Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Various Errors(browser redirected, odd cpu usage)


  • This topic is locked This topic is locked
10 replies to this topic

#1 Bronston

Bronston

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 28 April 2009 - 08:10 PM

I'm having a bunch of errors. I don't know if they're all connected. I'm running xp sp3. The errors are as follows:

Constant web browser redirects
winlogon.exe ranging from 50-100% cpu usage
various windows stuff disabled(task manager, display properties tabs, etc.)
every time I try to view my system services I get MMC has detected an error in a snap-in. It is recommended that you shut down and restart MMC.
I was going to say sfc said rpc server was inaccessible but it seems to work again now.

I have tried various antivirus programs(avg, avast, nod32). They found a virus occasionally but didn't solve the problem. When I have nod32 installed my web browser will not open any page. I've also tried several antispyware/malware programs(adaware, spyware blaster, and a couple others I can't remember the names of). Again minimal results.

Any help would be fantastic.

Thanks
B


DDS (Ver_09-03-16.01) - NTFSx86
Run by safe mode only at 19:36:44.50 on Tue 04/28/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.280 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
e:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\Dynex Wireless G Adapter\WLService.exe
C:\Program Files\Dynex Wireless G Adapter\WLanCfgG.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Documents and Settings\safe mode only\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PWRISOVM.EXE] "c:\program files\poweriso\PWRISOVM.EXE"
mRun: [AVG8_TRAY] "c:\progra~1\avg\avg8\avgtray.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [SmartDefrag] "c:\program files\iobit\iobit smartdefrag\IObit SmartDefrag.exe" /StartUp
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ftn2ksv] c:\windows\system32\ftn2ksv.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\daemon~1.lnk - c:\program files\daemon tools lite\daemon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\esetno~1.lnk - c:\program files\eset\eset nod32 antivirus\egui.exe
mPolicies-system: DisableStatusMessages = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: {CBAFDC42-B425-44E7-8706-57F77CF4DE45} = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: kb32sys - kb32sys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\safemo~1\applic~1\mozilla\firefox\profiles\e870ad7e.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin6.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-12 64160]
R0 PSeries;PSeries;c:\windows\system32\drivers\pseries.sys [2008-12-29 31872]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-10 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-10 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-10 108552]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2003-7-11 14912]
R1 ntiowp;ntiowp;c:\windows\system32\drivers\ntiowp.sys [2006-10-20 12352]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-10 298264]
R2 BBDemon;Backbone Service;e:\program files\dassault systemes\b16\intel_a\code\bin\CATSysDemon.exe [2005-9-6 35840]
R2 Dynex DX-WGNBC WLService;Dynex DX-WGNBC Service;c:\program files\dynex wireless g adapter\WLService.exe [2008-12-29 49152]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2008-10-1 38144]
R3 ftnet2k;ftnet2k;c:\windows\system32\drivers\ftnet2k.sys [2009-4-28 4224]
S1 d49e3648;d49e3648;c:\windows\system32\drivers\d49e3648.sys [2009-4-17 0]
S2 IBG_gds_db;InterBase 7.5 Guardian gds_db;d:\program files\borland\interbase\bin\ibguard.exe -i "d:\program files\borland\interbase" -p gds_db --> d:\program files\borland\interbase\bin\ibguard.exe -i d:\program files\borland\InterBase [?]
S3 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 953168]
S3 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-4-10 908056]
S3 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.SYS [2009-1-17 3584]
S3 gwiopm;gwiopm;c:\program files\unknown device identifier\GWIOPM.SYS [2008-11-28 3904]
S3 IBS_gds_db;InterBase 7.5 Server gds_db;d:\program files\borland\interbase\bin\ibserver.exe -i "d:\program files\borland\interbase" -p gds_db --> d:\program files\borland\interbase\bin\ibserver.exe -i d:\program files\borland\InterBase [?]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\belkin\f5d7000v8\jswpsapi.exe [2007-10-30 352338]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\da7.tmp --> c:\windows\system32\DA7.tmp [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\rtl8180.sys --> c:\windows\system32\drivers\RTL8180.SYS [?]
S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2008-11-29 354816]
S3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [2008-11-2 25216]
S3 WLAN(WLAN);XPC 802.11b/g Wireless Kit Driver(WLAN);c:\windows\system32\drivers\ZD1211U.sys [2005-8-16 278016]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;e:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
S4 SgtSch2Svc;Seagate Scheduler2 Service;"c:\program files\common files\seagate\schedule2\schedul2.exe" --> c:\program files\common files\seagate\schedule2\schedul2.exe [?]

