Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow startup of computer


  • This topic is locked This topic is locked
16 replies to this topic

#1 ashmash132

ashmash132

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 16 April 2009 - 10:37 AM

Hello everybody..

This is my first post. Hope you will appreciate my effort to join your esteemed community.

I will do my best to adhere to your rules and regulations.

Now to my problem:

For the last one week, my computer has become very slow during booting and take nearly 10 minutes to startup fully. I am enclosing hijackthis log for your information. Kindly advice me on the problem for which I will be obliged to all of you.

Manoj

Attached Files



BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:12:47 PM

Posted 01 May 2009 - 09:58 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 ashmash132

ashmash132
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 10 May 2009 - 10:01 AM

Respected Sir,

Kindly refer to topic 219860.

I am extremely sorry in replying back as I was away for some office work.

I therefore request you to kindly relook into my problem.

As directed I have run dds.scr. The logs created are enclosed for your reference,

kindly help me to solve the problem.

Thanks

Manoj

Attached Files



#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:47 PM

Posted 10 May 2009 - 11:58 AM

Hi ashmash132,

I see you have some P2P file sharing software installed there. Nowadays major part of infections are received from P2P networks. That's why I recommend to uninstall such software.



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 13.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version. Uncheck MSN toolbar if it's offered there.

Download ATF (Atribune Temp File) Cleanerę by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.



Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Read the requirements and privacy statement then click on the Accept button.
  • The program will launch and start to download the latest definition files.
  • You will be prompted to install an application from Kaspersky. Click Run
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • Click on Save Report As....
  • Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Save this report to a convenient place.
  • Copy and paste that information into your topic. Post a fresh dds.txt log too. Have you defragged hard drive lately?
  • The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.
If you need a tutorial, see here

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 ashmash132

ashmash132
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 14 May 2009 - 08:43 AM

Hello Blade81.

Thanks for all the help extended. As per your directions, I have done the following.

1. I have updated my Java as per the procedure suggested.

2. Run the ATF Cleaner.

3. Scanned the PC using Kaspersky online scanner. The scan report in txt format is pasted below.



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, May 14, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, May 14, 2009 02:26:54
Records in database: 2174656
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Files scanned: 57063
Threat name: 16
Infected objects: 25
Suspicious objects: 0
Duration of the scan: 03:21:03


