Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow computer / HDD constantly running/searching


  • This topic is locked This topic is locked
6 replies to this topic

#1 JonnyBGoode

JonnyBGoode

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 14 April 2009 - 01:14 PM

Here's my HJT log, any help is greatly appreciated, thanks!

Jon

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:12, on 04/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {54A11BF8-808E-4A39-9FED-380B391AC5D4} - (no file)
O2 - BHO: (no name) - {5d8d8ec3-6c1c-4299-9843-d912e96e4668} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} - (no file)
O2 - BHO: (no name) - {D6B95EBE-4394-4363-91EA-1EA61A120CE9} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {DED378A2-6C25-4B52-AA75-1F75E475B6BC} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {E9B9D274-4DBE-46A1-86BB-45106496B2A4} - (no file)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [940bf0d7] rundll32.exe "C:\WINDOWS\system32\yqfgaokb.dll",b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SecureZIP Attachments Status.lnk = C:\Program Files\PKWARE\PKZIPM\12.30.0016\PKTray.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.6.0_04) -
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_...upv2.0.0.11.cab?
O17 - HKLM\System\CCS\Services\Tcpip\..\{778FBB9B-A1C0-4148-9487-03EC33FBFC90}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{F76495B6-6A00-423D-8F31-3139E855FDFD}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{778FBB9B-A1C0-4148-9487-03EC33FBFC90}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate1c965da805d7d3a) (gupdate1c965da805d7d3a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8571 bytes

BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:02:58 AM

Posted 27 April 2009 - 01:46 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 JonnyBGoode

JonnyBGoode
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 27 April 2009 - 07:45 PM

Thanks for the response, here's the results:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Jon at 20:42:34.17 on 04/27/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1527.998 [GMT -4:00]

AV: avast! antivirus 4.8.1335 [VPS 090427-0] *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\StkASv2K.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Jon\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

mDefault_Page_URL = hxxp://www.google.com/
mDefault_Search_URL = hxxp://www.google.com/
mSearch Page = hxxp://www.google.com/
mLocal Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://www.google.com/
mCustomizeSearch = hxxp://www.google.com/
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {54A11BF8-808E-4A39-9FED-380B391AC5D4} - No File
BHO: {5d8d8ec3-6c1c-4299-9843-d912e96e4668} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} - No File
BHO: {D6B95EBE-4394-4363-91EA-1EA61A120CE9} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {DED378A2-6C25-4B52-AA75-1F75E475B6BC} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {E9B9D274-4DBE-46A1-86BB-45106496B2A4} - No File
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [Google Update] "c:\documents and settings\jon\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [<NO NAME>]
mRun: [940bf0d7] rundll32.exe "c:\windows\system32\yqfgaokb.dll",b
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\jon\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secure~1.lnk - c:\program files\pkware\pkzipm\12.30.0016\PKTray.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://cvs.pnimedia.com/upload/activex/v2_0_0_11/PCAXSetupv2.0.0.11.cab?
TCP: NameServer = 208.67.220.220,208.67.222.222
TCP: {778FBB9B-A1C0-4148-9487-03EC33FBFC90} = 208.67.220.220,208.67.222.222
TCP: {F76495B6-6A00-423D-8F31-3139E855FDFD} = 208.67.220.220,208.67.222.222
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jon\applic~1\mozilla\firefox\profiles\rjb5i9rq.default\
FF - prefs.js: browser.search.selectedEngine - MyHeritage Search
FF - prefs.js: browser.startup.homepage - hxxp://search.myheritage.com/
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\jon\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\jon\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npdeploytk.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npdivx32.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npDivxPlayerPlugin.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npLegitCheckPlugin.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npnul32.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npOGAPlugin.dll
FF - plugin: c:\progra~1\mozill~1\plugins\nppdf32.dll
FF - plugin: c:\progra~1\mozill~1\plugins\nppl3260.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin2.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin3.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin4.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin5.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin6.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin7.dll
FF - plugin: c:\progra~1\mozill~1\plugins\nprjplug.dll
FF - plugin: c:\progra~1\mozill~1\plugins\nprpjplug.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npsnapfish.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-3-31 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-3-31 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2007-9-25 138680]
S2 gupdate1c965da805d7d3a;Google Update Service (gupdate1c965da805d7d3a);c:\program files\google\update\GoogleUpdate.exe [2008-12-24 133104]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2007-9-25 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2007-9-25 352920]
S3 Usblink;Usblink Driver;c:\windows\system32\drivers\ulink.sys [2008-11-3 37708]