=============== Created Last 30 ================

2009-04-28 17:18 <DIR> -cd----- c:\docume~1\safemo~1\applic~1\uTorrent
2009-04-28 14:27 116,224 ac------ c:\windows\system32\dllcache\OLDC84.tmp
2009-04-28 14:27 23,040 ac------ c:\windows\system32\dllcache\OLDC80.tmp
2009-04-28 14:27 18,944 ac------ c:\windows\system32\dllcache\OLDC7C.tmp
2009-04-28 14:27 27,648 ac------ c:\windows\system32\dllcache\OLDC78.tmp
2009-04-28 14:27 4,608 ac------ c:\windows\system32\dllcache\OLDC74.tmp
2009-04-28 14:25 72,704 ac------ c:\windows\system32\dllcache\OLDC70.tmp
2009-04-28 14:23 6,912 ac------ c:\windows\system32\dllcache\OLDC05.tmp
2009-04-28 14:22 1,875,968 ac------ c:\windows\system32\dllcache\OLDBB1.tmp
2009-04-28 14:20 274,489 ac------ c:\windows\system32\dllcache\OLDB51.tmp
2009-04-28 14:19 159,828 ac------ c:\windows\system32\dllcache\OLDACB.tmp
2009-04-28 14:18 86,016 ac------ c:\windows\system32\dllcache\OLDA9B.tmp
2009-04-28 14:17 66,728 ac------ c:\windows\system32\dllcache\OLD9FB.tmp
2009-04-28 14:16 66,048 ac------ c:\windows\system32\dllcache\OLD981.tmp
2009-04-28 14:16 2,145,280 ac------ c:\windows\system32\dllcache\OLD97E.tmp
2009-04-28 13:49 29,311 ac------ c:\windows\system32\dllcache\OLD916.tmp
2009-04-28 13:48 103,936 ac------ c:\windows\system32\dllcache\OLD864.tmp
2009-04-28 13:47 6,144 ac------ c:\windows\system32\dllcache\OLD7E8.tmp
2009-04-28 13:46 61,696 ac------ c:\windows\system32\dllcache\OLD74B.tmp
2009-04-28 13:45 119,808 ac------ c:\windows\system32\dllcache\OLD6D1.tmp
2009-04-28 13:44 235,648 ac------ c:\windows\system32\dllcache\OLD69E.tmp
2009-04-28 13:43 340,023 ac------ c:\windows\system32\dllcache\OLD615.tmp
2009-04-28 13:43 311,359 ac------ c:\windows\system32\dllcache\OLD611.tmp
2009-04-28 13:43 102,463 ac------ c:\windows\system32\dllcache\OLD60E.tmp
2009-04-28 13:43 44,032 ac------ c:\windows\system32\dllcache\OLD60B.tmp
2009-04-28 13:43 106,496 ac------ c:\windows\system32\dllcache\OLD605.tmp
2009-04-28 13:43 86,016 ac------ c:\windows\system32\dllcache\OLD608.tmp
2009-04-28 13:41 17,408 ac------ c:\windows\system32\dllcache\OLD564.tmp
2009-04-28 13:40 63,360 ac------ c:\windows\system32\dllcache\OLD4D9.tmp
2009-04-28 13:39 29,696 ac------ c:\windows\system32\dllcache\OLD427.tmp
2009-04-28 13:38 57,399 ac------ c:\windows\system32\dllcache\OLD315.tmp
2009-04-28 13:37 32,256 ac------ c:\windows\system32\dllcache\OLD28B.tmp
2009-04-28 13:37 164,923 ac------ c:\windows\system32\dllcache\OLD287.tmp
2009-04-28 13:37 54,528 ac------ c:\windows\system32\dllcache\OLD283.tmp
2009-04-28 13:37 121,856 ac------ c:\windows\system32\dllcache\OLD280.tmp
2009-04-28 13:36 116,736 ac------ c:\windows\system32\dllcache\OLD27C.tmp
2009-04-28 13:35 236,032 ac------ c:\windows\system32\dllcache\OLD278.tmp
2009-04-28 13:35 244,224 ac------ c:\windows\system32\dllcache\OLD274.tmp
2009-04-28 13:35 74,240 ac------ c:\windows\system32\dllcache\OLD270.tmp
2009-04-28 13:35 73,216 ac------ c:\windows\system32\dllcache\OLD26C.tmp
2009-04-28 13:35 171,264 ac------ c:\windows\system32\dllcache\OLD268.tmp
2009-04-28 13:35 314,752 ac------ c:\windows\system32\dllcache\OLD260.tmp
2009-04-28 13:35 223,232 ac------ c:\windows\system32\dllcache\OLD264.tmp
2009-04-28 13:35 10,752 ac------ c:\windows\system32\dllcache\OLD25C.tmp
2009-04-28 13:33 66,082 ac------ c:\windows\system32\dllcache\OLD1D8.tmp
2009-04-28 13:32 102,400 ac------ c:\windows\system32\dllcache\OLD152.tmp
2009-04-28 13:31 13,696 ac------ c:\windows\system32\dllcache\OLD117.tmp
2009-04-28 13:31 36,096 ac------ c:\windows\system32\dllcache\OLD113.tmp
2009-04-28 13:31 38,912 ac------ c:\windows\system32\dllcache\OLD10F.tmp
2009-04-28 13:31 23,552 ac------ c:\windows\system32\dllcache\OLD10B.tmp
2009-04-28 13:31 26,624 ac------ c:\windows\system32\dllcache\OLD107.tmp
2009-04-28 13:30 19,456 ac------ c:\windows\system32\dllcache\OLD103.tmp
2009-04-28 13:30 9,472 ac------ c:\windows\system32\dllcache\OLDFF.tmp
2009-04-28 13:30 17,152 ac------ c:\windows\system32\dllcache\OLDFB.tmp
2009-04-28 13:30 17,152 ac------ c:\windows\system32\dllcache\OLDF7.tmp
2009-04-28 13:30 26,880 ac------ c:\windows\system32\dllcache\OLDF3.tmp
2009-04-28 13:30 49,920 ac------ c:\windows\system32\dllcache\OLDEF.tmp
2009-04-28 13:30 70,528 ac------ c:\windows\system32\dllcache\OLDEB.tmp
2009-04-28 13:30 104,832 ac------ c:\windows\system32\dllcache\OLDE6.tmp
2009-04-28 13:30 10,240 ac------ c:\windows\system32\dllcache\OLDE2.tmp
2009-04-28 13:30 281,600 ac------ c:\windows\system32\dllcache\OLDDE.tmp
2009-04-28 13:30 289,664 ac------ c:\windows\system32\dllcache\OLDD6.tmp
2009-04-28 13:30 75,136 ac------ c:\windows\system32\dllcache\OLDDA.tmp