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Documents\Norton Internet Security 2009 + 32bit Trial reset Crack\NIS09EN.exe Infected: Trojan.Win32.Agent.adzr 1
C:\Documents and Settings\kcm\My Documents\Norton Internet Security 2009 + 32bit Trial reset Crack\NIS09EN.exe Infected: Trojan.Win32.Agent.adzr 1
C:\Documents and Settings\kcm\My Documents\Norton Internet Security 2009 + 32bit Trial reset Crack.rar Infected: Trojan.Win32.Agent.adzr 1
C:\New Folder\games\games\pokemongames\sol3d.exe Infected: not-a-virus:AdWare.Win32.ShowBehind.a 1
C:\New Folder\games\games\pokemongames\sol3d.exe Infected: Trojan-Clicker.Win32.Delf.ar 1
C:\New Folder\games\games\pokemongames\sol3d.exe Infected: not-a-virus:AdWare.Win32.JumpGate.a 1
C:\New Folder\games\games\screensavers\Pikachu_Poke_Mon.exe Infected: not-a-virus:AdWare.Win32.Quick.a 1
C:\New Folder\games\games\screensavers\Pikachu_Poke_Mon.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\New Folder\games\games\screensavers\Pikachu_Poke_Mon.exe Infected: not-a-virus:AdWare.Win32.EZula.a 1
C:\New Folder\games\games\screensavers\Pikachu_Poke_Mon.exe Infected: not-a-virus:AdWare.Win32.Gator.3103 1
C:\New Folder\games\games\screensavers\Pikachu_Poke_Mon.exe Infected: Trojan-Dropper.Win32.Small.ff 1
C:\New Folder\games\games\screensavers\pokemon_mj.exe Infected: not-a-virus:AdWare.Win32.180Solutions 1
C:\New Folder\games\games\screensavers\pokemon_mj.exe Infected: Backdoor.Win32.Ruledor.c 1
C:\New Folder\games\games\screensavers\pokemon_mj.exe Infected: Trojan-Dropper.Win32.Mudrop.r 1
C:\New Folder\games\games\screensavers\ssmpokemon.exe Infected: not-a-virus:AdWare.Win32.Quick.a 1
C:\New Folder\games\games\screensavers\ssmpokemon.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\New Folder\games\games\screensavers\ssmpokemon.exe Infected: Trojan-Dropper.Win32.Small.ff 1
C:\New Folder\games\games\screensavers\ssmpokemon.exe Infected: Trojan-Downloader.Win32.Wren.d 1
C:\New Folder (2)\pdf\CCNA STUDY GUIDE\CISCO UTILITIES\getdata\GetDataBack_for_FAT_v2[1].20\keygen.exe Infected: Backdoor.Win32.HacDef.073.oa 1
C:\New Folder (2)\pdf\CCNA STUDY GUIDE\CISCO UTILITIES\getdata\GetDataBack_for_FAT_v2[1].20.zip Infected: Backdoor.Win32.HacDef.073.oa 1
C:\New Folder (2)\pdf\CCNA STUDY GUIDE\CISCO UTILITIES\router simunlations\krang.exe Infected: not-a-virus:PSWTool.Win32.GetPass.e 1
C:\Norton Internet Security 2009 + 32bit Trial reset Crack\NIS09EN.exe Infected: Trojan.Win32.Agent.adzr 1
C:\othergames\chompman\chompman.exe Infected: not-a-virus:AdWare.Win32.ShowBehind.a 1
C:\othergames\chompman\chompman.exe Infected: not-a-virus:AdWare.Win32.JumpGate.a 1
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP42\A0024602.ini Infected: Trojan.Win32.AutoRun.a 1

The selected area was scanned.


4. New dds log is also appended below.




DDS (Ver_09-03-16.01) - NTFSx86
Run by kcm at 18:59:43.21 on Thu 05/14/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.247.55 [GMT 5.5:30]

AV: avast! antivirus 4.8.1335 [VPS 090513-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [nxpclient] c:\program files\airtel\netxpert\bin\sprtcmd.exe /P nxpclient
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRunOnce: [<NO NAME>]
dRunOnce: [RunNarrator] Narrator.exe
mPolicies-explorer: PreXPSP2ShellProtocolBehavior = 1 (0x1)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-25 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-25 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-12-25 138680]
R2 sprtsvc_nxpclient;SupportSoft Sprocket Service (nxpclient);c:\program files\airtel\netxpert\bin\sprtsvc.exe [2009-2-18 202800]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-12-25 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-12-25 352920]
S2 cdant;cdant; [x]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-4-5 33176]
S3 kwcxbus;Kyocera USB Composite Device driver (WDM);c:\windows\system32\drivers\kwcxbus.sys [2006-9-14 52480]
S3 kwcxser;Kyocera High-Speed Wireless Modem Drivers;c:\windows\system32\drivers\kwcxser.sys [2006-9-14 86016]
S3 SmartCd;SmartCd;c:\windows\system32\drivers\smartcd.sys --> c:\windows\system32\drivers\SmartCd.sys [?]
S4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]

============== File Associations ===============

inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
piffile="%1" %*"

