Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

iexplore.exe keeps growing in size when on internet


  • This topic is locked This topic is locked
18 replies to this topic

#1 jezwagg

jezwagg

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 01 May 2009 - 05:27 AM

Hi, when I log onto the net the iexplore.exe file keeps growing using increasing amount of system resources. I've tried my avast anti virus, spybot search and destroy and malwarebytes and they can't find anything. Any help would be greatly appreciated.

Here's the DDs.txt log

DDS (Ver_09-03-16.01) - NTFSx86
Run by DAD at 11:17:02.04 on 01/05/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.479.124 [GMT 1:00]

AV: avast! antivirus 4.8.1335 [VPS 090429-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\system32\NILaunch.exe
C:\Program Files\iWare\iWare Mouse\3.2\MOUSE32A.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\DAD\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.orange.co.uk/
uWindow Title = Microsoft Internet Explorer Provided by Wanadoo
uDefault_Page_URL = hxxp://www.orange.co.uk
mDefault_Page_URL = hxxp://www.orange.co.uk
mWindow Title = Microsoft Internet Explorer Provided by Wanadoo
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [OM_Monitor] c:\program files\olympus\olympus master\Monitor.exe -NoStart
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [CHotkey] zHotkey.exe
mRun: [Net-It Launcher] c:\windows\system32\NILaunch.exe
mRun: [LWBMOUSE] c:\program files\iware\iware mouse\3.2\MOUSE32A.EXE
mRun: [Easy-PrintToolBox] c:\program files\canon\easy-printtoolbox\BJPSMAIN.EXE /logon
mRun: [OM_Monitor] c:\program files\olympus\olympus master\FirstStart.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - hxxp://download.ebay.com/turbo_lister/UK/install.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096375419796
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-2 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-2 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2007-12-10 138680]
R2 LogWatch;Event Log Watch;c:\program files\ca\sharedcomponents\ca_lic\LogWatNT.exe [2002-9-20 53248]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2007-12-10 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2007-12-10 352920]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 CA_LIC_CLNT;CA License Client;c:\program files\ca\sharedcomponents\ca_lic\lic98rmt.exe [2002-9-20 77824]
S3 CA_LIC_SRVR;CA License Server;c:\program files\ca\sharedcomponents\ca_lic\lic98rmtd.exe [2002-9-20 77824]

============== File Associations ===============

regfile=regedit.exe "%1" %*

=============== Created Last 30 ================

2009-04-30 20:44 296,968 a------- C:\Disc 71.mpc
2009-04-30 20:08 <DIR> --d----- c:\docume~1\dad\applic~1\Uniblue
2009-04-23 16:52 7,352,064 a------- c:\program files\Firefox Setup 3.0.9.exe
2009-04-16 11:08 337,320 a------- c:\windows\difxapi.dll
2009-04-16 11:08 49,152 a------- c:\windows\InstFunc.exe
2009-04-16 11:08 12,288 a------- c:\windows\InstFunc.dll
2009-04-16 11:07 <DIR> --d----- c:\program files\LSI SoftModem
2009-04-16 10:45 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-16 10:45 78,336 a------- c:\windows\system32\dllcache\ieencode.dll
2009-04-15 16:59 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-15 16:59 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-15 16:59 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 16:59 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-15 16:59 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 16:59 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-15 16:59 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 16:59 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-15 16:59 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-15 16:57 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-15 16:57 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 16:57 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-07 16:39 685,056 a------- c:\windows\is-GQMLI.exe
2009-04-07 16:39 10,562 a------- c:\windows\is-GQMLI.msg
2009-04-07 16:39 729 a------- c:\windows\is-GQMLI.lst
2009-04-04 08:40 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-04-03 16:36 <DIR> --d----- c:\windows\system32\XPSViewer
2009-04-03 16:34 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-03 16:34 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-03 16:34 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-03 16:34 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-04-03 16:34 117,760 -------- c:\windows\system32\prntvpt.dll
2009-04-03 16:34 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-04-03 16:34 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-04-03 16:34 <DIR> --d----- c:\windows\SxsCaPendDel