2009-04-28 13:28 66,048 ac------ c:\windows\system32\dllcache\OLD8.tmp
2009-04-28 13:27 2,145,280 ac------ c:\windows\system32\dllcache\OLD2.tmp
2009-04-28 12:12 <DIR> acdshr-- C:\cmdcons
2009-04-28 12:10 161,792 ac------ c:\windows\SWREG.exe
2009-04-28 12:10 98,816 ac------ c:\windows\sed.exe
2009-04-28 03:52 27,648 ac------ c:\windows\system32\lmppcsetup.exe
2009-04-28 00:10 13,824 ac------ c:\windows\system32\ftn2ksv.exe
2009-04-28 00:10 7,680 ac------ c:\windows\system32\kb32sys.dll
2009-04-28 00:10 4,224 ac------ c:\windows\system32\drivers\ftnet2k.sys
2009-04-27 19:52 29,696 ac------ c:\windows\system32\loader49.exe
2009-04-27 13:16 35,328 ac------ c:\windows\system32\cl.exe
2009-04-27 09:43 <DIR> -cd----- c:\program files\common files\Autodesk Shared
2009-04-24 10:46 39,936 ac------ c:\windows\system32\winglsetup.exe
2009-04-18 03:07 <DIR> -cd----- c:\program files\JitBit
2009-04-18 03:05 <DIR> -cd----- c:\docume~1\safemo~1\applic~1\DAEMON Tools Pro
2009-04-18 03:05 <DIR> -cd----- c:\docume~1\safemo~1\applic~1\DAEMON Tools Lite
2009-04-18 03:05 <DIR> -cd----- c:\docume~1\safemo~1\applic~1\IObit
2009-04-17 14:18 0 ac------ c:\windows\system32\drivers\d49e3648.sys
2009-04-17 09:14 <DIR> -cd----- c:\documents and settings\safe mode only
2009-04-17 09:07 <DIR> -cd----- c:\program files\ESET
2009-04-17 08:44 10,995 ac------ C:\Bookmarks 2009-04-17.json
2009-04-17 08:06 73,728 ac------ c:\windows\system32\javacpl.cpl
2009-04-16 03:01 737,280 ac------ c:\windows\iun6002.exe
2009-04-16 03:01 <DIR> -cd----- c:\program files\EA Games
2009-04-15 21:04 74,240 ac------ c:\windows\system32\zlib.dll
2009-04-13 00:21 92,208 ac------ c:\windows\system\WING.DLL
2009-04-13 00:21 12,800 ac------ c:\windows\system\WING32.DLL
2009-04-12 23:52 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Synthetic Reality
2009-04-12 23:52 <DIR> -cd----- C:\WoS
2009-04-12 22:37 10,129,408 ac------ c:\windows\system32\dllcache\hwxkor.dll
2009-04-12 22:34 10,096,640 ac------ c:\windows\system32\dllcache\hwxcht.dll
2009-04-12 19:56 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\DassaultSystemes
2009-04-12 19:11 <DIR> -cd----- c:\program files\Business Objects
2009-04-12 18:56 <DIR> -cd----- c:\program files\Microsoft Device Emulator
2009-04-12 18:52 <DIR> -cd----- c:\program files\Windows Mobile 5.0 SDK R2
2009-04-12 18:47 <DIR> -cd----- c:\program files\Microsoft Synchronization Services
2009-04-12 18:47 <DIR> -cd----- c:\program files\Microsoft SQL Server Compact Edition
2009-04-12 18:10 <DIR> -cd----- c:\program files\Microsoft Web Designer Tools
2009-04-12 08:23 <DIR> -cd----- c:\program files\IObit
2009-04-12 08:23 64,160 ac------ c:\windows\system32\drivers\Lbd.sys
2009-04-12 08:22 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-12 07:30 195,104 ac------ c:\windows\system32\drivers\windrvr6.sys
2009-04-12 07:19 107,490 -c------ c:\windows\hpwins19.dat.temp
2009-04-12 07:19 389 -c------ c:\windows\hpwmdl19.dat.temp
2009-04-11 01:23 <DIR> -cd----- c:\program files\FolderSize
2009-04-10 20:00 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Comodo
2009-04-10 20:00 <DIR> -cd----- c:\program files\COMODO
2009-04-10 19:43 10,520 ac------ c:\windows\system32\avgrsstx.dll
2009-04-10 19:43 108,552 ac------ c:\windows\system32\drivers\avgtdix.sys
2009-04-10 19:43 325,640 ac------ c:\windows\system32\drivers\avgldx86.sys
2009-04-10 19:43 <DIR> -cd----- c:\windows\system32\drivers\Avg
2009-04-07 17:41 <DIR> -cd----- c:\program files\Full Tilt Poker
2009-04-06 14:29 <DIR> -cd----- c:\program files\Sophos
2009-04-04 20:02 <DIR> -cd----- c:\program files\CDisplay
2009-04-04 13:22 <DIR> -cd----- c:\program files\mIRC
2009-04-04 11:59 <DIR> -cd----- C:\Storm
2009-04-04 09:18 <DIR> -cd----- C:\stats
2009-04-04 09:16 35,255 ac------ C:\HypeRPG.mrc
2009-04-02 23:30 <DIR> -cd----- c:\program files\Axife Mouse Recorder DEMO
2009-04-02 23:19 110 ac------ c:\windows\GMouse.ini
2009-04-02 23:19 <DIR> -cd----- c:\program files\Macro Wizard 4.1
2009-04-02 23:19 <DIR> -cd----- c:\temp\mouse
2009-04-02 07:38 3,893 ac------ c:\windows\system32\ddk_make.bat
2009-04-02 07:38 143,360 ac------ c:\windows\system32\wdapi1001.dll
2009-03-31 21:15 36 -c--h--- c:\windows\system32\swk.ini
2009-03-31 21:15 <DIR> -cd----- c:\program files\Power DVD Player
2009-03-31 21:09 <DIR> -cd----- c:\program files\AdvancedDVDPlayer
2009-03-31 21:04 <DIR> -cd----- c:\program files\RamBooster 2.0
2009-03-31 15:10 23,552 ac------ c:\windows\system32\dllcache\abp480n5.sys
2009-03-31 15:06 462,848 ac------ c:\windows\system32\dllcache\a3dapi.dll
2009-03-31 15:01 98,304 ac------ c:\windows\system32\dllcache\a3d.dll
2009-03-30 02:37 <DIR> -cd----- c:\program files\thriXXX