=============== Created Last 30 ================

2009-05-12 21:05 <DIR> --d----- c:\program files\JavaFX
2009-05-12 21:05 <DIR> --d----- c:\program files\Sun
2009-05-12 21:04 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-12 21:04 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-10 20:15 360,021 a------- C:\dds.scr
2009-04-23 22:04 <DIR> --d-h--- C:\rubik
2009-04-23 19:43 <DIR> --d----- C:\bitdefender
2009-04-19 18:42 <DIR> --d----- C:\potatoes(2)
2009-04-19 18:36 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-19 18:35 283,648 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-19 18:35 60,416 -------- c:\windows\system32\dllcache\colbact.dll
2009-04-19 18:35 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-04-19 18:35 473,088 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-19 18:35 399,360 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-19 18:35 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-04-19 18:35 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-19 18:35 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-19 18:35 616,960 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-19 18:35 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-19 18:30 <DIR> --d----- C:\PowerISO

==================== Find3M ====================

2009-03-27 19:16 1,734,304 a------- C:\BitTorrent-6.1.2.exe
2009-03-21 19:48 986,112 a------- c:\windows\system32\dllcache\kernel32.dll
2009-03-10 22:18 934,792 -------- c:\windows\system32\dllcache\WgaTray.exe
2009-03-10 22:18 239,496 -------- c:\windows\system32\dllcache\wgaLogon.dll
2009-03-06 20:14 283,648 a------- c:\windows\system32\pdh.dll
2009-03-03 05:22 1,495,552 a------- c:\windows\system32\dllcache\shdocvw.dll
2009-02-19 15:28 18,432 a------- c:\windows\system32\dllcache\iedw.exe
2008-09-17 18:46 549,159 a--shr-- c:\program files\Norton2009Reset.exe
2003-03-21 12:45 250,544 a------- c:\program files\common files\keyhelp.ocx

============= FINISH: 19:00:12.25 ===============





Copy of attach.txt is also appended herewith.




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/18/2005 11:29:59 PM
System Uptime: 5/14/2009 6:49:04 PM (1 hours ago)

Motherboard: Hewlett-Packard | | 0984h
Processor: Intel® Pentium® 4 CPU 3.00GHz | XU1 PROCESSOR | 2992/800mhz
Processor: Intel® Pentium® 4 CPU 3.00GHz | XU1 PROCESSOR | 2992/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 6.174 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP31: 8/8/2008 9:31:08 PM - System Checkpoint
RP32: 8/13/2008 5:33:31 AM - System Checkpoint
RP33: 8/23/2008 7:44:48 PM - System Checkpoint
RP34: 8/23/2008 7:46:30 PM - Software Distribution Service 3.0
RP35: 8/26/2008 7:26:49 AM - System Checkpoint
RP36: 8/31/2008 11:40:13 AM - System Checkpoint
RP37: 9/4/2008 5:56:37 AM - System Checkpoint
RP38: 9/11/2008 6:03:43 PM - System Checkpoint
RP39: 9/17/2008 12:18:00 PM - Software Distribution Service 3.0
RP40: 9/20/2008 11:06:32 PM - System Checkpoint
RP41: 9/23/2008 6:25:10 PM - System Checkpoint
RP42: 11/3/2008 11:00:28 AM - Restore Operation
RP43: 12/21/2008 5:39:33 PM - System Checkpoint
RP44: 12/21/2008 6:01:22 PM - Restore Operation
RP45: 12/21/2008 6:08:16 PM - Restore Operation
RP46: 12/21/2008 6:14:03 PM - Restore Operation
RP47: 12/21/2008 6:16:47 PM - Restore Operation
RP48: 12/21/2008 6:19:28 PM - Restore Operation
RP49: 12/21/2008 6:22:36 PM - Restore Operation
RP50: 12/23/2008 8:55:11 PM - Restore Operation
RP51: 12/25/2008 9:05:52 PM - Installed Ad-Aware
RP52: 12/25/2008 9:15:47 PM - Ad-Aware Restore Point 2008-12-25 21:15:40