=============== Created Last 30 ================

2009-04-15 05:57 473,088 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-15 05:57 399,360 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-15 05:57 283,648 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-15 05:57 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 05:57 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-15 05:57 60,416 -c------ c:\windows\system32\dllcache\colbact.dll
2009-04-15 05:57 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-15 05:57 616,960 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-15 05:57 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 05:55 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe

==================== Find3M ====================

2009-03-06 10:44 283,648 a------- c:\windows\system32\pdh.dll
2009-02-20 04:30 659,456 a------- c:\windows\system32\wininet.dll
2009-02-20 04:30 81,920 a------- c:\windows\system32\ieencode.dll
2009-02-09 06:20 723,456 a------- c:\windows\system32\lsasrv.dll
2009-02-09 06:20 399,360 a------- c:\windows\system32\rpcss.dll
2009-02-09 06:20 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 06:20 616,960 a------- c:\windows\system32\advapi32.dll
2009-02-09 06:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-06 13:24 2,180,480 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 13:14 110,592 a------- c:\windows\system32\services.exe
2009-02-06 12:54 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 12:49 2,057,728 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-03 16:08 55,808 a------- c:\windows\system32\secur32.dll
2007-12-19 10:10 207 a--sh--- c:\windows\system32\2483810424.dat

============= FINISH: 20:42:59.95 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 09/24/2007 19:24:12
System Uptime: 04/27/2009 07:31:18 (13 hours ago)