==================== Find3M ====================

2009-04-17 08:06 410,984 ac------ c:\windows\system32\deploytk.dll
2009-04-12 07:28 176,590 ac------ c:\windows\hpwins19.dat
2009-04-02 23:19 249,856 -c------ c:\windows\Setup1.exe
2009-04-02 23:19 73,216 ac------ c:\windows\ST6UNST.EXE
2009-03-09 14:06 15,688 ac------ c:\windows\system32\lsdelete.exe
2009-03-09 12:02 47,360 ac------ c:\windows\system32\drivers\pcouffin.sys
2009-03-02 18:41 52,736 ac------ c:\windows\ipuninst.exe
2009-02-05 22:17 164,352 ac------ c:\windows\system32\SpoonUninstall.exe
2009-02-05 22:17 6,545 ac------ c:\windows\system32\SpoonUninstall-Nostalgia, an Intellivision Emulator 4.2.dat
2009-01-30 20:03 107,888 ac------ c:\windows\system32\CmdLineExt.dll

============= FINISH: 19:37:43.89 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:01:39 PM

Posted 10 May 2009 - 04:51 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 Bronston

Bronston
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 14 May 2009 - 08:42 AM

Thanks for the response, sorry I was also a little slow to get back to it. Here is the dds log.


DDS (Ver_09-03-16.01) - NTFSx86
Run by safe mode only at 8:35:44.03 on Thu 05/14/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.631 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
e:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Dynex Wireless G Adapter\WLService.exe
C:\Program Files\Dynex Wireless G Adapter\WLanCfgG.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Documents and Settings\safe mode only\Desktop\dds.scr

============== Pseudo HJT Report ===============

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [PWRISOVM.EXE] "c:\program files\poweriso\PWRISOVM.EXE"
mRun: [AVG8_TRAY] "c:\progra~1\avg\avg8\avgtray.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [SmartDefrag] "c:\program files\iobit\iobit smartdefrag\IObit SmartDefrag.exe" /StartUp
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ftn2ksv] c:\windows\system32\ftn2ksv.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\daemon~1.lnk - c:\program files\daemon tools lite\daemon.exe
mPolicies-system: DisableStatusMessages = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: {CBAFDC42-B425-44E7-8706-57F77CF4DE45} = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: kb32sys - kb32sys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\safemo~1\applic~1\mozilla\firefox\profiles\e870ad7e.default\
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin6.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-12 64160]
R0 PSeries;PSeries;c:\windows\system32\drivers\pseries.sys [2008-12-29 31872]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-10 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-10 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-10 108552]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2003-7-11 14912]
R1 ntiowp;ntiowp;c:\windows\system32\drivers\ntiowp.sys [2006-10-20 12352]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-10 298776]
R2 BBDemon;Backbone Service;e:\program files\dassault systemes\b16\intel_a\code\bin\CATSysDemon.exe [2005-9-6 35840]
R2 Dynex DX-WGNBC WLService;Dynex DX-WGNBC Service;c:\program files\dynex wireless g adapter\WLService.exe [2008-12-29 49152]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2008-10-1 38144]
R3 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-4-10 908568]
S1 d49e3648;d49e3648;c:\windows\system32\drivers\d49e3648.sys [2009-4-17 0]
S2 IBG_gds_db;InterBase 7.5 Guardian gds_db;d:\program files\borland\interbase\bin\ibguard.exe -i "d:\program files\borland\interbase" -p gds_db --> d:\program files\borland\interbase\bin\ibguard.exe -i d:\program files\borland\InterBase [?]
S3 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 953168]
S3 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.SYS [2009-1-17 3584]
S3 ftnet2k;ftnet2k;c:\windows\system32\drivers\ftnet2k.sys [2009-4-28 4224]
S3 gwiopm;gwiopm;c:\program files\unknown device identifier\GWIOPM.SYS [2008-11-28 3904]
S3 IBS_gds_db;InterBase 7.5 Server gds_db;d:\program files\borland\interbase\bin\ibserver.exe -i "d:\program files\borland\interbase" -p gds_db --> d:\program files\borland\interbase\bin\ibserver.exe -i d:\program files\borland\InterBase [?]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\belkin\f5d7000v8\jswpsapi.exe [2007-10-30 352338]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\da7.tmp --> c:\windows\system32\DA7.tmp [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\rtl8180.sys --> c:\windows\system32\drivers\RTL8180.SYS [?]
S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2008-11-29 354816]
S3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [2008-11-2 25216]
S3 WLAN(WLAN);XPC 802.11b/g Wireless Kit Driver(WLAN);c:\windows\system32\drivers\ZD1211U.sys [2005-8-16 278016]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;e:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
S4 SgtSch2Svc;Seagate Scheduler2 Service;"c:\program files\common files\seagate\schedule2\schedul2.exe" --> c:\program files\common files\seagate\schedule2\schedul2.exe [?]

