Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer listed as Windows Vista Service Pack 3


  • This topic is locked This topic is locked
57 replies to this topic

#1 tompic823

tompic823

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 10 April 2009 - 12:30 AM

I have Windows Vista Home Premium installed (Genuine OEM) and in system properties in the control panel, my system is listed as having Windows Vista Home Premium Service Pack 3 installed. I have Avira Antivir, Threatfire, and Windows Defender and none of them report any discrepancies. I also have all updates installed including Critical, important, and recommended. I would appreciate any help you guys can provide. Thanks!



DDS (Ver_09-03-16.01) - NTFSx86
Run by Thomas at 15:04:42.28 on Fri 04/10/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07
Microsoft® Windows Vista™ Home Premium 6.0.6001.3.1252.1.1033.18.3325.2106 [GMT -4:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
AV: ThreatFire *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\PowerPanel Business Edition\bin\ppbed.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_6fa9efce\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\dllhost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Windows\System32\TUProgSt.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\dllhost.exe
C:\Windows\System32\msdtc.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\SetPoint\LBTWiz.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\PowerPanel Business Edition\bin\ppbeuser.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\iPod\bin\iPodService.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Thomas\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [i8kfangui] c:\program files\i8kfangui\I8kfanGUI.exe /startup
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [<NO NAME>]
mRun: [Logitech BT Wizard] LBTWiz.exe -silent
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ppbeuser] c:\program files\powerpanel business edition\bin\ppbeuser.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
AppInit_DLLs:

================= FIREFOX ===================

FF - ProfilePath - c:\users\thomas\appdata\roaming\mozilla\firefox\profiles\6z21t4ci.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll

---- FIREFOX POLICIES ----

============= SERVICES / DRIVERS ===============

R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2008-10-24 293632]
R0 MDPMGRNT;MacDrive partition driver;c:\windows\system32\drivers\MDPMGRNT.SYS [2008-10-24 19072]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2008-5-3 51472]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2008-5-3 39184]
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2008-12-20 14464]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-3-14 100560]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-3-14 41744]
R2 MacDriveService;MacDrive service;c:\program files\mediafour\macdrive 7\MacDriveService.exe [2008-9-2 150528]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2008-6-12 210216]
R2 ppbed;PowerPanel Business Edition Service;c:\program files\powerpanel business edition\bin\ppbed.exe [2009-4-10 184320]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2006-11-2 7168]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2008-12-19 603904]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-7-8 24652]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2008-7-26 42280]
R3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2007-12-20 1553904]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2008-5-3 33040]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-3-14 87568]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111v.sys [2008-8-4 904192]
S3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNIMP50.sys [2008-5-3 21504]
S3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNISP50.sys [2008-5-3 20480]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2007-4-5 17920]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2007-1-23 7680]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2008-1-7 25088]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2009-2-16 31824]
S3 WMSvc;Web Management Service;c:\windows\system32\inetsrv\WMSvc.exe [2008-5-3 11264]
S3 xbreader;ActionReplay XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [2008-10-26 19677]