==== Installed Programs ======================

Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
Airtel NetXpert 2.1
avast! Antivirus
BitTorrent
Broadcom Management Programs
Critical Update for Windows Media Player 11 (KB959772)
DNA
getPlus® for Adobe
Google Earth
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Updater
Hang Reporting Tool
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HotPotatoes v 6.2.5.4
HP Help and Support
HP Safety and Comfort Guide
Intel® Graphics Media Accelerator Driver
InterVideo WinDVD
Java DB 10.4.1.3
Java™ 6 Update 13
Java™ SE Development Kit 6 Update 13
JavaFX™ 1.1 SDK
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Panasonic DVC USB Driver
PowerISO
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
SoundMAX
SweetMovieLife 1.0E
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VideoLAN VLC media player 0.8.6b
WebFldrs XP
Windows Basics: A WhizFolder eBook
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB886199
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

5/13/2009 7:50:40 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
5/11/2009 6:47:10 PM, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/11/2009 6:47:09 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.
5/11/2009 6:45:30 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 000FFE0B883D has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/10/2009 8:21:02 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
5/10/2009 8:02:26 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/10/2009 7:59:30 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
5/10/2009 7:58:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/10/2009 7:39:39 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu Tcpip
5/10/2009 7:39:39 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
5/10/2009 7:39:39 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/10/2009 7:39:39 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/10/2009 7:39:39 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

==== End Of File ===========================





I have not defragmented my hard drive for a long time. I will defragment it now after replying.
Thanks in anticipation.

Manoj

Attached Files



#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:47 PM

Posted 14 May 2009 - 11:20 AM

Hi again,

Delete following files:
C:\Documents and Settings\kcm\My Documents\Norton Internet Security 2009 + 32bit Trial reset Crack.rar
C:\New Folder\games\games\pokemongames\sol3d.exe
C:\New Folder\games\games\screensavers\Pikachu_Poke_Mon.exe
C:\New Folder\games\games\screensavers\pokemon_mj.exe
C:\New Folder\games\games\screensavers\ssmpokemon.exe
C:\New Folder (2)\pdf\CCNA STUDY GUIDE\CISCO UTILITIES\getdata\GetDataBack_for_FAT_v2[1].20\keygen.exe
c:\program files\Norton2009Reset.exe

and folders:
C:\Documents and Settings\All Users\Documents\Norton Internet Security 2009 + 32bit Trial reset Crack
C:\Documents and Settings\kcm\My Documents\Norton Internet Security 2009 + 32bit Trial reset Crack
C:\Norton Internet Security 2009 + 32bit Trial reset Crack


Post a fresh dds.txt log and let me know if defragging helped.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 ashmash132

ashmash132
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 15 May 2009 - 10:25 AM

Hi Blade81.

Thanks for the help being extended by you.

As directed, I have deleted the files and folders.

I also defragmented my C: drive but it has not helped.

I am pasting fresh dds logs for your reference.


DDS (Ver_09-03-16.01) - NTFSx86
Run by kcm at 20:49:09.81 on Fri 05/15/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.247.111 [GMT 5.5:30]

AV: avast! antivirus 4.8.1335 [VPS 090514-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [nxpclient] c:\program files\airtel\netxpert\bin\sprtcmd.exe /P nxpclient
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRunOnce: [<NO NAME>]
dRunOnce: [RunNarrator] Narrator.exe
mPolicies-explorer: PreXPSP2ShellProtocolBehavior = 1 (0x1)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-25 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-25 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-12-25 138680]
R2 sprtsvc_nxpclient;SupportSoft Sprocket Service (nxpclient);c:\program files\airtel\netxpert\bin\sprtsvc.exe [2009-2-18 202800]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-12-25 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-12-25 352920]
S2 cdant;cdant; [x]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-4-5 33176]
S3 kwcxbus;Kyocera USB Composite Device driver (WDM);c:\windows\system32\drivers\kwcxbus.sys [2006-9-14 52480]
S3 kwcxser;Kyocera High-Speed Wireless Modem Drivers;c:\windows\system32\drivers\kwcxser.sys [2006-9-14 86016]
S3 SmartCd;SmartCd;c:\windows\system32\drivers\smartcd.sys --> c:\windows\system32\drivers\SmartCd.sys [?]
S4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]