=============== Created Last 30 ================

2009-05-14 03:07 <DIR> -cd----- c:\docume~1\safemo~1\applic~1\CoreFTP
2009-05-11 16:19 116,224 ac------ c:\windows\system32\dllcache\OLDD2F.tmp
2009-05-11 16:19 23,040 ac------ c:\windows\system32\dllcache\OLDD2B.tmp
2009-05-11 16:19 27,648 ac------ c:\windows\system32\dllcache\OLDD23.tmp
2009-05-11 16:19 18,944 ac------ c:\windows\system32\dllcache\OLDD27.tmp
2009-05-11 16:19 4,608 ac------ c:\windows\system32\dllcache\OLDD1F.tmp
2009-05-11 16:16 99,865 ac------ c:\windows\system32\dllcache\OLDD0C.tmp
2009-05-11 16:16 28,288 ac------ c:\windows\system32\dllcache\OLDD08.tmp
2009-05-11 16:16 16,970 ac------ c:\windows\system32\dllcache\OLDD05.tmp
2009-05-11 16:16 19,455 ac------ c:\windows\system32\dllcache\OLDD01.tmp
2009-05-11 16:16 120,320 ac------ c:\windows\system32\dllcache\OLDCFD.tmp
2009-05-11 16:15 12,063 ac------ c:\windows\system32\dllcache\OLDCF9.tmp
2009-05-11 16:15 8,192 ac------ c:\windows\system32\dllcache\OLDCF4.tmp
2009-05-11 16:13 8,832 ac------ c:\windows\system32\dllcache\OLDCE9.tmp
2009-05-11 16:12 154,624 ac------ c:\windows\system32\dllcache\OLDCE5.tmp
2009-05-11 16:12 34,890 ac------ c:\windows\system32\dllcache\OLDCE1.tmp
2009-05-11 16:12 156,672 ac------ c:\windows\system32\dllcache\OLDCDD.tmp
2009-05-11 16:12 156,672 ac------ c:\windows\system32\dllcache\OLDCDA.tmp
2009-05-11 16:12 156,672 ac------ c:\windows\system32\dllcache\OLDCD7.tmp
2009-05-11 16:10 249,402 ac------ c:\windows\system32\dllcache\OLDC65.tmp
2009-05-11 16:09 241,664 ac------ c:\windows\system32\dllcache\OLDBB0.tmp
2009-05-11 16:08 19,072 ac------ c:\windows\system32\dllcache\OLDB15.tmp
2009-05-11 16:07 252,032 ac------ c:\windows\system32\dllcache\OLDA6A.tmp
2009-05-11 16:06 20,992 ac------ c:\windows\system32\dllcache\OLD9D5.tmp
2009-05-11 16:05 83,748 ac------ c:\windows\system32\dllcache\OLD959.tmp
2009-05-11 16:04 198,144 ac------ c:\windows\system32\dllcache\OLD888.tmp
2009-05-11 16:03 49,024 ac------ c:\windows\system32\dllcache\OLD80B.tmp
2009-05-11 16:02 7,424 ac------ c:\windows\system32\dllcache\OLD7C1.tmp
2009-05-11 16:01 6,144 ac------ c:\windows\system32\dllcache\OLD6D7.tmp
2009-05-11 16:00 10,129,408 ac------ c:\windows\system32\dllcache\OLD604.tmp
2009-05-11 15:59 19,456 ac------ c:\windows\system32\dllcache\OLD5C6.tmp
2009-05-11 15:58 454,912 ac------ c:\windows\system32\dllcache\OLD54A.tmp
2009-05-11 15:57 455,199 ac------ c:\windows\system32\dllcache\OLD47D.tmp
2009-05-11 15:56 41,046 ac------ c:\windows\system32\dllcache\OLD3E5.tmp
2009-05-11 15:55 170,880 ac------ c:\windows\system32\dllcache\OLD2F4.tmp
2009-05-11 15:54 66,082 ac------ c:\windows\system32\dllcache\OLD227.tmp
2009-05-11 15:53 54,271 ac------ c:\windows\system32\dllcache\OLD141.tmp
2009-05-11 15:52 24,576 ac------ c:\windows\system32\dllcache\OLD6B.tmp
2009-05-11 15:51 66,048 ac------ c:\windows\system32\dllcache\OLD6.tmp
2009-05-11 15:51 2,145,280 ac------ c:\windows\system32\dllcache\OLD2.tmp
2009-05-10 20:47 10,129,408 ac------ c:\windows\system32\dllcache\hwxkor.dll
2009-05-10 20:46 10,096,640 ac------ c:\windows\system32\dllcache\hwxcht.dll
2009-05-10 19:24 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-10 19:24 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-10 19:24 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-05-10 19:24 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-10 19:21 <DIR> -cd----- c:\windows\SxsCaPendDel
2009-05-07 13:32 <DIR> -cd----- c:\documents and settings\safe mode only\Tracing
2009-05-07 13:31 <DIR> -cd----- c:\program files\Microsoft
2009-05-07 13:31 <DIR> -cd----- c:\program files\Windows Live SkyDrive
2009-05-07 13:28 <DIR> -cd----- c:\program files\common files\Windows Live
2009-05-01 11:06 <DIR> -cd----- c:\docume~1\safemo~1\applic~1\Foxit
2009-05-01 11:06 <DIR> -cd----- c:\program files\Foxit Software
2009-04-30 18:20 <DIR> -cd----- c:\documents and settings\safe mode only\WLSCompanion
2009-04-30 17:31 <DIR> -cd----- c:\docume~1\safemo~1\applic~1\DassaultSystemes
2009-04-30 11:35 <DIR> -cd----- c:\docume~1\safemo~1\applic~1\mIRC
2009-04-29 22:49 66,594 ac------ c:\windows\system32\dllcache\c_858.nls
2009-04-29 22:40 66,082 ac------ c:\windows\system32\dllcache\c_20108.nls
2009-04-29 22:34 <DIR> -cd----- c:\windows\SHELLNEW
2009-04-29 22:29 32,256 ac------ c:\windows\system32\dllcache\brmfrsmg.exe
2009-04-29 20:15 <DIR> -cd----- c:\docume~1\safemo~1\applic~1\OpenOffice.org
2009-04-29 03:08 3,174 ac------ c:\windows\system32\NOTEPAD.ini
2009-04-28 20:49 69,120 ac------ c:\windows\system32\notepad.exe.orig
2009-04-28 20:49 69,120 ac------ c:\windows\system32\dllcache\notepad.exe.orig
2009-04-28 20:49 69,120 ac------ c:\windows\notepad.exe.orig
2009-04-28 20:48 <DIR> -cd----- C:\notepad
2009-04-28 19:51 25,992 ac------ c:\windows\system32\pgdfgsvc.exe
2009-04-28 17:18 <DIR> -cd----- c:\docume~1\safemo~1\applic~1\uTorrent
2009-04-28 12:12 <DIR> acdshr-- C:\cmdcons
2009-04-28 12:10 161,792 ac------ c:\windows\SWREG.exe
2009-04-28 12:10 98,816 ac------ c:\windows\sed.exe
2009-04-28 00:10 7,680 ac------ c:\windows\system32\kb32sys.dll
2009-04-28 00:10 4,224 ac------ c:\windows\system32\drivers\ftnet2k.sys
2009-04-27 09:43 <DIR> -cd----- c:\program files\common files\Autodesk Shared
2009-04-18 03:07 <DIR> -cd----- c:\program files\JitBit
2009-04-18 03:05 <DIR> -cd----- c:\docume~1\safemo~1\applic~1\DAEMON Tools Pro
2009-04-18 03:05 <DIR> -cd----- c:\docume~1\safemo~1\applic~1\DAEMON Tools Lite
2009-04-18 03:05 <DIR> -cd----- c:\docume~1\safemo~1\applic~1\IObit
2009-04-17 14:18 0 ac------ c:\windows\system32\drivers\d49e3648.sys
2009-04-17 09:14 <DIR> -cd----- c:\documents and settings\safe mode only
2009-04-17 09:07 <DIR> -cd----- c:\program files\ESET
2009-04-17 08:44 10,995 ac------ C:\Bookmarks 2009-04-17.json
2009-04-17 08:06 73,728 ac------ c:\windows\system32\javacpl.cpl
2009-04-16 03:01 737,280 ac------ c:\windows\iun6002.exe
2009-04-16 03:01 <DIR> -cd----- c:\program files\EA Games
2009-04-15 21:04 74,240 ac------ c:\windows\system32\zlib.dll