=============== Created Last 30 ================

2009-04-10 00:32 <DIR> --d----- c:\program files\PowerPanel Business Edition
2009-04-09 17:44 <DIR> --d----- c:\program files\common files\DivX Shared
2009-04-07 13:46 <DIR> --d----- C:\.Trashes
2009-04-07 13:46 4,096 -------- C:\._.Trashes
2009-04-06 16:17 <DIR> --d----- C:\.jagex_cache_32
2009-04-04 12:46 <DIR> --d----- c:\programdata\NVIDIA
2009-04-04 12:39 <DIR> --d----- c:\windows\system32\AGEIA
2009-04-04 12:39 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-04-04 12:39 1,108,512 a------- c:\windows\system32\nvcpluir.dll
2009-04-04 12:39 797,216 a------- c:\windows\system32\nvcplui.exe
2009-04-04 12:39 420,384 a------- c:\windows\system32\nvcpl.cpl
2009-04-04 12:37 446,464 a------- c:\windows\system32\nvudisp.exe
2009-04-04 12:37 8,664 a------- c:\windows\system32\nvdisp.nvu
2009-04-04 12:36 446,464 a------- c:\windows\system32\NVUNINST.EXE
2009-04-03 22:44 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-04-03 22:44 266,088 a------- c:\windows\system32\xactengine2_8.dll
2009-04-03 22:43 <DIR> --d----- c:\windows\system32\xlive
2009-04-01 19:33 <DIR> --d----- c:\programdata\id Software
2009-04-01 19:33 <DIR> --d----- c:\progra~2\id Software
2009-03-29 12:53 7,168 a------- c:\windows\DellBIOS.Sys
2009-03-28 18:56 <DIR> --d----- C:\PCTemp
2009-03-28 18:55 <DIR> --d----- C:\PowerPanel
2009-03-28 09:17 97,800 a------- c:\windows\system32\infocardapi.dll
2009-03-28 09:17 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-03-28 09:17 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-03-28 09:17 622,080 a------- c:\windows\system32\icardagt.exe
2009-03-28 09:17 11,264 a------- c:\windows\system32\icardres.dll
2009-03-28 09:17 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-03-28 09:17 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-03-28 09:16 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-03-19 17:54 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-03-19 17:54 23,848 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 17:54 <DIR> --d----- c:\program files\iPod
2009-03-19 17:54 <DIR> --d----- c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-19 17:54 <DIR> --d----- c:\program files\iTunes
2009-03-19 17:54 <DIR> --d----- c:\progra~2\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-17 16:31 20,992 a------- c:\windows\system32\vncmirror.dll
2009-03-17 16:31 4,608 a------- c:\windows\system32\drivers\vncmirror.sys
2009-03-17 16:31 <DIR> --d----- c:\program files\RealVNC
2009-03-14 19:04 <DIR> --d----- c:\users\thomas\.VirtualBox
2009-03-14 19:01 100,560 a------- c:\windows\system32\drivers\VBoxDrv.sys
2009-03-14 19:01 129,552 a------- c:\windows\system32\VBoxNetFltNotify.dll
2009-03-14 19:01 87,568 a------- c:\windows\system32\drivers\VBoxNetFlt.sys
2009-03-14 19:00 41,744 a------- c:\windows\system32\drivers\VBoxUSBMon.sys
2009-03-14 19:00 <DIR> --d----- c:\program files\Sun
2009-03-14 10:20 96,760 a------- c:\windows\system32\dfshim.dll
2009-03-14 10:20 282,112 a------- c:\windows\system32\mscoree.dll
2009-03-14 10:20 41,984 a------- c:\windows\system32\netfxperf.dll
2009-03-14 10:19 158,720 a------- c:\windows\system32\mscorier.dll
2009-03-14 10:19 83,968 a------- c:\windows\system32\mscories.dll

==================== Find3M ====================

2009-04-10 01:31 3,580 a------- c:\windows\bthservsdp.dat
2009-04-10 00:41 143,360 a------- c:\windows\inf\infstrng.dat
2009-04-10 00:41 51,200 a------- c:\windows\inf\infpub.dat
2009-04-10 00:41 86,016 a------- c:\windows\inf\infstor.dat
2009-04-01 20:16 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-04-01 19:45 22,328 a------- c:\users\thomas\appdata\roaming\PnkBstrK.sys
2009-04-01 19:44 2,246,144 a------- c:\windows\system32\pbsvc.exe
2009-03-08 07:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 07:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 07:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 07:33 109,056 a------- c:\windows\system32\iesysprep.dll
2009-03-08 07:33 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-03-08 07:33 132,608 a------- c:\windows\system32\ieUnatt.exe
2009-03-08 07:33 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 07:33 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 07:33 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-03-08 07:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 07:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 07:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 07:32 66,560 a------- c:\windows\system32\wextract.exe
2009-03-08 07:32 169,472 a------- c:\windows\system32\iexpress.exe
2009-03-08 07:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 07:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 07:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 07:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-03 14:19 39,184 a------- c:\windows\system32\drivers\TfSysMon.sys
2009-03-03 14:19 33,040 a------- c:\windows\system32\drivers\TfNetMon.sys
2009-03-03 14:19 12,560 a------- c:\windows\system32\drivers\TfKbMon.sys
2009-03-03 14:19 51,472 a------- c:\windows\system32\drivers\TfFsMon.sys
2009-03-02 13:23 87,608 a------- c:\users\thomas\appdata\roaming\inst.exe
2009-03-02 13:23 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-03-02 13:23 47,360 a------- c:\users\thomas\appdata\roaming\pcouffin.sys
2009-03-02 01:06 268,435,456 a--sh--- C:\WinPEpge.sys
2009-02-24 15:34 90,112 a------- c:\windows\system32\dpl100.dll
2009-02-24 15:34 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-02-24 15:34 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-02-24 15:34 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-02-24 15:34 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-02-24 15:34 684,032 a------- c:\windows\system32\DivX.dll
2009-02-18 20:31 139,735 a------- c:\windows\hpoins15.dat
2009-02-16 17:47 31,824 a------- c:\windows\system32\drivers\VBoxUSB.sys
2009-02-08 23:10 2,033,152 a------- c:\windows\system32\win32k.sys
2009-02-06 19:03 307,576 a------- c:\windows\WLXPGSS.SCR
2009-01-26 19:49 1,510 a------- c:\windows\Sketchpad Preferences.dat
2009-01-23 21:16 2,139,136 a------- c:\windows\system32\propshts.dll
2009-01-23 21:16 691,200 a------- c:\windows\system32\gpprefbr.dll
2009-01-23 21:16 222,720 a------- c:\windows\system32\gpregistrybrowser.dll
2009-01-23 21:16 3,834,880 a------- c:\windows\system32\gppref.dll
2009-01-23 21:16 202,240 a------- c:\windows\system32\gpprefcn.dll
2008-11-28 19:44 262,144 a------- c:\progra~2\ntuser.dat
2008-08-21 12:11 61,224 a------- c:\users\thomas\GoToAssistDownloadHelper.exe
2008-06-10 20:32 665,600 a------- c:\windows\inf\drvindex.dat
2008-05-05 20:46 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-05-07 22:21 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-05-07 22:21 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-05-07 22:21 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2008-05-08 17:08 4,372,512 a--sh--- c:\windows\system32\drivers\fidbox(56).dat
2007-02-21 15:49 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 15:06:48.90 ===============