==================== Find3M ====================

2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-01 03:55 19,200 a------- c:\windows\system32\drivers\srvkp.sys
2009-04-01 03:55 1,571,001 a------- c:\windows\system32\sisgl.dll
2009-04-01 03:38 3,467,776 a------- c:\windows\system32\sisgrv.dll
2009-04-01 03:33 324,608 a------- c:\windows\system32\drivers\sisgrp.sys
2009-04-01 03:32 9,728 a------- c:\windows\system32\SiSPIns2.dll
2009-04-01 03:30 172,032 a------- c:\windows\system32\SiSInst.dll
2009-04-01 03:30 258,048 a------- c:\windows\system32\SiSParse.dll
2009-04-01 03:30 49,152 a------- c:\windows\system32\SiSBase.dll
2009-03-31 22:08 5,564,328 a------- c:\program files\Hm_Setup_323.exe
2009-03-25 15:44 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-25 15:36 5,637,845 a------- c:\program files\youtubedownloader.exe
2009-03-06 15:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-03 01:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-09 13:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 13:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 13:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 13:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 12:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 12:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 12:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 11:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-05 23:16 32,656 a------- c:\docume~1\dad\applic~1\wklnhst.dat
2009-02-03 20:59 56,832 a------- c:\windows\system32\secur32.dll
2008-12-11 17:43 10,940,386 a------- c:\program files\converter.exe
2008-10-22 22:11 5,244,648 a------- c:\program files\DriverDetective.exe
2008-09-08 15:04 5,980,544 a------- c:\program files\SFTPNSI.exe
2008-09-01 19:19 6,870,352 a------- c:\program files\MediaMonkey_3.0.4.1185.exe
2008-08-28 21:10 2,304,392 a------- c:\program files\rcsetup118.exe
2008-08-26 21:11 9,313,720 a------- c:\program files\Shockwave_Installer_Full.exe
2008-08-26 20:43 13,413,048 a------- c:\program files\Google_Earth_BZXD.exe
2008-08-26 15:56 35,124,856 a------- c:\program files\AdbeRdr90_en_US.exe
2008-08-26 15:35 152,064 a------- c:\program files\FHSetup.exe
2008-08-26 15:34 2,928,600 a------- c:\program files\ccsetup211.exe
2008-06-21 19:09 461,168 a------- c:\program files\jackpotcity.exe
2008-06-18 09:15 2,949,120 a------- c:\program files\AnyRailEN3.5.1.msi
2008-06-13 16:25 2,869,536 a------- c:\program files\spywareblastersetup41.exe
2008-06-13 16:12 8,984,518 a------- c:\program files\MP3.Collector.Pro-v2.3.1ByMechoDownload.exe
2008-06-13 16:06 3,717,240 a------- c:\program files\mp3collectorsetup_9710837.exe
2008-06-13 16:01 29,118 a------- c:\program files\MP3Collector_1.3.x_by_Kronuz.zip
2008-06-13 12:24 1,933,297 a------- c:\program files\Collectorz.com_MP3_Collector.zip
2008-06-13 12:11 874,856 a------- c:\program files\BitTorrent-6.0.3.exe
2008-06-06 16:08 16,851,845 a------- c:\program files\mp3boss.zip
2008-06-06 16:02 165 a------- c:\program files\mp3database.reg
2008-06-06 11:18 1,657,220 a------- c:\program files\Mp3DatabaseSetup_1.0.2.exe
2008-06-05 14:57 12,723,328 a------- c:\program files\catraxx_setup.exe
2008-06-04 19:36 321,623 a------- c:\program files\mp3db-v0.8.1-en.tar.gz
2008-06-04 16:50 237,732 a------- c:\program files\lz04jp01.zip
2008-05-18 16:45 1,649,976 a------- c:\program files\mbam-setup.exe
2008-05-10 19:45 62,651,176 a------- c:\program files\Dreamweaver8-en.exe
2008-04-12 16:46 929,820 a------- c:\program files\EFRCSetup.exe