==================== Find3M ====================

2009-05-02 09:25 11,952 ac------ c:\windows\system32\avgrsstx.dll
2009-05-02 09:25 325,896 ac------ c:\windows\system32\drivers\avgldx86.sys
2009-05-02 09:25 108,552 ac------ c:\windows\system32\drivers\avgtdix.sys
2009-04-28 20:46 266,752 ac------ c:\windows\system32\notepad.exe
2009-04-28 20:46 266,752 ac------ c:\windows\notepad.exe
2009-04-26 08:29 64,160 ac------ c:\windows\system32\drivers\Lbd.sys
2009-04-17 08:06 410,984 ac------ c:\windows\system32\deploytk.dll
2009-04-12 07:28 176,590 ac------ c:\windows\hpwins19.dat
2009-04-02 23:19 249,856 -c------ c:\windows\Setup1.exe
2009-04-02 23:19 73,216 ac------ c:\windows\ST6UNST.EXE
2009-04-02 07:38 3,893 ac------ c:\windows\system32\ddk_make.bat
2009-04-02 07:38 143,360 ac------ c:\windows\system32\wdapi1001.dll
2009-04-02 07:31 195,104 ac------ c:\windows\system32\drivers\windrvr6.sys
2009-03-09 14:06 15,688 ac------ c:\windows\system32\lsdelete.exe
2009-03-02 18:41 52,736 ac------ c:\windows\ipuninst.exe

============= FINISH: 8:36:04.10 ===============

Attached Files



#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:39 PM

Posted 15 May 2009 - 03:24 PM

Hi

You seem to have P2P software, like uTorrent installed there. Nowadays major part of infections are received from P2P networks and that's why I recommend to uninstall such software.


Disable Ad-Watch


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log (from normal mode if possible).


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 Bronston

Bronston
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 16 May 2009 - 07:48 PM

Here is the combo fix log. I wasn't sure if I was supposed to paste it or attach it so I attached it. Again thank you very much for the help.

Attached Files



#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:39 PM

Posted 17 May 2009 - 06:45 AM

Hi

Could you also post a fresh dds log taken in normal mode if possible, please? :thumbup2:

Edited by Blade81, 17 May 2009 - 06:45 AM.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 Bronston

Bronston
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 17 May 2009 - 03:45 PM

DDS (Ver_09-03-16.01) - NTFSx86
Run by safe mode only at 15:42:33.53 on Sun 05/17/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.323 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
e:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Dynex Wireless G Adapter\WLService.exe
C:\Program Files\Dynex Wireless G Adapter\WLanCfgG.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\Documents and Settings\safe mode only\Desktop\dds.scr

============== Pseudo HJT Report ===============

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [PWRISOVM.EXE] "c:\program files\poweriso\PWRISOVM.EXE"
mRun: [AVG8_TRAY] "c:\progra~1\avg\avg8\avgtray.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [SmartDefrag] "c:\program files\iobit\iobit smartdefrag\IObit SmartDefrag.exe" /StartUp
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\daemon~1.lnk - c:\program files\daemon tools lite\daemon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\multim~1.lnk - c:\program files\mmtaskbar\MultiMon.exe
mPolicies-system: DisableStatusMessages = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: kb32sys - kb32sys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\safemo~1\applic~1\mozilla\firefox\profiles\e870ad7e.default\
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin6.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-12 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-10 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-10 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-10 108552]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2003-7-11 14912]
R1 ntiowp;ntiowp;c:\windows\system32\drivers\ntiowp.sys [2006-10-20 12352]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-10 298776]
R2 BBDemon;Backbone Service;e:\program files\dassault systemes\b16\intel_a\code\bin\CATSysDemon.exe [2005-9-6 35840]
R2 Dynex DX-WGNBC WLService;Dynex DX-WGNBC Service;c:\program files\dynex wireless g adapter\WLService.exe [2008-12-29 49152]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2008-10-1 38144]
R3 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-4-10 908568]
S0 PSeries;PSeries;c:\windows\system32\drivers\pseries.sys [2008-12-29 31872]
S1 d49e3648;d49e3648;c:\windows\system32\drivers\d49e3648.sys [2009-4-17 0]
S2 IBG_gds_db;InterBase 7.5 Guardian gds_db;d:\program files\borland\interbase\bin\ibguard.exe -i "d:\program files\borland\interbase" -p gds_db --> d:\program files\borland\interbase\bin\ibguard.exe -i d:\program files\borland\InterBase [?]
S3 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 953168]
S3 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.SYS [2009-1-17 3584]
S3 ftnet2k;ftnet2k;c:\windows\system32\drivers\ftnet2k.sys [2009-4-28 4224]
S3 gwiopm;gwiopm;c:\program files\unknown device identifier\GWIOPM.SYS [2008-11-28 3904]
S3 IBS_gds_db;InterBase 7.5 Server gds_db;d:\program files\borland\interbase\bin\ibserver.exe -i "d:\program files\borland\interbase" -p gds_db --> d:\program files\borland\interbase\bin\ibserver.exe -i d:\program files\borland\InterBase [?]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\belkin\f5d7000v8\jswpsapi.exe [2007-10-30 352338]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\da7.tmp --> c:\windows\system32\DA7.tmp [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\rtl8180.sys --> c:\windows\system32\drivers\RTL8180.SYS [?]
S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2008-11-29 354816]
S3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [2008-11-2 25216]
S3 WLAN(WLAN);XPC 802.11b/g Wireless Kit Driver(WLAN);c:\windows\system32\drivers\ZD1211U.sys [2005-8-16 278016]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;e:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
S4 SgtSch2Svc;Seagate Scheduler2 Service;"c:\program files\common files\seagate\schedule2\schedul2.exe" --> c:\program files\common files\seagate\schedule2\schedul2.exe [?]