Attached Files


Edited by tompic823, 10 April 2009 - 10:10 AM.


BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:12:35 PM

Posted 24 April 2009 - 12:17 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 tompic823

tompic823
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 25 April 2009 - 11:30 AM

Alright so my new dds.txt is as follows and I attached my attach.txt in a zip file as stated in the instructions given by the popup after running the dds script.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Thomas at 16:22:37.29 on Sun 04/26/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07
Microsoft® Windows Vista™ Home Premium 6.0.6001.3.1252.1.1033.18.3325.2192 [GMT -4:00]

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
AV: ThreatFire *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\PowerPanel Business Edition\bin\ppbed.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_6fa9efce\STacSV.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\dllhost.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\System32\TUProgSt.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\SetPoint\LBTWiz.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\PowerPanel Business Edition\bin\ppbeuser.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\rundll32.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\dllhost.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\Windows\System32\msdtc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Thomas\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [i8kfangui] c:\program files\i8kfangui\I8kfanGUI.exe /startup
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [<NO NAME>]
mRun: [Logitech BT Wizard] LBTWiz.exe -silent
mRun: [ppbeuser] c:\program files\powerpanel business edition\bin\ppbeuser.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
AppInit_DLLs:

================= FIREFOX ===================

FF - ProfilePath - c:\users\thomas\appdata\roaming\mozilla\firefox\profiles\6z21t4ci.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll

---- FIREFOX POLICIES ----

============= SERVICES / DRIVERS ===============

R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2008-10-24 293632]
R0 MDPMGRNT;MacDrive partition driver;c:\windows\system32\drivers\MDPMGRNT.SYS [2008-10-24 19072]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2008-5-3 51472]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2008-5-3 39184]
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2008-12-20 14464]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-3-14 100560]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-3-14 41744]
R2 MacDriveService;MacDrive service;c:\program files\mediafour\macdrive 7\MacDriveService.exe [2008-9-2 150528]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2008-6-12 210216]
R2 ppbed;PowerPanel Business Edition Service;c:\program files\powerpanel business edition\bin\ppbed.exe [2009-4-10 184320]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2006-11-2 7168]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2008-12-19 603904]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-7-8 24652]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2008-7-26 42280]
R3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2007-12-20 1553904]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2008-5-3 33040]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-3-14 87568]
S3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNIMP50.sys [2008-5-3 21504]
S3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNISP50.sys [2008-5-3 20480]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2007-4-5 17920]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2007-1-23 7680]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-6-27 335872]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2008-1-7 25088]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2009-2-16 31824]
S3 WMSvc;Web Management Service;c:\windows\system32\inetsrv\WMSvc.exe [2008-5-3 11264]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111v.sys [2008-8-4 904192]
S3 xbreader;ActionReplay XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [2008-10-26 19677]