Motherboard: ECS | | Livermore
Processor: Intel® Celeron® D CPU 3.46GHz | CPU 1 | 3467/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 107.36 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP390: 01/28/2009 07:23:40 - System Checkpoint
RP391: 01/29/2009 07:06:56 - Software Distribution Service 3.0
RP392: 01/30/2009 08:03:59 - System Checkpoint
RP393: 01/31/2009 20:14:51 - Installed Java™ 6 Update 7
RP394: 01/31/2009 20:18:13 - Removed OpenOffice.org 2.4
RP395: 01/31/2009 20:20:48 - Installed OpenOffice.org 3.0
RP396: 02/03/2009 07:00:02 - System Checkpoint
RP397: 02/04/2009 07:24:49 - System Checkpoint
RP398: 02/05/2009 07:32:24 - System Checkpoint
RP399: 02/06/2009 08:23:14 - System Checkpoint
RP400: 02/07/2009 09:09:41 - System Checkpoint
RP401: 02/08/2009 14:48:14 - System Checkpoint
RP402: 02/10/2009 07:38:28 - System Checkpoint
RP403: 02/11/2009 08:19:54 - System Checkpoint
RP404: 02/12/2009 10:11:19 - System Checkpoint
RP405: 02/13/2009 11:08:40 - System Checkpoint
RP406: 02/14/2009 13:02:32 - System Checkpoint
RP407: 02/14/2009 23:15:01 - Software Distribution Service 3.0
RP408: 02/17/2009 07:27:47 - System Checkpoint
RP409: 02/18/2009 08:26:01 - System Checkpoint
RP410: 02/19/2009 10:49:25 - System Checkpoint
RP411: 02/20/2009 12:25:22 - System Checkpoint
RP412: 02/21/2009 14:42:00 - System Checkpoint
RP413: 02/22/2009 16:37:16 - System Checkpoint
RP414: 02/23/2009 17:40:24 - System Checkpoint
RP415: 02/24/2009 22:34:03 - System Checkpoint
RP416: 02/26/2009 01:53:48 - System Checkpoint
RP417: 03/02/2009 05:05:14 - System Checkpoint
RP418: 03/03/2009 06:59:15 - System Checkpoint
RP419: 03/03/2009 17:56:14 - Software Distribution Service 3.0
RP420: 03/03/2009 18:55:09 - Installed SecureZIP for Windows 12.30.0016.
RP421: 03/05/2009 07:08:32 - System Checkpoint
RP422: 03/06/2009 09:00:06 - System Checkpoint
RP423: 03/29/2009 10:59:43 - System Checkpoint
RP424: 03/30/2009 11:23:07 - System Checkpoint
RP425: 03/08/2009 10:03:31 - System Checkpoint
RP426: 03/09/2009 10:09:45 - System Checkpoint
RP427: 03/10/2009 11:47:49 - System Checkpoint
RP428: 03/11/2009 13:40:48 - System Checkpoint
RP429: 03/12/2009 14:01:12 - System Checkpoint
RP430: 03/13/2009 15:24:56 - System Checkpoint
RP431: 03/14/2009 12:31:16 - Software Distribution Service 3.0
RP432: 03/16/2009 07:16:25 - System Checkpoint
RP433: 03/17/2009 07:26:26 - System Checkpoint
RP434: 03/18/2009 07:41:43 - System Checkpoint
RP435: 03/19/2009 09:15:15 - System Checkpoint
RP436: 03/20/2009 09:31:18 - System Checkpoint
RP437: 03/20/2009 15:11:24 - Software Distribution Service 3.0
RP438: 03/21/2009 17:55:55 - System Checkpoint
RP439: 03/23/2009 07:46:24 - System Checkpoint
RP440: 03/24/2009 10:42:28 - System Checkpoint
RP441: 03/25/2009 11:48:02 - System Checkpoint
RP442: 03/26/2009 13:05:07 - System Checkpoint
RP443: 03/27/2009 15:04:53 - System Checkpoint
RP444: 03/28/2009 16:53:15 - System Checkpoint
RP445: 03/30/2009 07:31:07 - System Checkpoint
RP446: 03/31/2009 08:32:41 - System Checkpoint
RP447: 04/01/2009 10:14:51 - System Checkpoint
RP448: 04/02/2009 11:59:26 - System Checkpoint
RP449: 04/03/2009 13:12:42 - System Checkpoint
RP450: 04/04/2009 13:28:15 - System Checkpoint
RP451: 04/05/2009 18:11:23 - System Checkpoint
RP452: 04/06/2009 18:27:53 - System Checkpoint
RP453: 04/07/2009 18:37:40 - System Checkpoint
RP454: 04/08/2009 19:20:54 - System Checkpoint
RP455: 04/10/2009 07:26:25 - System Checkpoint
RP456: 04/12/2009 10:05:04 - System Checkpoint
RP457: 04/13/2009 20:13:57 - System Checkpoint
RP458: 04/15/2009 06:08:31 - System Checkpoint
RP459: 04/15/2009 23:27:44 - Software Distribution Service 3.0
RP460: 04/17/2009 00:38:54 - System Checkpoint
RP461: 04/19/2009 10:48:51 - System Checkpoint
RP462: 04/20/2009 12:37:26 - System Checkpoint
RP463: 04/21/2009 12:46:32 - System Checkpoint
RP464: 04/22/2009 15:47:55 - System Checkpoint
RP465: 04/23/2009 16:18:13 - System Checkpoint
RP466: 04/24/2009 16:25:40 - System Checkpoint
RP467: 04/27/2009 07:39:12 - System Checkpoint