2008-03-30 16:49 133,197,120 a------- c:\program files\OOo_2.4.0_Win32Intel_install_wJRE_en-US.exe
2008-02-21 12:42 6,139,144 a------- c:\program files\BBC-iPlayer_Setup.exe
2008-02-17 18:07 2,288,216 a------- c:\program files\usenet_client_setup.exe
2008-02-13 21:47 422,849 a------- c:\program files\mirakagi.zip
2008-02-05 22:57 21,364,592 a------- c:\program files\aaw2007.exe
2008-01-30 20:12 5,708,354 a------- c:\program files\Last.fm-1.4.2.59470.exe
2008-01-12 17:55 6,818,213 a------- c:\program files\Setup_FreeConverter.exe
2008-01-12 17:35 128,608 a------- c:\program files\audioburner.exe
2007-12-14 13:07 2,125,249 a------- c:\program files\burrrn_package.exe
2007-12-11 20:23 14,603,672 a------- c:\program files\jre-6u3-windows-i586-p.exe
2007-12-10 21:40 18,500,624 a------- c:\program files\setupeng.exe
2007-12-10 17:47 812,344 a------- c:\program files\HJTInstall.exe
2007-11-20 17:24 128,344 a------- c:\program files\audio-cd.exe
2007-11-20 17:17 1,630,151 a------- c:\program files\Setup_AltoMP3Gold.exe
2007-11-07 22:26 12,273,453 a------- c:\program files\dvdflick_setup_1.3.0.0_beta.exe
2007-11-07 22:23 56,774 a------- c:\program files\CDDBMP3setup.exe
2007-11-07 22:20 169,452 a------- c:\program files\MakeitOne-MP3AlbumMaker.exe
2007-11-06 17:19 881,664 a------- c:\program files\DigitalLockerAssistant_en.msi
2007-11-01 20:59 7,890,027 a------- c:\program files\KingJackpotSetupEN.EXE
2007-10-26 16:38 5,953,024 a------- c:\program files\VideoPiggy136.msi
2007-09-19 19:21 557,564 a------- c:\program files\CafeUK_Downloader.Exe
2007-09-17 16:48 400,248 a------- c:\program files\dfsetup100.exe
2007-09-14 18:58 74,672,991 a------- c:\program files\Office2003Lite-SFX.exe
2007-09-06 15:09 528,923 a------- c:\program files\LinerUK_Downloader.exe
2007-08-17 11:29 1,319,800 a------- c:\program files\frfglppc.exe
2007-07-04 19:40 814,697 a------- c:\program files\sscserve.exe
2007-05-04 10:13 1,957,423 a------- c:\program files\ffdshow.exe
2007-03-05 22:51 29,782,164 a------- c:\program files\bustamove4.zip
2007-02-12 22:31 4,867,336 a------- c:\program files\frinstall.exe
2007-02-08 02:59 2,095 a------- c:\program files\mp3collector.txt
2007-01-19 21:16 190,064 a------- c:\program files\Morpheus.exe
2007-01-19 13:13 11,160 a------- c:\program files\te.nfo
2007-01-19 03:23 414 a------- c:\program files\FILE_ID.DIZ
2007-01-19 03:11 10,760,192 a------- c:\program files\MP3Collector.exe
2007-01-19 02:23 3,716,728 a------- c:\program files\mp3collectorsetup.exe
2006-12-16 12:51 12,474,360 a------- c:\program files\solsuite.exe
2006-12-07 23:01 10,420,936 a------- c:\program files\xlviewer.exe
2006-07-19 15:05 15,272,744 a------- c:\program files\Install_Messenger_nous.exe
2006-05-06 19:12 17,323,088 -------- c:\program files\setupUK.exe
2006-04-14 16:33 240,507 -------- c:\program files\audioscrobbler.wmp.1.1.10.exe
2005-12-23 18:11 1,277,023 a------- c:\program files\secretmakersetup.exe
2005-11-23 19:47 622,736 -------- c:\program files\install_easyshare.exe
2005-11-07 21:03 925,184 -------- c:\program files\epsetup.exe
2005-11-07 20:55 532,616 a------- c:\program files\ImageResizerPowertoySetup.exe
2005-11-04 16:33 4,860,993 -------- c:\program files\setup_reminder15_en.exe
2005-10-31 23:02 4,111,384 a------- c:\program files\Bookworm_setup.exe
2005-10-27 20:24:16 -------- 2,987,896 c:\program files\leechget.exe
2009-01-20 18:41 321 ---sh--- c:\windows\system32\3231149625.sys
2008-10-07 14:45 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100720081008\index.dat

