCam.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE PLEOMAX PWC-3800
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\jack lau\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...502/mcfscan.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour 服務 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod 服務 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8079 bytes

BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:27 AM

Posted 08 February 2009 - 12:09 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Download and Run DDS
If you already have a copy of DDS, there is no need to download a new one.

Download DDS by sUBs from any of the links below:
DDS.com, DDS.scr, DDS.pif

Double click its icon to run it. If you are using Windows Vista, right click it and select "Run as Administrator".
When the scan is finished, two logs will open.
Post DDS.txt directly into your reply. Attach Attach.txt.

F-Secure Online Scan
Please run F-Secure Online Scanner.
This scan is for Internet Explorer only.
  • It is suggested that you disable security programs and close any other windows during the scan. While your security is disabled, please refrain from surfing on other sites. Refer to this page if you are unsure how.
  • Go to F-Secure Online Scanner
  • Follow the instructions here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs, click Full System Scan
  • Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy the entire report in your next reply.
  • Be sure to re-enable any security programs.

Please tell me what changes have been made to the computer since your topic was started. Also give me an update on any symptoms.

With Regards,
The Panda

#3 Start

Start
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:27 PM

Posted 09 February 2009 - 04:13 AM

DDS (Ver_09-02-01.01) - NTFSx86
Run by jack lau at 16:58:39.62 on 09/02/2009 Mon
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.950.886.1028.18.2039.1452 [GMT 8:00]

AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated)
FW: Kaspersky Anti-Virus *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Common Files\PWC3800\PWCam.exe
C:\WINDOWS\VM_STI.EXE
C:\WINPENJR\Win32\pphidpad.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\jack lau\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ASUS\Probe\ASUSPROB.EXE
C:\Documents and Settings\jack lau\桌面\dds.scr
C:\WINDOWS\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File
uRun: [Google Update] "c:\documents and settings\jack lau\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [PWCam] c:\program files\common files\pwc3800\PWCam.exe
mRun: [BigDogPath] c:\windows\VM_STI.EXE PLEOMAX PWC-3800
mRun: [PPHIDPAD] c:\winpenjr\win32\pphidpad.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\avp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\「開始~1\程式集\啟動\blueso~1.lnk - c:\program files\ivt corporation\bluesoleil\BlueSoleil.exe
StartupFolder: c:\docume~1\alluse~1\「開始~1\程式集\啟動\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
StartupFolder: c:\docume~1\alluse~1\「開始~1\程式集\啟動\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\SCIEPlgn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5502/mcfscan.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1.0fo\adialhk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jackla~1\applic~1\mozilla\firefox\profiles\sff9ruow.default\
FF - prefs.js: browser.startup.homepage - hxxp://en.wikipedia.org/wiki/Main_Page
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\mozilla firefox\components\CheckTudouVa.dll
FF - plugin: c:\documents and settings\jack lau\local settings\application data\google\update\1.2.133.33\npGoogleOneClick7.dll

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2007-7-18 112144]
R1 klif;Klif;c:\windows\system32\drivers\klif.sys [2007-11-9 194832]
R1 ppmoucls;ppmoucls;c:\windows\system32\drivers\PPMOUCLS.SYS [2008-8-20 20704]
R1 pptchpad;PenPower Touchpad;c:\windows\system32\drivers\PPTCHPD5.SYS [2008-8-20 17216]
R2 AVP;Kaspersky Anti-Virus 6.0;c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\avp.exe [2007-11-19 231952]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-5-30 24344]
R3 ZSMC302;PLEOMAX PWC-3800;c:\windows\system32\drivers\usbvm302.sys [2008-11-6 90968]