=============== Created Last 30 ================

2009-05-16 20:59 116,224 ac------ c:\windows\system32\dllcache\OLD169C.tmp
2009-05-16 20:59 23,040 ac------ c:\windows\system32\dllcache\OLD1699.tmp
2009-05-16 20:59 18,944 ac------ c:\windows\system32\dllcache\OLD1696.tmp
2009-05-16 20:59 27,648 ac------ c:\windows\system32\dllcache\OLD1693.tmp
2009-05-16 20:59 4,608 ac------ c:\windows\system32\dllcache\OLD1690.tmp
2009-05-16 20:57 99,865 ac------ c:\windows\system32\dllcache\OLD168D.tmp
2009-05-16 20:57 28,288 ac------ c:\windows\system32\dllcache\OLD168A.tmp
2009-05-16 20:57 16,970 ac------ c:\windows\system32\dllcache\OLD1688.tmp
2009-05-16 20:57 19,455 ac------ c:\windows\system32\dllcache\OLD1685.tmp
2009-05-16 20:57 120,320 ac------ c:\windows\system32\dllcache\OLD1682.tmp
2009-05-16 20:57 12,063 ac------ c:\windows\system32\dllcache\OLD1680.tmp
2009-05-16 20:57 8,192 ac------ c:\windows\system32\dllcache\OLD167D.tmp
2009-05-16 20:57 8,832 ac------ c:\windows\system32\dllcache\OLD167A.tmp
2009-05-16 20:55 32,384 ac------ c:\windows\system32\dllcache\OLD15F5.tmp
2009-05-16 20:54 48,736 ac------ c:\windows\system32\dllcache\OLD1543.tmp
2009-05-16 20:53 17,664 ac------ c:\windows\system32\dllcache\OLD14A0.tmp
2009-05-16 20:52 49,024 ac------ c:\windows\system32\dllcache\OLD1417.tmp
2009-05-16 20:51 198,144 ac------ c:\windows\system32\dllcache\OLD1357.tmp
2009-05-16 20:50 49,024 ac------ c:\windows\system32\dllcache\OLD12FB.tmp
2009-05-16 20:50 12,416 ac------ c:\windows\system32\dllcache\OLD12F8.tmp
2009-05-16 20:50 2,944 ac------ c:\windows\system32\dllcache\OLD12F5.tmp
2009-05-16 20:50 22,016 ac------ c:\windows\system32\dllcache\OLD12F2.tmp
2009-05-16 20:50 1,875,968 ac------ c:\windows\system32\dllcache\OLD12EF.tmp
2009-05-16 20:50 98,304 ac------ c:\windows\system32\dllcache\OLD12ED.tmp
2009-05-16 20:50 35,200 ac------ c:\windows\system32\dllcache\OLD12EB.tmp
2009-05-16 20:50 6,016 ac------ c:\windows\system32\dllcache\OLD12E8.tmp
2009-05-16 20:50 17,280 ac------ c:\windows\system32\dllcache\OLD12E5.tmp
2009-05-16 20:48 6,144 ac------ c:\windows\system32\dllcache\OLD1239.tmp
2009-05-16 20:47 10,129,408 ac------ c:\windows\system32\dllcache\OLD1188.tmp
2009-05-16 20:46 92,160 ac------ c:\windows\system32\dllcache\OLD10FD.tmp
2009-05-16 20:45 20,992 ac------ c:\windows\system32\dllcache\OLD103B.tmp
2009-05-16 20:44 80,896 ac------ c:\windows\system32\dllcache\OLDFB7.tmp
2009-05-16 20:43 13,952 ac------ c:\windows\system32\dllcache\OLDF45.tmp
2009-05-16 20:42 66,594 ac------ c:\windows\system32\dllcache\OLDEC1.tmp
2009-05-16 20:41 144,384 ac------ c:\windows\system32\dllcache\OLDDF1.tmp
2009-05-16 20:40 19,456 ac------ c:\windows\system32\dllcache\OLDD77.tmp
2009-05-16 20:39 2,145,280 ac------ c:\windows\system32\dllcache\OLDD1F.tmp
2009-05-16 20:05 <DIR> -cd----- c:\program files\MMTaskbar
2009-05-16 18:47 116,224 ac------ c:\windows\system32\dllcache\OLDCF7.tmp
2009-05-16 18:47 23,040 ac------ c:\windows\system32\dllcache\OLDCF3.tmp
2009-05-16 18:47 18,944 ac------ c:\windows\system32\dllcache\OLDCEF.tmp
2009-05-16 18:47 27,648 ac------ c:\windows\system32\dllcache\OLDCEB.tmp
2009-05-16 18:47 4,608 ac------ c:\windows\system32\dllcache\OLDCE7.tmp
2009-05-16 18:47 99,865 ac------ c:\windows\system32\dllcache\OLDCE3.tmp
2009-05-16 18:47 28,288 ac------ c:\windows\system32\dllcache\OLDCDF.tmp
2009-05-16 18:47 16,970 ac------ c:\windows\system32\dllcache\OLDCDC.tmp
2009-05-16 18:47 19,455 ac------ c:\windows\system32\dllcache\OLDCD8.tmp
2009-05-16 18:47 120,320 ac------ c:\windows\system32\dllcache\OLDCD4.tmp
2009-05-16 18:47 12,063 ac------ c:\windows\system32\dllcache\OLDCD1.tmp
2009-05-16 18:47 8,192 ac------ c:\windows\system32\dllcache\OLDCCD.tmp
2009-05-16 18:45 69,632 ac------ c:\windows\system32\dllcache\OLDBFE.tmp
2009-05-16 18:44 38,912 ac------ c:\windows\system32\dllcache\OLDAB1.tmp
2009-05-16 18:43 41,472 ac------ c:\windows\system32\dllcache\OLD99B.tmp
2009-05-16 18:42 126,080 ac------ c:\windows\system32\dllcache\OLD862.tmp
2009-05-16 18:41 6,528 ac------ c:\windows\system32\dllcache\OLD7E6.tmp
2009-05-16 18:40 23,552 ac------ c:\windows\system32\dllcache\OLD6BF.tmp
2009-05-16 18:39 10,096,640 ac------ c:\windows\system32\dllcache\OLD5FB.tmp
2009-05-16 18:38 45,568 ac------ c:\windows\system32\dllcache\OLD4F1.tmp
2009-05-16 18:37 117,760 ac------ c:\windows\system32\dllcache\OLD382.tmp
2009-05-16 18:36 66,082 ac------ c:\windows\system32\dllcache\OLD22D.tmp
2009-05-16 18:35 268,160 ac------ c:\windows\system32\dllcache\OLDCD.tmp
2009-05-16 18:34 53,376 ac------ c:\windows\system32\dllcache\OLDB.tmp
2009-05-16 18:32 66,048 ac------ c:\windows\system32\dllcache\OLD7.tmp
2009-05-16 18:31 2,145,280 ac------ c:\windows\system32\dllcache\OLD3.tmp
2009-05-16 18:13 161,792 ac------ c:\windows\SWREG.exe
2009-05-16 18:13 98,816 ac------ c:\windows\sed.exe
2009-05-15 21:30 <DIR> -cd----- c:\program files\Wise Disk Cleaner
2009-05-14 03:07 <DIR> -cd----- c:\docume~1\safemo~1\applic~1\CoreFTP
2009-05-10 20:47 10,129,408 ac------ c:\windows\system32\dllcache\hwxkor.dll
2009-05-10 20:46 10,096,640 ac------ c:\windows\system32\dllcache\hwxcht.dll
2009-05-10 19:24 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-10 19:24 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-10 19:24 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-05-10 19:24 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-10 19:21 <DIR> -cd----- c:\windows\SxsCaPendDel
2009-05-07 13:32 <DIR> -cd----- c:\documents and settings\safe mode only\Tracing
2009-05-07 13:31 <DIR> -cd----- c:\program files\Microsoft
2009-05-07 13:31 <DIR> -cd----- c:\program files\Windows Live SkyDrive
2009-05-07 13:28 <DIR> -cd----- c:\program files\common files\Windows Live
2009-05-01 11:06 <DIR> -cd----- c:\docume~1\safemo~1\applic~1\Foxit
2009-05-01 11:06 <DIR> -cd----- c:\program files\Foxit Software
2009-04-30 18:20 <DIR> -cd----- c:\documents and settings\safe mode only\WLSCompanion
2009-04-30 17:31 <DIR> -cd----- c:\docume~1\safemo~1\applic~1\DassaultSystemes
2009-04-30 11:35 <DIR> -cd----- c:\docume~1\safemo~1\applic~1\mIRC
2009-04-29 22:49 66,594 ac------ c:\windows\system32\dllcache\c_858.nls
2009-04-29 22:40 66,082 ac------ c:\windows\system32\dllcache\c_20108.nls
2009-04-29 22:34 <DIR> -cd----- c:\windows\SHELLNEW
2009-04-29 22:29 32,256 ac------ c:\windows\system32\dllcache\brmfrsmg.exe
2009-04-29 20:15 <DIR> -cd----- c:\docume~1\safemo~1\applic~1\OpenOffice.org
2009-04-29 03:08 3,382 ac------ c:\windows\system32\NOTEPAD.ini
2009-04-28 20:49 69,120 ac------ c:\windows\system32\notepad.exe.orig
2009-04-28 20:49 69,120 ac------ c:\windows\system32\dllcache\notepad.exe.orig
2009-04-28 20:49 69,120 ac------ c:\windows\notepad.exe.orig
2009-04-28 20:48 <DIR> -cd----- C:\notepad
2009-04-28 19:51 25,992 ac------ c:\windows\system32\pgdfgsvc.exe
2009-04-28 17:18 <DIR> -cd----- c:\docume~1\safemo~1\applic~1\uTorrent
2009-04-28 12:12 <DIR> acdshr-- C:\cmdcons
2009-04-28 00:10 7,680 ac------ c:\windows\system32\kb32sys.dll
2009-04-28 00:10 4,224 ac------ c:\windows\system32\drivers\ftnet2k.sys
2009-04-27 09:43 <DIR> -cd----- c:\program files\common files\Autodesk Shared
2009-04-18 03:07 <DIR> -cd----- c:\program files\JitBit
2009-04-18 03:05 <DIR> -cd----- c:\docume~1\safemo~1\applic~1\DAEMON Tools Pro
2009-04-18 03:05 <DIR> -cd----- c:\docume~1\safemo~1\applic~1\DAEMON Tools Lite
2009-04-18 03:05 <DIR> -cd----- c:\docume~1\safemo~1\applic~1\IObit