============= FINISH: 11:18:05.73 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:29 PM

Posted 14 May 2009 - 11:14 AM

Hello

Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.

Before we can continue, please post a fresh DSS log back here :thumbup2:
Posted Image

#3 jezwagg

jezwagg
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 14 May 2009 - 01:45 PM

Hi, Thanks for your reply. Unfortunately the problem persists.

Here's the DDS.txt log. I've also attached the fresh ATTACH.txt log


DDS (Ver_09-05-14.01) - NTFSx86
Run by DAD at 19:41:04.00 on 14/05/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.479.117 [GMT 1:00]

AV: avast! antivirus 4.8.1335 [VPS 090513-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
svchost.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\zHotkey.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\NILaunch.exe
C:\Program Files\iWare\iWare Mouse\3.2\MOUSE32A.EXE
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\DAD\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.orange.co.uk/
uWindow Title = Microsoft Internet Explorer Provided by Wanadoo
uDefault_Page_URL = hxxp://www.orange.co.uk
mDefault_Page_URL = hxxp://www.orange.co.uk
mWindow Title = Microsoft Internet Explorer Provided by Wanadoo
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [OM_Monitor] c:\program files\olympus\olympus master\Monitor.exe -NoStart
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [CHotkey] zHotkey.exe
mRun: [Net-It Launcher] c:\windows\system32\NILaunch.exe
mRun: [LWBMOUSE] c:\program files\iware\iware mouse\3.2\MOUSE32A.EXE
mRun: [Easy-PrintToolBox] c:\program files\canon\easy-printtoolbox\BJPSMAIN.EXE /logon
mRun: [OM_Monitor] c:\program files\olympus\olympus master\FirstStart.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - hxxp://download.ebay.com/turbo_lister/UK/install.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096375419796
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-11 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-2 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-2 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2007-12-10 138680]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 953168]
R2 LogWatch;Event Log Watch;c:\program files\ca\sharedcomponents\ca_lic\LogWatNT.exe [2002-9-20 53248]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2007-12-10 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2007-12-10 352920]
S3 CA_LIC_CLNT;CA License Client;c:\program files\ca\sharedcomponents\ca_lic\lic98rmt.exe [2002-9-20 77824]
S3 CA_LIC_SRVR;CA License Server;c:\program files\ca\sharedcomponents\ca_lic\lic98rmtd.exe [2002-9-20 77824]

============== File Associations ===============

regfile=regedit.exe "%1" %*

=============== Created Last 30 ================

2009-05-11 16:00 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-05-11 15:56 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-05-10 20:00 200,586 a------- C:\Disc 105.mpc
2009-04-30 20:44 310,487 a------- C:\Disc 71.mpc
2009-04-30 20:08 <DIR> --d----- c:\docume~1\dad\applic~1\Uniblue
2009-04-23 16:52 7,352,064 a------- c:\program files\Firefox Setup 3.0.9.exe
2009-04-16 11:08 337,320 a------- c:\windows\difxapi.dll
2009-04-16 11:08 49,152 a------- c:\windows\InstFunc.exe
2009-04-16 11:08 12,288 a------- c:\windows\InstFunc.dll
2009-04-16 11:07 <DIR> --d----- c:\program files\LSI SoftModem
2009-04-16 10:45 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-16 10:45 78,336 a------- c:\windows\system32\dllcache\ieencode.dll
2009-04-15 16:59 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-15 16:59 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-15 16:59 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 16:59 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-15 16:59 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 16:59 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-15 16:59 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 16:59 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-15 16:59 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-15 16:57 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-15 16:57 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 16:57 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe

==================== Find3M ====================

2009-05-08 14:54 32,746 a------- c:\docume~1\dad\applic~1\wklnhst.dat
2009-04-07 16:39 685,056 a------- c:\windows\is-GQMLI.exe
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-01 03:55 19,200 a------- c:\windows\system32\drivers\srvkp.sys
2009-04-01 03:55 1,571,001 a------- c:\windows\system32\sisgl.dll
2009-04-01 03:38 3,467,776 a------- c:\windows\system32\sisgrv.dll
2009-04-01 03:33 324,608 a------- c:\windows\system32\drivers\sisgrp.sys
2009-04-01 03:32 9,728 a------- c:\windows\system32\SiSPIns2.dll
2009-04-01 03:30 172,032 a------- c:\windows\system32\SiSInst.dll
2009-04-01 03:30 258,048 a------- c:\windows\system32\SiSParse.dll
2009-04-01 03:30 49,152 a------- c:\windows\system32\SiSBase.dll
2009-03-31 22:08 5,564,328 a------- c:\program files\Hm_Setup_323.exe
2009-03-25 15:44 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-25 15:36 5,637,845 a------- c:\program files\youtubedownloader.exe
2009-03-06 15:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-03 01:18 826,368 a------- c:\windows\system32\wininet.dll
2008-12-11 17:43 10,940,386 a------- c:\program files\converter.exe
2008-10-22 22:11 5,244,648 a------- c:\program files\DriverDetective.exe
2008-09-08 15:04 5,980,544 a------- c:\program files\SFTPNSI.exe
2008-09-01 19:19 6,870,352 a------- c:\program files\MediaMonkey_3.0.4.1185.exe
2008-08-28 21:10 2,304,392 a------- c:\program files\rcsetup118.exe
2008-08-26 21:11 9,313,720 a------- c:\program files\Shockwave_Installer_Full.exe
2008-08-26 20:43 13,413,048 a------- c:\program files\Google_Earth_BZXD.exe
2008-08-26 15:56 35,124,856 a------- c:\program files\AdbeRdr90_en_US.exe
2008-08-26 15:35 152,064 a------- c:\program files\FHSetup.exe
2008-08-26 15:34 2,928,600 a------- c:\program files\ccsetup211.exe
2008-06-21 19:09 461,168 a------- c:\program files\jackpotcity.exe
2008-06-18 09:15 2,949,120 a------- c:\program files\AnyRailEN3.5.1.msi
2008-06-13 16:25 2,869,536 a------- c:\program files\spywareblastersetup41.exe
2008-06-13 16:12 8,984,518 a------- c:\program files\MP3.Collector.Pro-v2.3.1ByMechoDownload.exe
2008-06-13 16:06 3,717,240 a------- c:\program files\mp3collectorsetup_9710837.exe
2008-06-13 16:01 29,118 a------- c:\program files\MP3Collector_1.3.x_by_Kronuz.zip
2008-06-13 12:24 1,933,297 a------- c:\program files\Collectorz.com_MP3_Collector.zip
2008-06-13 12:11 874,856 a------- c:\program files\BitTorrent-6.0.3.exe
2008-06-06 16:08 16,851,845 a------- c:\program files\mp3boss.zip
2008-06-06 16:02 165 a------- c:\program files\mp3database.reg
2008-06-06 11:18 1,657,220 a------- c:\program files\Mp3DatabaseSetup_1.0.2.exe
2008-06-05 14:57 12,723,328 a------- c:\program files\catraxx_setup.exe
2008-06-04 19:36 321,623 a------- c:\program files\mp3db-v0.8.1-en.tar.gz
2008-06-04 16:50 237,732 a------- c:\program files\lz04jp01.zip
2008-05-18 16:45 1,649,976 a------- c:\program files\mbam-setup.exe
2008-05-10 19:45 62,651,176 a------- c:\program files\Dreamweaver8-en.exe
2008-04-12 16:46 929,820 a------- c:\program files\EFRCSetup.exe
2008-03-30 16:49 133,197,120 a------- c:\program files\OOo_2.4.0_Win32Intel_install_wJRE_en-US.exe
2008-02-21 12:42 6,139,144 a------- c:\program files\BBC-iPlayer_Setup.exe
2008-02-17 18:07 2,288,216 a------- c:\program files\usenet_client_setup.exe
2008-02-13 21:47 422,849 a------- c:\program files\mirakagi.zip
2008-02-05 22:57 21,364,592 a------- c:\program files\aaw2007.exe
2008-01-30 20:12 5,708,354 a------- c:\program files\Last.fm-1.4.2.59470.exe
2008-01-12 17:55 6,818,213 a------- c:\program files\Setup_FreeConverter.exe