=============== Created Last 30 ================

2009-04-14 16:45 <DIR> --d----- c:\program files\NeoSmart Technologies
2009-04-13 17:17 <DIR> --d----- c:\users\thomas\appdata\roaming\Xfire
2009-04-13 17:16 <DIR> --d----- c:\programdata\Xfire
2009-04-13 17:16 <DIR> --d----- c:\progra~2\Xfire
2009-04-13 17:16 <DIR> --d----- c:\program files\Xfire
2009-04-10 19:23 41,808 a------- c:\windows\system32\xfcodec.dll
2009-04-10 00:32 <DIR> --d----- c:\program files\PowerPanel Business Edition
2009-04-09 17:44 <DIR> --d----- c:\program files\common files\DivX Shared
2009-04-07 13:46 <DIR> --d----- C:\.Trashes
2009-04-07 13:46 4,096 -------- C:\._.Trashes
2009-04-06 16:17 <DIR> --d----- C:\.jagex_cache_32
2009-04-04 12:46 <DIR> --d----- c:\programdata\NVIDIA
2009-04-04 12:39 <DIR> --d----- c:\windows\system32\AGEIA
2009-04-04 12:39 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-04-04 12:39 1,108,512 a------- c:\windows\system32\nvcpluir.dll
2009-04-04 12:39 797,216 a------- c:\windows\system32\nvcplui.exe
2009-04-04 12:39 420,384 a------- c:\windows\system32\nvcpl.cpl
2009-04-04 12:36 446,464 a------- c:\windows\system32\NVUNINST.EXE
2009-04-03 22:44 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-04-03 22:44 266,088 a------- c:\windows\system32\xactengine2_8.dll
2009-04-01 19:33 <DIR> --d----- c:\programdata\id Software
2009-04-01 19:33 <DIR> --d----- c:\progra~2\id Software
2009-03-29 12:53 7,168 a------- c:\windows\DellBIOS.Sys
2009-03-28 18:56 <DIR> --d----- C:\PCTemp
2009-03-28 18:55 <DIR> --d----- C:\PowerPanel
2009-03-28 09:17 97,800 a------- c:\windows\system32\infocardapi.dll
2009-03-28 09:17 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-03-28 09:17 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-03-28 09:17 622,080 a------- c:\windows\system32\icardagt.exe
2009-03-28 09:17 11,264 a------- c:\windows\system32\icardres.dll
2009-03-28 09:17 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-03-28 09:17 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-03-28 09:16 326,160 a------- c:\windows\system32\PresentationHost.exe