==================== Find3M ====================

2009-05-02 09:25 11,952 ac------ c:\windows\system32\avgrsstx.dll
2009-05-02 09:25 325,896 ac------ c:\windows\system32\drivers\avgldx86.sys
2009-05-02 09:25 108,552 ac------ c:\windows\system32\drivers\avgtdix.sys
2009-04-28 20:46 266,752 ac------ c:\windows\system32\notepad.exe
2009-04-28 20:46 266,752 ac------ c:\windows\notepad.exe
2009-04-28 13:09 0 ac------ c:\windows\system32\drivers\d49e3648.sys
2009-04-26 08:29 64,160 ac------ c:\windows\system32\drivers\Lbd.sys
2009-04-17 08:06 410,984 ac------ c:\windows\system32\deploytk.dll
2009-04-16 03:01 737,280 ac------ c:\windows\iun6002.exe
2009-04-15 21:04 74,240 ac------ c:\windows\system32\zlib.dll
2009-04-12 07:28 176,590 ac------ c:\windows\hpwins19.dat
2009-04-02 23:19 249,856 -c------ c:\windows\Setup1.exe
2009-04-02 23:19 73,216 ac------ c:\windows\ST6UNST.EXE
2009-04-02 07:38 3,893 ac------ c:\windows\system32\ddk_make.bat
2009-04-02 07:38 143,360 ac------ c:\windows\system32\wdapi1001.dll
2009-04-02 07:31 195,104 ac------ c:\windows\system32\drivers\windrvr6.sys
2009-03-09 14:06 15,688 ac------ c:\windows\system32\lsdelete.exe
2009-03-02 18:41 52,736 ac------ c:\windows\ipuninst.exe

============= FINISH: 15:43:42.51 ===============

Attached Files



#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:39 PM

Posted 18 May 2009 - 08:38 AM

Hi again,

Are you familiar with C:\hide.bat file?


Uninstall old Adobe Reader versions and get the latest one here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Open notepad and copy/paste the text in the quotebox below into it:

Driver::
d49e3648

File::
c:\windows\system32\drivers\d49e3648.sys

DDS::
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

Regnull::
[HKEY_USERS\S-1-5-21-1757981266-630328440-839522115-1015\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\approved\{b4b2fd9d-2b38-7a5c-691e-7ab73b8b8e06}*]

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=-
"UpdatesDisableNotify"=-


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Download ATF (Atribune Temp File) Cleanerę by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#9 Bronston

Bronston
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 24 May 2009 - 05:28 PM

Thanks for the response. Took the recommended steps. By the way Hide.bat is just my batch file to keep my shared files hidden on my LAN.

Attached Files



#10 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:39 PM

Posted 25 May 2009 - 07:34 AM

Ok. Thanks for the explanation regarding hide.bat file :thumbup2:

I'll get back to this when you have Kaspersky online scanner report & a fresh dds.txt log ready.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#11 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:39 PM

Posted 03 June 2009 - 11:56 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users