2008-01-12 17:35 128,608 a------- c:\program files\audioburner.exe
2007-12-14 13:07 2,125,249 a------- c:\program files\burrrn_package.exe
2007-12-11 20:23 14,603,672 a------- c:\program files\jre-6u3-windows-i586-p.exe
2007-12-10 21:40 18,500,624 a------- c:\program files\setupeng.exe
2007-12-10 17:47 812,344 a------- c:\program files\HJTInstall.exe
2007-11-20 17:24 128,344 a------- c:\program files\audio-cd.exe
2007-11-20 17:17 1,630,151 a------- c:\program files\Setup_AltoMP3Gold.exe
2007-11-07 22:26 12,273,453 a------- c:\program files\dvdflick_setup_1.3.0.0_beta.exe
2007-11-07 22:23 56,774 a------- c:\program files\CDDBMP3setup.exe
2007-11-07 22:20 169,452 a------- c:\program files\MakeitOne-MP3AlbumMaker.exe
2007-11-06 17:19 881,664 a------- c:\program files\DigitalLockerAssistant_en.msi
2007-11-01 20:59 7,890,027 a------- c:\program files\KingJackpotSetupEN.EXE
2007-10-26 16:38 5,953,024 a------- c:\program files\VideoPiggy136.msi
2007-09-19 19:21 557,564 a------- c:\program files\CafeUK_Downloader.Exe
2007-09-17 16:48 400,248 a------- c:\program files\dfsetup100.exe
2007-09-14 18:58 74,672,991 a------- c:\program files\Office2003Lite-SFX.exe
2007-09-06 15:09 528,923 a------- c:\program files\LinerUK_Downloader.exe
2007-08-17 11:29 1,319,800 a------- c:\program files\frfglppc.exe
2007-07-04 19:40 814,697 a------- c:\program files\sscserve.exe
2007-05-04 10:13 1,957,423 a------- c:\program files\ffdshow.exe
2007-03-05 22:51 29,782,164 a------- c:\program files\bustamove4.zip
2007-02-12 22:31 4,867,336 a------- c:\program files\frinstall.exe
2007-02-08 02:59 2,095 a------- c:\program files\mp3collector.txt
2007-01-19 21:16 190,064 a------- c:\program files\Morpheus.exe
2007-01-19 13:13 11,160 a------- c:\program files\te.nfo
2007-01-19 03:23 414 a------- c:\program files\FILE_ID.DIZ
2007-01-19 03:11 10,760,192 a------- c:\program files\MP3Collector.exe
2007-01-19 02:23 3,716,728 a------- c:\program files\mp3collectorsetup.exe
2006-12-16 12:51 12,474,360 a------- c:\program files\solsuite.exe
2006-12-07 23:01 10,420,936 a------- c:\program files\xlviewer.exe
2006-07-19 15:05 15,272,744 a------- c:\program files\Install_Messenger_nous.exe
2006-05-06 19:12 17,323,088 -------- c:\program files\setupUK.exe
2006-04-14 16:33 240,507 -------- c:\program files\audioscrobbler.wmp.1.1.10.exe
2005-12-23 18:11 1,277,023 a------- c:\program files\secretmakersetup.exe
2005-11-23 19:47 622,736 -------- c:\program files\install_easyshare.exe
2005-11-07 21:03 925,184 -------- c:\program files\epsetup.exe
2005-11-07 20:55 532,616 a------- c:\program files\ImageResizerPowertoySetup.exe
2005-11-04 16:33 4,860,993 -------- c:\program files\setup_reminder15_en.exe
2005-10-31 23:02 4,111,384 a------- c:\program files\Bookworm_setup.exe
2005-10-27 20:24 2,987,896 -------- c:\program files\leechget.exe
2005-10-13 15:56 2,844,880 -------- c:\program files\SFTPMSI.exe
2005-10-12 15:27 2,929,648 -------- c:\program files\123freepuzzle.exe
2005-07-28 20:52 2,149,327 -------- c:\program files\SudokuSetup.exe
2005-07-22 10:01 5,037,072 -------- c:\program files\spybotsd14.exe
2005-07-13 17:16 850,657 -------- c:\program files\mp3cdconverter.exe
2005-06-19 19:50 1,163,643 -------- c:\program files\wrar342.exe
2005-06-18 12:31 2,855,080 -------- c:\program files\aawsepersonal.exe
2005-05-21 16:05 2,109,895 -------- c:\program files\123free.exe
2005-05-20 18:49:27 -------- 1,682,834 c:\program files\free_spider.exe
2009-01-20 18:41 321 ---sh--- c:\windows\system32\3231149625.sys
2008-10-07 14:45 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100720081008\index.dat