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.3
AutoUpdate
Avance AC'97 Audio
avast! Antivirus
Baseball Mogul 2007
Boilosft AVI to VCD SVCD DVD Converter 3.81
BufferChm
Copy
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
D1300_Help
Data Fax SoftModem with SmartCP
Destination Component
DeviceDiscovery
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DJ_AIO_03_F2200_ProductContext
DJ_AIO_03_F2200_Software
DJ_AIO_03_F2200_Software_Min
ESPN Java Check
Eusing Free Registry Cleaner
F2200
F2200_Help
File Shredder 2.0
Google Chrome
Google Earth
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
Google Updater
GPBaseService
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 10.0
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Photo and Imaging 1.2 - Scanjet 4570c Series
HP Photosmart Essential
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
hph_readme
hph_software_req
HPPhotoSmartExpress
HPProductAssistant
HPSSupply
InfraRecorder
Intel® Graphics Media Accelerator Driver
Java™ 6 Update 11
Java™ 6 Update 7
Malwarebytes' Anti-Malware
MarketResearch
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
MobiMB Mobile Media Browser
Motorola Driver Installation 3.2.0
Mozilla Firefox (3.0.9)
MSVC80_x86
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
MY CAMERA
MyHeritage Family Tree Builder
Nokia Connectivity Cable Driver
Nokia Flashing Cable Driver
Nokia PC Suite
Nokia Software Updater
Nostalgia Baseball
Oblivion
OpenOffice.org 3.0
PC Connectivity Solution
PCLinq2 High-Speed USB Bridge Cable
Picasa 3
PL-2303 USB-to-Serial
PokerTH
PSSWCORE
QuickTime
RealPlayer
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Rhapsody Player Engine
Runesword 2.5.0
Scan
SecureZIP for Windows 12.30.0016
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
ShareIns
Shop for HP Supplies
SmartWebPrintingOC
SolutionCenter
Spybot - Search & Destroy
Status
TaxACT 2007
TaxACT 2008
TaxACT 2008 New York
TaxACT New York 2007
Toolbox
TrayApp
Ulead VideoStudio SE DVD
Unload
UnloadSupport
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
USB2.0 Capture Device
Verizon Online Help and Support
VideoToolkit01
WebFldrs XP
WebReg
WinAVI Video Converter
Windows Driver Package - Camera Maker (MR97310_USB_DUAL_CAMERA) Image (05/02/2006 2.0.1.0)
Windows Driver Package - Nokia Modem (10/27/2008 3.9)
Windows Driver Package - Nokia Modem (10/27/2008 7.01.0.1)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2

==== Event Viewer Messages From Past Week ========

04/20/2009 06:35:12, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.

==== End Of File ===========================

#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:07:58 AM

Posted 28 April 2009 - 02:55 PM

Hi JonnyBGoode

We need to clean up a few orphan entries in your log and need to look a bit deeper... let's do all this in one go:

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Thanks

BBPP6nz.png


#5 JonnyBGoode

JonnyBGoode
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 02 May 2009 - 08:00 AM

Thanks for the help so far; here's the Combofix results:

ComboFix 09-05-02.4 - Jon 05/02/2009 8:47.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1527.1033 [GMT -4:00]
Running from: c:\documents and settings\Jon\My Documents\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090501-0] *On-access scanning enabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-04-02 to 2009-05-02 )))))))))))))))))))))))))))))))
.