============== File Associations ===============

inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
piffile="%1" %*"

=============== Created Last 30 ================

2009-05-12 21:05 <DIR> --d----- c:\program files\JavaFX
2009-05-12 21:05 <DIR> --d----- c:\program files\Sun
2009-05-12 21:04 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-12 21:04 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-10 20:15 360,021 a------- C:\dds.scr
2009-04-23 22:04 <DIR> --d-h--- C:\rubik
2009-04-23 19:43 <DIR> --d----- C:\bitdefender
2009-04-19 18:42 <DIR> --d----- C:\potatoes(2)
2009-04-19 18:36 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-19 18:35 283,648 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-19 18:35 60,416 -------- c:\windows\system32\dllcache\colbact.dll
2009-04-19 18:35 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-04-19 18:35 473,088 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-19 18:35 399,360 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-19 18:35 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-04-19 18:35 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-19 18:35 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-19 18:35 616,960 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-19 18:35 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-19 18:30 <DIR> --d----- C:\PowerISO

==================== Find3M ====================

2009-03-27 19:16 1,734,304 a------- C:\BitTorrent-6.1.2.exe
2009-03-21 19:48 986,112 a------- c:\windows\system32\dllcache\kernel32.dll
2009-03-10 22:18 934,792 -------- c:\windows\system32\dllcache\WgaTray.exe
2009-03-10 22:18 239,496 -------- c:\windows\system32\dllcache\wgaLogon.dll
2009-03-06 20:14 283,648 a------- c:\windows\system32\pdh.dll
2009-03-03 05:22 1,495,552 a------- c:\windows\system32\dllcache\shdocvw.dll
2009-02-19 15:28 18,432 a------- c:\windows\system32\dllcache\iedw.exe
2008-09-17 18:46 549,159 a--shr-- c:\program files\Norton2009Reset.exe
2003-03-21 12:45 250,544 a------- c:\program files\common files\keyhelp.ocx

============= FINISH: 20:49:35.59 ===============




Copy of attach.txt




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/18/2005 11:29:59 PM
System Uptime: 5/15/2009 8:15:36 PM (0 hours ago)

Motherboard: Hewlett-Packard | | 0984h
Processor: Intel® Pentium® 4 CPU 3.00GHz | XU1 PROCESSOR | 2992/800mhz
Processor: Intel® Pentium® 4 CPU 3.00GHz | XU1 PROCESSOR | 2992/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 6.293 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP31: 8/8/2008 9:31:08 PM - System Checkpoint
RP32: 8/13/2008 5:33:31 AM - System Checkpoint
RP33: 8/23/2008 7:44:48 PM - System Checkpoint
RP34: 8/23/2008 7:46:30 PM - Software Distribution Service 3.0
RP35: 8/26/2008 7:26:49 AM - System Checkpoint
RP36: 8/31/2008 11:40:13 AM - System Checkpoint
RP37: 9/4/2008 5:56:37 AM - System Checkpoint
RP38: 9/11/2008 6:03:43 PM - System Checkpoint
RP39: 9/17/2008 12:18:00 PM - Software Distribution Service 3.0
RP40: 9/20/2008 11:06:32 PM - System Checkpoint
RP41: 9/23/2008 6:25:10 PM - System Checkpoint
RP42: 11/3/2008 11:00:28 AM - Restore Operation
RP43: 12/21/2008 5:39:33 PM - System Checkpoint
RP44: 12/21/2008 6:01:22 PM - Restore Operation
RP45: 12/21/2008 6:08:16 PM - Restore Operation
RP46: 12/21/2008 6:14:03 PM - Restore Operation
RP47: 12/21/2008 6:16:47 PM - Restore Operation
RP48: 12/21/2008 6:19:28 PM - Restore Operation
RP49: 12/21/2008 6:22:36 PM - Restore Operation
RP50: 12/23/2008 8:55:11 PM - Restore Operation
RP51: 12/25/2008 9:05:52 PM - Installed Ad-Aware
RP52: 12/25/2008 9:15:47 PM - Ad-Aware Restore Point 2008-12-25 21:15:40