==================== Find3M ====================

2009-04-26 13:30 2,484 a------- c:\windows\bthservsdp.dat
2009-04-26 12:45 138,920 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-04-26 12:44 189,072 a------- c:\windows\system32\PnkBstrB.exe
2009-04-20 23:36 143,360 a------- c:\windows\inf\infstrng.dat
2009-04-20 23:36 86,016 a------- c:\windows\inf\infstor.dat
2009-04-20 23:36 51,200 a------- c:\windows\inf\infpub.dat
2009-04-01 20:16 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-04-01 19:45 22,328 a------- c:\users\thomas\appdata\roaming\PnkBstrK.sys
2009-04-01 19:44 2,246,144 a------- c:\windows\system32\pbsvc.exe
2009-03-16 23:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-16 23:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-16 23:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-08 07:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 07:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 07:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 07:33 109,056 a------- c:\windows\system32\iesysprep.dll
2009-03-08 07:33 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-03-08 07:33 132,608 a------- c:\windows\system32\ieUnatt.exe
2009-03-08 07:33 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 07:33 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 07:33 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-03-08 07:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 07:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 07:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 07:32 66,560 a------- c:\windows\system32\wextract.exe
2009-03-08 07:32 169,472 a------- c:\windows\system32\iexpress.exe
2009-03-08 07:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 07:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 07:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 07:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-03 14:19 39,184 a------- c:\windows\system32\drivers\TfSysMon.sys
2009-03-03 14:19 33,040 a------- c:\windows\system32\drivers\TfNetMon.sys
2009-03-03 14:19 12,560 a------- c:\windows\system32\drivers\TfKbMon.sys
2009-03-03 14:19 51,472 a------- c:\windows\system32\drivers\TfFsMon.sys
2009-03-03 00:46 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-03 00:46 3,547,632 a------- c:\windows\system32\ntoskrnl.exe
2009-03-03 00:39 183,296 a------- c:\windows\system32\sdohlp.dll
2009-03-03 00:39 551,424 a------- c:\windows\system32\rpcss.dll
2009-03-03 00:39 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 00:37 98,304 a------- c:\windows\system32\iasrecst.dll
2009-03-03 00:37 54,784 a------- c:\windows\system32\iasads.dll
2009-03-03 00:37 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-03-02 23:04 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-02 22:38 17,408 a------- c:\windows\system32\iashost.exe
2009-03-02 13:23 87,608 a------- c:\users\thomas\appdata\roaming\inst.exe
2009-03-02 13:23 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-03-02 13:23 47,360 a------- c:\users\thomas\appdata\roaming\pcouffin.sys
2009-03-02 01:06 268,435,456 a--sh--- C:\WinPEpge.sys
2009-02-24 15:34 90,112 a------- c:\windows\system32\dpl100.dll
2009-02-24 15:34 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-02-24 15:34 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-02-24 15:34 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-02-24 15:34 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-02-24 15:34 684,032 a------- c:\windows\system32\DivX.dll
2009-02-18 20:31 139,735 a------- c:\windows\hpoins15.dat
2009-02-16 17:47 129,552 a------- c:\windows\system32\VBoxNetFltNotify.dll
2009-02-13 04:49 72,704 a------- c:\windows\system32\secur32.dll
2009-02-13 04:49 1,255,936 a------- c:\windows\system32\lsasrv.dll
2009-02-08 23:10 2,033,152 a------- c:\windows\system32\win32k.sys
2009-02-06 19:03 307,576 a------- c:\windows\WLXPGSS.SCR
2009-01-26 19:49 1,510 a------- c:\windows\Sketchpad Preferences.dat
2008-11-28 19:44 262,144 a------- c:\progra~2\ntuser.dat
2008-08-21 12:11 61,224 a------- c:\users\thomas\GoToAssistDownloadHelper.exe
2008-06-10 20:32 665,600 a------- c:\windows\inf\drvindex.dat
2008-05-05 20:46 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-05-07 22:21 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-05-07 22:21 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-05-07 22:21 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2008-05-08 17:08 4,372,512 a--sh--- c:\windows\system32\drivers\fidbox(56).dat
2007-02-21 15:49 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 16:24:58.88 ===============
Attached File  Attach.zip   2.95KB   23 downloads

#4 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:12:35 PM

Posted 25 April 2009 - 09:00 PM

Howdy, my name is Hoov, and I will be helping you with your dilemma.

Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread.

Here is what I am asking you to do during the repair of your computer

*Tell me everything that you have done, if anything, to try and fix this problem.

*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it.

*Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

*Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.

Now onto trying to fix your computer.

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Is this causing any other problems with the computer? Are there any other problems with the computer? Was this Vista installation an update from XP SP3?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#5 tompic823

tompic823
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 25 April 2009 - 10:27 PM

This is not causing any other problem besides for the computer being listed service pack 3. This Vista Install was a clean install. To try to fix the problem, I have all updates installed including Critical, Important, and Recommended. I also ran scans with ThreatFire, Avira Antivir, Windows Defender, and the latest version of Windows Malicious Software Removal Tool. They all found nothing. I also downloaded Malware AntiBytes and ran a quick scan which found nothing. I am pretty tech savvy if that makes a difference so I should be able to follow anything you suggest. Thanks for the help and I am looking forward to working with you on this issue.

#6 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:12:35 PM

Posted 25 April 2009 - 11:05 PM

Did you run the Windows 7 Beta on a virtual machine? Any other beta software? IE8? Do you remember about when this first appeared? Did you get a virus or other malware at about the same time? Do you recall anything odd happening? Do you know how to edit the registry? If so I need you to go to the following key, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion and export the entire branch to a text file, and then attach that to your next reply.

I need you to go to the administration tools in Vista. They are in the Control Panel. Open the Admin tools, then open the event viewer. Over on the left hand side expand the window category and then click on System. Then up at the top click on Action and then click on Save Events As, type in system as the file name, make sure file type EVTX is selected, and then navigate so it will save the file to your desktop, then click save. Over on the left hand side and click on Application. Then up at the top click on Action and then click on Save Events As, type in application as the file name, make sure file type EVTX is selected, and then navigate so it will save the file to your desktop, then click save. Zip them both up into a single zip file, post them back here in your next reply as attachments.