2009-04-28 00:57 . 2009-04-28 00:57 -------- d-----w c:\program files\Common Files\PCSuite
2009-04-28 00:56 . 2008-08-26 14:26 18816 ----a-w c:\windows\system32\drivers\pccsmcfd.sys
2009-04-28 00:56 . 2009-04-28 00:56 -------- d-----w c:\program files\PC Connectivity Solution
2009-04-17 02:22 . 2009-04-17 02:27 -------- d-----w c:\documents and settings\Sveta\Application Data\HPAppData
2009-04-15 20:27 . 2009-04-15 20:27 -------- d-----w c:\documents and settings\Samantha\Application Data\PKWARE
2009-04-15 09:57 . 2009-03-06 14:44 283648 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 09:57 . 2005-07-26 04:39 60416 -c----w c:\windows\system32\dllcache\colbact.dll
2009-04-15 09:57 . 2009-02-09 10:20 399360 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 09:57 . 2009-02-06 17:14 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 09:57 . 2009-02-09 10:20 473088 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 09:57 . 2009-02-06 16:39 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 09:57 . 2009-02-09 10:20 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 09:57 . 2009-02-09 10:20 616960 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 09:57 . 2009-02-09 10:20 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 09:55 . 2008-04-21 10:02 215552 -c----w c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-02 12:46 . 2007-09-24 23:22 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-02 12:43 . 2009-03-23 17:28 868 ----a-w c:\windows\Tasks\Google Software Updater.job
2009-05-02 12:43 . 2008-12-24 15:15 882 ----a-w c:\windows\Tasks\GoogleUpdateTaskMachine.job
2009-05-02 02:57 . 2009-02-22 21:14 918 ----a-w c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1004336348-682003330-1003.job
2009-04-30 00:56 . 2007-10-20 18:22 31064 ----a-w c:\documents and settings\Jon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-28 00:57 . 2009-01-27 00:30 -------- d-----w c:\program files\Common Files\Nokia
2009-04-28 00:57 . 2009-01-27 00:30 -------- d-----w c:\program files\Nokia
2009-04-13 02:32 . 2009-03-03 22:54 -------- d-----w c:\program files\Nostalgia Baseball
2009-03-30 11:40 . 2007-11-07 19:57 31064 ----a-w c:\documents and settings\Sveta\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-26 00:35 . 2008-09-13 14:26 -------- d-----w c:\program files\PokerTH
2009-03-21 20:38 . 2009-03-21 20:38 -------- d-----w c:\program files\JRE
2009-03-21 20:38 . 2009-02-01 01:20 -------- d-----w c:\program files\OpenOffice.org 3
2009-03-21 01:56 . 2009-03-21 01:56 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-15 01:17 . 2009-03-15 01:11 -------- d-----w c:\program files\MyHeritage
2009-03-06 14:44 . 2002-08-29 01:41 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-03 23:55 . 2009-03-03 23:55 -------- d-----w c:\program files\PKWARE
2009-03-03 23:55 . 2009-03-03 23:55 -------- d-----w c:\program files\Common Files\PKWARE
2009-02-20 08:30 . 2008-11-29 17:25 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-20 08:30 . 2002-08-29 01:41 659456 ----a-w c:\windows\system32\wininet.dll
2009-02-09 11:37 . 2009-01-27 00:30 91136 ----a-w c:\windows\system32\nmwcdcls.dll
2009-02-09 10:20 . 2003-08-25 18:53 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2002-08-29 01:41 723456 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2003-05-01 23:56 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:20 . 2002-08-29 01:40 616960 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:19 . 2002-10-23 15:55 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-06 17:24 . 2003-04-24 15:57 2180480 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 17:14 . 2001-08-23 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 16:54 . 2001-08-23 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 16:49 . 2003-04-24 15:57 2057728 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 20:08 . 2002-08-29 01:41 55808 ----a-w c:\windows\system32\secur32.dll
2007-12-19 14:10 . 2007-10-04 14:06 207 --sha-w c:\windows\system32\2483810424.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Google Update"="c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-22 133104]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2007-08-24 159744]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

c:\documents and settings\Jon\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
SecureZIP Attachments Status.lnk - c:\program files\PKWARE\PKZIPM\12.30.0016\PKTray.exe [2009-3-3 275792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UVS10 Preload"=c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Sveta\\Application Data\\Mail.Ru\\Agent\\magent.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\Jon\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Jon\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8c5a228-b240-11dc-b4ed-001921ce9406}]
\Shell\AutoRun\command - LinksysConnectPC.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-19 17:28]

2009-05-02 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-24 11:05]