==== Installed Programs ======================

Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
Airtel NetXpert 2.1
avast! Antivirus
BitTorrent
Broadcom Management Programs
Critical Update for Windows Media Player 11 (KB959772)
DNA
getPlus® for Adobe
Google Earth
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Updater
Hang Reporting Tool
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HotPotatoes v 6.2.5.4
HP Help and Support
HP Safety and Comfort Guide
Intel® Graphics Media Accelerator Driver
InterVideo WinDVD
Java DB 10.4.1.3
Java™ 6 Update 13
Java™ SE Development Kit 6 Update 13
JavaFX™ 1.1 SDK
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Panasonic DVC USB Driver
PowerISO
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
SoundMAX
SweetMovieLife 1.0E
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VideoLAN VLC media player 0.8.6b
WebFldrs XP
Windows Basics: A WhizFolder eBook
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB886199
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

5/13/2009 7:50:40 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
5/10/2009 8:06:08 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
5/10/2009 8:06:01 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 000FFE0B883D has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/10/2009 7:58:51 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
5/10/2009 7:58:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/10/2009 7:39:39 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu Tcpip
5/10/2009 7:39:39 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
5/10/2009 7:39:39 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/10/2009 7:39:39 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/10/2009 7:39:39 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/10/2009 7:39:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/10/2009 7:30:36 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.
5/10/2009 7:30:36 PM, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================


Kindly look into the logs and extend your help.

Thanks.

Manoj

Attached Files



#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:47 PM

Posted 15 May 2009 - 12:25 PM

Hi,

This file wasn't deleted yet:
c:\program files\Norton2009Reset.exe


Do you remember what did you do before slow startup issue occured first time? Did you install any software for example?

DDS log doesn't show any sign of infection. Let's see if rootkit detector can see something.


Download GMER and save it your desktop:
  • Extract it to your desktop and double-click GMER.exe
  • Click rootkit-tab and then scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log & a fresh dds.txt log in your reply.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#9 ashmash132

ashmash132
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 17 May 2009 - 09:59 AM

Hi Blade81.

The file C:\Program Files\Norton2009Reset.exe deleted.

GMER report is pasted below.
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-17 17:49:41
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAAC186B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAAC18574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAAC18A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAAC1814C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAAC1864E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAAC1808C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAAC180F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAAC1876E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAAC1872E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAAC188AE]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[736] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002
IAT C:\WINDOWS\system32\services.exe[736] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----


Fresh DDR log is also pasted below.


DDS (Ver_09-03-16.01) - NTFSx86
Run by kcm at 20:20:44.96 on Sun 05/17/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.247.69 [GMT 5.5:30]

AV: avast! antivirus 4.8.1335 [VPS 090516-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [nxpclient] c:\program files\airtel\netxpert\bin\sprtcmd.exe /P nxpclient
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRunOnce: [<NO NAME>]
dRunOnce: [RunNarrator] Narrator.exe
mPolicies-explorer: PreXPSP2ShellProtocolBehavior = 1 (0x1)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-25 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-25 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-12-25 138680]
R2 sprtsvc_nxpclient;SupportSoft Sprocket Service (nxpclient);c:\program files\airtel\netxpert\bin\sprtsvc.exe [2009-2-18 202800]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-12-25 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-12-25 352920]
S2 cdant;cdant; [x]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-4-5 33176]
S3 kwcxbus;Kyocera USB Composite Device driver (WDM);c:\windows\system32\drivers\kwcxbus.sys [2006-9-14 52480]
S3 kwcxser;Kyocera High-Speed Wireless Modem Drivers;c:\windows\system32\drivers\kwcxser.sys [2006-9-14 86016]
S3 SmartCd;SmartCd;c:\windows\system32\drivers\smartcd.sys --> c:\windows\system32\drivers\SmartCd.sys [?]
S4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]