=============== Created Last 30 ================

2009-02-08 22:13 458,752 a------- c:\windows\system\COMCTL32.DLL
2009-02-08 22:13 245,912 a------- c:\windows\system\VCLX35.BPL
2009-02-08 22:13 187,392 a------- c:\windows\system\BCBSMP35.BPL
2009-02-08 22:13 1,455,736 a------- c:\windows\system\VCL35.BPL
2009-02-08 22:13 996,872 a------- c:\windows\system\CP3240MT.DLL
2009-02-08 22:13 29,952 a------- c:\windows\system\BORLNDMM.DLL
2009-02-08 22:13 6,272 a------- c:\windows\system32\drivers\ASLM75.SYS
2009-02-08 22:13 <DIR> --d----- c:\program files\ASUS
2009-02-08 22:13 299,008 a------- c:\windows\uninst.exe
2009-02-08 22:12 <DIR> --d----- c:\documents and settings\jack lau\WINDOWS
2009-02-01 13:36 552 a------- c:\windows\system32\d3d8caps.dat
2009-01-31 21:22 3,398 a------- c:\windows\system32\PerfStringBackup.TMP
2009-01-31 18:21 <DIR> --d----- c:\program files\Trend Micro
2009-01-31 11:02 <DIR> --d----- c:\documents and settings\jack lau\Tracing
2009-01-31 10:56 <DIR> --d----- c:\program files\Microsoft
2009-01-31 10:55 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-01-31 10:50 <DIR> --d----- c:\program files\common files\Windows Live
2009-01-19 19:13 244 a---h--- C:\sqmnoopt01.sqm
2009-01-19 19:13 232 a---h--- C:\sqmdata01.sqm
2009-01-18 10:19 244 a---h--- C:\sqmnoopt00.sqm
2009-01-18 10:19 232 a---h--- C:\sqmdata00.sqm
2009-01-10 17:32 <DIR> --d----- C:\ProDesktopProgram

==================== Find3M ====================

2009-02-09 16:58 14,963,232 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-02-09 16:58 1,250,592 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-02-08 22:59 119,240 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-02-08 22:59 202,160 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-02-08 22:05 101,287 a------- c:\windows\system32\drivers\klin.dat
2009-02-08 22:05 89,601 a------- c:\windows\system32\drivers\klick.dat
2009-01-31 21:22 214,084 a------- c:\windows\system32\prfh0404.dat
2009-01-31 21:22 60,604 a------- c:\windows\system32\prfc0404.dat
2009-01-08 20:00 499,712 a------- c:\windows\system32\msvcp71.dll
2009-01-08 20:00 348,160 a------- c:\windows\system32\msvcr71.dll
2008-12-24 19:14 413,696 a------- c:\windows\system32\wrap_oal.dll
2008-12-24 19:14 110,592 a------- c:\windows\system32\OpenAL32.dll
2008-12-23 10:23 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2008-12-22 09:42 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-02 22:37 49,480 a------- c:\windows\system32\sirenacm.dll
2004-08-04 00:48 524 ---shr-- c:\windows\sscfgwin.sys

============= FINISH: 17:00:03.82 ===============

Attached Files



#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:27 AM

Posted 09 February 2009 - 08:26 AM

Hello.

There does not appear to be any malware.

What problems are you having?

With Regards,
The Panda

#5 Start

Start
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:27 PM

Posted 09 February 2009 - 10:08 AM

The process "system" in the task manager sometimes uses more than 90% of the CPU when I run Firefox.

EDIT:It is the process: System (with capital S).

Edited by Start, 09 February 2009 - 10:10 AM.


#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:27 AM

Posted 09 February 2009 - 11:55 AM

Hello.

Let's see what's running under the System process..

Please download ProcessExplorer.zip to your desktop.
Extract procexp.exe. Run procexp.exe.
You should see the processes on the left. "System" should be near the top. Click on it once to select it.
Click on File - > Save as.. and save the log onto your desktop as system.txt.
Attach that to your next reply.

With Regards,
The Panda

#7 Start

Start
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:27 PM

Posted 16 February 2009 - 05:49 AM

Hi there. Sorry for the late reply. My computer has another symptom. The process - taskmgr.exe (Windows Task Manager) uses large amount of CPU percentage when I am using it. Is this normal? (Image attached)

Attached Files



#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:27 AM

Posted 16 February 2009 - 02:09 PM

Hello.

That is not "normal", but it shouldn't be an issue since the Task Manager isn't used often.

Is the System process still taking up the CPU? If so, follow the directions in my previous post on using Process Explorer to look under the System process.

With Regards,
The Panda

#9 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:27 AM

Posted 25 February 2009 - 03:39 PM

There had been no reply from the topic starter in 5 days. Due to inactivity, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users