2009-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1004336348-682003330-1003.job
- c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-22 21:13]
.
- - - - ORPHANS REMOVED - - - -

BHO-{54A11BF8-808E-4A39-9FED-380B391AC5D4} - (no file)
BHO-{5d8d8ec3-6c1c-4299-9843-d912e96e4668} - (no file)
BHO-{D6B95EBE-4394-4363-91EA-1EA61A120CE9} - (no file)
BHO-{DED378A2-6C25-4B52-AA75-1F75E475B6BC} - (no file)
BHO-{E9B9D274-4DBE-46A1-86BB-45106496B2A4} - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_03\bin\jusched.exe
HKLM-Run-940bf0d7 - c:\windows\system32\yqfgaokb.dll


.
------- Supplementary Scan -------
.
mLocal Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {778FBB9B-A1C0-4148-9487-03EC33FBFC90} = 208.67.220.220,208.67.222.222
TCP: {F76495B6-6A00-423D-8F31-3139E855FDFD} = 208.67.220.220,208.67.222.222
FF - ProfilePath - c:\documents and settings\Jon\Application Data\Mozilla\Firefox\Profiles\rjb5i9rq.default\
FF - prefs.js: browser.search.selectedEngine - MyHeritage Search
FF - prefs.js: browser.startup.homepage - hxxp://search.myheritage.com/
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\Jon\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npdeploytk.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npdivx32.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npDivxPlayerPlugin.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npLegitCheckPlugin.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npnul32.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npOGAPlugin.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\nppdf32.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\nppl3260.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin2.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin3.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin4.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin5.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin6.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin7.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\nprjplug.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\nprpjplug.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npsnapfish.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-02 08:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2924)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-02 8:51
ComboFix-quarantined-files.txt 2009-05-02 12:50
ComboFix2.txt 2008-01-16 03:10

Pre-Run: 115,182,796,800 bytes free
Post-Run: 115,234,967,552 bytes free

185 --- E O F --- 2009-04-16 03:30

#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:07:58 AM

Posted 02 May 2009 - 08:21 AM

Hi JonnyBGoode

Step 1
Please download ATF Cleaner by Atribune. (This program is for XP, Vista and Windows 2000 )Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
Then:
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Then:
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Step 2
Please do an online scan with Kaspersky WebScanner.
Notes
Java must be installed and enabled for the scan to work.
Disable your computer's antivirus program as leaving it active will cause conflicts
  • Close ALL programs and windows except for your browser
    Please go to Online Kaspersky Scan and perform an online antivirus scan.
  • Read through the Requirements and limitations statement and click on the Accept button.
  • You will be prompted to install an application from Kaspersky. Click the Run button. It will start downloading and installing the scanner and virus definitions.
  • When the downloads have finished, the scrolling window will show 'Database is updated. Ready to scan'. Click on the Settings button at the bottom left.
  • Make sure these boxes are checked/ticked. If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan on the left. OK any warnings from your protection programs.
  • Go for a long walk. Please be patient and let the scanner finish. It is better that you do NOT use the computer while the scan is running. Keep all other programs/windows closed.
  • Once the scan is complete (the 'status' will show complete), click on View Scan Report and any infected objects will be shown.
  • Click on Save Report As... and change the Files of type to Text file (.txt)
  • Name the file KAVScan-ddmmyy before clicking on the Save button. Save the report to a convenient place - for example the Desktop.
  • Please post this log in your next reply.
Note - enable your antivirus program before browsing away from the Kaspersky site.

Go to the Desktop and double-click on the Kaspersky report KAVScan-ddmmyy.txt, it will open in Notepad
Click Edit > Select all then Edit > Copy
Reply to this thread and paste (Ctrl+V) the report.

In your next reply, please submit:
Kaspersky scan report

and let me know how your system is running now.


Thanks.

BBPP6nz.png


#7 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:07:58 AM

Posted 13 May 2009 - 02:29 PM

Due to the lack of feedback, this Topic will now be closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users