============== File Associations ===============

inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
piffile="%1" %*"

=============== Created Last 30 ================

2009-05-17 12:07 326,541 a------- C:\payscale.pdf
2009-05-17 11:39 278,221 a------- C:\gmer.zip
2009-05-12 21:05 <DIR> --d----- c:\program files\JavaFX
2009-05-12 21:05 <DIR> --d----- c:\program files\Sun
2009-05-12 21:04 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-12 21:04 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-10 20:15 360,021 a------- C:\dds.scr
2009-04-23 22:04 <DIR> --d-h--- C:\rubik
2009-04-23 19:43 <DIR> --d----- C:\bitdefender
2009-04-19 18:42 <DIR> --d----- C:\potatoes(2)
2009-04-19 18:36 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-19 18:35 283,648 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-19 18:35 60,416 -------- c:\windows\system32\dllcache\colbact.dll
2009-04-19 18:35 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-04-19 18:35 473,088 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-19 18:35 399,360 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-19 18:35 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-04-19 18:35 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-19 18:35 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-19 18:35 616,960 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-19 18:35 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-19 18:30 <DIR> --d----- C:\PowerISO

==================== Find3M ====================

2009-03-27 19:16 1,734,304 a------- C:\BitTorrent-6.1.2.exe
2009-03-21 19:48 986,112 a------- c:\windows\system32\dllcache\kernel32.dll
2009-03-10 22:18 934,792 -------- c:\windows\system32\dllcache\WgaTray.exe
2009-03-10 22:18 239,496 -------- c:\windows\system32\dllcache\wgaLogon.dll
2009-03-06 20:14 283,648 a------- c:\windows\system32\pdh.dll
2009-03-03 05:22 1,495,552 a------- c:\windows\system32\dllcache\shdocvw.dll
2009-02-19 15:28 18,432 a------- c:\windows\system32\dllcache\iedw.exe
2003-03-21 12:45 250,544 a------- c:\program files\common files\keyhelp.ocx

============= FINISH: 20:21:12.81 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/18/2005 11:29:59 PM
System Uptime: 5/17/2009 8:13:06 PM (0 hours ago)

Motherboard: Hewlett-Packard | | 0984h
Processor: Intel® Pentium® 4 CPU 3.00GHz | XU1 PROCESSOR | 2992/800mhz
Processor: Intel® Pentium® 4 CPU 3.00GHz | XU1 PROCESSOR | 2992/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 6.287 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP31: 8/8/2008 9:31:08 PM - System Checkpoint
RP32: 8/13/2008 5:33:31 AM - System Checkpoint
RP33: 8/23/2008 7:44:48 PM - System Checkpoint
RP34: 8/23/2008 7:46:30 PM - Software Distribution Service 3.0
RP35: 8/26/2008 7:26:49 AM - System Checkpoint
RP36: 8/31/2008 11:40:13 AM - System Checkpoint
RP37: 9/4/2008 5:56:37 AM - System Checkpoint
RP38: 9/11/2008 6:03:43 PM - System Checkpoint
RP39: 9/17/2008 12:18:00 PM - Software Distribution Service 3.0
RP40: 9/20/2008 11:06:32 PM - System Checkpoint
RP41: 9/23/2008 6:25:10 PM - System Checkpoint
RP42: 11/3/2008 11:00:28 AM - Restore Operation
RP43: 12/21/2008 5:39:33 PM - System Checkpoint
RP44: 12/21/2008 6:01:22 PM - Restore Operation
RP45: 12/21/2008 6:08:16 PM - Restore Operation
RP46: 12/21/2008 6:14:03 PM - Restore Operation
RP47: 12/21/2008 6:16:47 PM - Restore Operation
RP48: 12/21/2008 6:19:28 PM - Restore Operation
RP49: 12/21/2008 6:22:36 PM - Restore Operation
RP50: 12/23/2008 8:55:11 PM - Restore Operation
RP51: 12/25/2008 9:05:52 PM - Installed Ad-Aware
RP52: 12/25/2008 9:15:47 PM - Ad-Aware Restore Point 2008-12-25 21:15:40