Please download RunScanner
  • Save it to a folder you create such as C:\Runscanner (this assumes Windows is installed on your C: drive).
  • Launch Runscanner by double-clicking runscanner.exe within the C:\Runscanner folder.
  • Vista users must also click Continue to open Runscanner when prompted by User Account Control (UAC)
  • Check Beginner Mode
  • Click Scan computer
  • Your will see a "Runscanner scan in progress" window displayed while Runscanner scans your system
  • At the conclusion of the scan, save the run file called runscanner.run to your documents folder or directly to the Runscanner folder. This is the file you will need to upload.
  • A runscanner.log file will automatically open in Notepad. Just close the Notepad window because, it is ONLY the runscanner.run file that we are interested in.
  • Next, zip up the runscanner.run file that you just saved.
  • I want you to upload the zipped runscanner.run file as an attachment in your next reply
  • To do that choose "Additional Options" under "Post Reply"
  • Browse to the zipped RUN file location and then click the "Post" button to attach the file.
  • I will review the run file, and then upload it back to you with items marked for deletion.
  • Please await my directions and the returned RUN file, and do not delete anything in the interim
If you want, go ahead and ZIP the registry text file and then runscanner log, and the event viewer logs into a single file and attach it.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#7 tompic823

tompic823
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 26 April 2009 - 11:56 AM

To answer your questions in order, yes I did run Windows 7 on a virtual machine although I removed it about 2 months ago which might be about the time I realized the problem although I'm not entirely sure. I then installed Windows 7 on a separate partition but also removed that about a month ago. I also do have IE8 installed, but I never installed the Beta, only the Stable release. From what I can tell I did not get a virus nor do I have one. And yes, I do know how to edit the registry. When navigating to the branch you indicated, a saw a string stating that the system was Service Pack 3.
I have put the runprocess.run file, the exported registry data, and the two even viewer logs into one zip file. Unfortunately it is almost 7mb so this site would not let me upload it. I instead uploaded it to mediafire and the link is http://www.mediafire.com/?dy34mnyzzmy

#8 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:12:35 PM

Posted 26 April 2009 - 02:20 PM

After looking thru your logs and doing some research, I believe that you have more problems than you suspect. You actually have log entries in the event viewer from before Vista was released to the public. Also you have a boatload of snmp errors, and a boatload of Disk errors. At first I thought you had purely an indication problem, now I believe you have some sort of corruption problem. Could be a bad defrag, or bad install, or it could be the harddrive going bad, or malware. I honestly didn't expect to see what you sent me.

So the first thing I would like you to do is to check the harddrive.
1. Double-click My Computer, and then right-click the hard disk that you want to check.
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Use one of the following procedures:
* To run Chkdsk in read-only mode, click Start.
* To repair errors without scanning the volume for bad sectors, select the Automatically fix file system errors check box, and then click Start.
* To repair errors, locate bad sectors, and recover readable information, select the Scan for and attempt recovery of bad sectors check box, and then click Start.
Note If one or more of the files on the hard disk are open, you will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, and then restart your computer to start the disk check.

Next is to run a scan on the harddrive to make sure there are no problems with the software.
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

Next I need you to go back into the event viewer and clear the logs. Click on each of the windows logs, and then click on action and select clear log. You can save the log if you want.

Next, install the SNMP service

1. Open Windows Components wizard.
2. In Components, click Management and Monitoring Tools (but do not select or clear its check box), and then click Details.
3. Select the Simple Network Management Protocol check box, and click OK.
4. Click Next.

Notes

* To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.
* To open the Windows Components Wizard, click Start, click Control Panel, double-click Add or Remove programs, and then click Add/Remove Windows Components.
* Certain Windows components require configuration before they can be used. If you installed one or more of these components but did not configure them, when you click Add/Remove Windows Components, a list of components that need to be configured is displayed. To start the Windows Components Wizard, click Components.
* SNMP starts automatically after installation.

Last if you have the Vista install DVD, put it into the drive and then go to the run command and type in SFC /scannow .

Once all that is done, go back to the registry entry from before and see if it still says Service Pack 3. If it does, change it to Service Pack 1.

Reboot the computer.

When you are done, run runscanner again and attach a run log to the next post. Also paste in the results from Malwarebytes' Anti-Malware, and let me know how the sfc scan and the disk scan went. Also go back into the event viewer and check to see if there were any entries made after the reboot. Let me know if there were any errors.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#9 tompic823

tompic823
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 26 April 2009 - 03:28 PM

When inserting the install dvd and running sfc /scannow a command prompt window appears for less than second and then disappears. I get the same result when running the command with administrative privileges. I was also not able to enable SNMP because when launching Windows Add/Remove components and allowing it to load, there were no items on the screen. The window was completely blank.
The registry entry still said Service Pack 3 so I changed the string to service Pack 1 and upon rebooting it said Service Pack 3 again.
Disk Scan did not find any bad sectors or files and this is probably because I run a chkdsk at least once a month and I am on a 2 month old Hard Drive.
For event viewer, after rebooting and logging in the Applications field had 3 errors and system had one. I attached the logs again in a zip file. The link for them is http://www.mediafire.com/?jgwghjygmyy

At this point if you think its best to do so, I can just do a clean install of Vista. I have no problem doing that. I also want to let you know that I have OS X running on the PC too so Windows isn't the Boot Partition.

The malwarebytes antimalware log is as follows

Malwarebytes' Anti-Malware 1.36
Database version: 2045
Windows 6.0.6001 Service Pack 3

4/27/2009 7:58:54 PM
mbam-log-2009-04-27 (19-58-54).txt

Scan type: Quick Scan
Objects scanned: 80927
Time elapsed: 2 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Attached File  runscanner.run.zip   200.52KB   24 downloads

#10 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:12:35 PM

Posted 26 April 2009 - 04:16 PM

At this point if you think its best to do so, I can just do a clean install of Vista. I have no problem doing that. I also want to let you know that I have OS X running on the PC too so Windows isn't the Boot Partition.


Well, it may not come to this, although with Vista not being on the boot partition, I am a little bit less willing to take chances.

Is windows running on a virtual machine in OS X? Or do you have a boot loader that gives you the option to change OS's?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#11 tompic823

tompic823
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 26 April 2009 - 04:27 PM

I am using Chameleon which is a bootloader that allows you to run multiple OS's (each on its own partition) and you can choose which to boot from. At any time though I can set Vista as the active partition because the vista bootloader is still intact so please do not be hesitant to try anything. I have become sort of a pro on this OS X and windows dualbooting stuff so I can tell you that nothing you do to the system will have any effect on the other OS's or Windows ability to boot from Chameleon. I am willing to take any chances regarding the system to get it working properly again and I have multiple backups of OS X in multiple locations so by all means just let me know what I have to do.

#12 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:12:35 PM

Posted 26 April 2009 - 07:55 PM

OK, just so that you are aware.

First I need you to run combofix.

* Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


Is there any other strange thing that you have noticed? Even if it is something you have figured out a workaround?

About the SFC, do you have a windows disk or one of those system restore disks?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#13 tompic823

tompic823
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 26 April 2009 - 10:08 PM

I am going to run the combofix tomorrow when I get home from school (probably around 4:30 EST) so I'll get back to you then. For your other questions, I guess the only strange thing I can think of off the top of my head is that Windows Add/Remove components is blank even after loading. And yes, I have the Windows Install disc. I do not have a system restore disc because my computer is from Dell so they do that restore partition crap and no way am I giving up 10gb for a backup of the OS with some drivers that I can get from dell.com. I think you can see how I feel about that lol. Thanks for the continued help and like I said, I'll get back to you tomorrow.

#14 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:12:35 PM

Posted 27 April 2009 - 02:34 AM

I think you can see how I feel about that lol.


:thumbup2: :) Another nut like me. When I ordered my laptop and told them I wanted all the OEM CD's, the person on the phone was shocked that I wanted them. Then when I told her the first thing I was going to do when I got the computer, was to run FDISK and get rid of their junk, then split the harddrive up and format, she acted like I was some lunatic.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#15 tompic823

tompic823
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 27 April 2009 - 05:36 AM

On multiple occasions (For my laptop) I have called them to get the OEM discs so now I have about 5 Vista Install discs each with the drivers and all that other crap. This way one goes in the dell box in storage, one in laptop case, one in the bedroom by the desktop, and I forget what I did with the other two.
Anyway, I had time to run the combofix before school (now) so attached is the log.
Attached File  log.txt   29.53KB   17 downloads




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users