==== Installed Programs ======================

Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
Airtel NetXpert 2.1
avast! Antivirus
BitTorrent
Broadcom Management Programs
Critical Update for Windows Media Player 11 (KB959772)
DNA
getPlus® for Adobe
Google Earth
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Updater
Hang Reporting Tool
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HotPotatoes v 6.2.5.4
HP Help and Support
HP Safety and Comfort Guide
Intel® Graphics Media Accelerator Driver
InterVideo WinDVD
Java DB 10.4.1.3
Java™ 6 Update 13
Java™ SE Development Kit 6 Update 13
JavaFX™ 1.1 SDK
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Panasonic DVC USB Driver
PowerISO
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
SoundMAX
SweetMovieLife 1.0E
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VideoLAN VLC media player 0.8.6b
WebFldrs XP
Windows Basics: A WhizFolder eBook
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB886199
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

5/13/2009 7:50:40 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
5/10/2009 8:21:02 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
5/10/2009 8:20:56 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 000FFE0B883D has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/10/2009 8:02:26 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/10/2009 7:59:30 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
5/10/2009 7:58:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/10/2009 7:39:39 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu Tcpip
5/10/2009 7:39:39 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
5/10/2009 7:39:39 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/10/2009 7:39:39 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/10/2009 7:39:39 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/10/2009 7:32:45 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.
5/10/2009 7:32:45 PM, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================


I am unable to recall whether I have installed any software lately which has resulted in slow nature of my PC.

Further I have observed that the startup time which was initially approximately 7 to 8 minutes when I have started
this thread has come down to 3 to 4 minutes for the last two days. May be it is your help which has done this.
But still it is on a higher side.

Logs are pasted for your reference. Waiting for your advice.

Thanks for your kind help.

Manoj.

#10 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:47 PM

Posted 17 May 2009 - 12:32 PM

Hi Manoj

Logs look ok so I'm afraid there's much I can do to improve startup performance. However, if you did defragging with Windows own defragging utility then might want to give JKDefrag a try.

See also these hints about system performance improving.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#11 ashmash132

ashmash132
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 21 May 2009 - 08:54 AM

Hi Blade81.

As directed , I defragmented the windows using JKDefrag utility. The log is enclosed for your reference.

Still the startup time is approximately 4 minutes.

Can it be because of AVAST antivirus as task manager show a number of process linked to it like ashMaiSv.exe, ashDisp.exe ashMaiSv.exe consuming a lot of Mem Usage.

Thanks for the all the help you have extended while analysing my problem.

Manoj

Attached Files



#12 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:47 PM

Posted 21 May 2009 - 12:19 PM

Hi

How much memory does your system have installed?

You may see other hints for improving system performance here.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#13 ashmash132

ashmash132
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 21 May 2009 - 10:19 PM

Hi.

My computer specifications are:

HP Compaq dx6100 P4 CPU 3.00GHz
2.99 GHz 248 MB RAM
40 GB Hard Disk (Free space 5.6 GB at present)
XP SP2

I am looking into the hints for improving system performance and will inform you accordingly.

Thanks.

Manoj

#14 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:47 PM

Posted 22 May 2009 - 09:26 AM

Hi

Your system has definitely too small amount of memory to run XP smoothly. Recommended amount is 512MB and minimum 256MB.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#15 ashmash132

ashmash132
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 26 May 2009 - 01:52 AM

hi blade81.

I am going to upgrade my RAM. This may take few days. Only after that I can inform you about any
progress.

Still thank you so much for spending your valuable time in diagnosing my problem and suggesting
remedial measures.

I am thankful to all other members of this forum.

Manoj




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users