============= FINISH: 19:42:26.37 ===============

Attached Files



#4 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:29 PM

Posted 14 May 2009 - 10:26 PM

Hello

Please download ATF-cleaner and save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser:

  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser:

  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Malwarebytes' Anti-Malware
  • Start Malwarebytes' Anti-Malware.
  • Click Update -tab and click Check for updates and update.
  • When updating is ready, Select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
    Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Please post Mbam results and a fresh HijackThis log :thumbup2:

Edited by Baabiouz, 14 May 2009 - 10:27 PM.

Posted Image

#5 jezwagg

jezwagg
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 15 May 2009 - 09:48 AM

Hi, I ran the ATF-Cleaner (it cleared out about 14mb).

I ran the Mbam full scan and the results are below (I note it found two viruses which seemed to be attached to Ad-Aware - this maybe a red herring as i only installed Ad-Aware after instigating this query.)

Also below the latest HijackThis Log

Thanks for your continuing help

Malwarebytes' Anti-Malware 1.36
Database version: 2133
Windows 5.1.2600 Service Pack 3

15/05/2009 12:31:23
mbam-log-2009-05-15 (12-31-23).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 170847
Time elapsed: 1 hour(s), 27 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Lavasoft\Ad-Aware\lsdelete.exe (Virus.Virut.T) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe (Virus.Virut.T) -> Quarantined and deleted successfully.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:50:09, on 15/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\system32\NILaunch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iWare\iWare Mouse\3.2\MOUSE32A.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer Provided by Wanadoo
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\system32\NILaunch.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\iWare\iWare Mouse\3.2\MOUSE32A.EXE
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/UK/install.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096375419796
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe

--
End of file - 8225 bytes

#6 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:29 PM

Posted 15 May 2009 - 11:27 AM

Hello.

Some bad news :thumbup2:

Your system is infected with a nasty variant of Virut, a polymorphic file infector with IRCBot functionality which infects .exe, .scr files, downloads more malicious files to your system, and opens a back door that compromises your computer. Virux is an even more complex file infector which also infects script files (.php, .asp, and .html). When Virut creates infected files, it also creates non-functional files that are corrupted beyond repair. In many cases the infected files cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files become corrupted and the system may become irreparable.

The virus has a number of bugs in its code, and as a result it may misinfect a proportion of executable files....some W32/Virut.h infections are corrupted beyond repair.

McAfee Risk Assessment and Overview of W32/Virut
This kind of infection is contracted and spread by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and an increasing source of system infection. However, the CA Security Advisor Research Blog says they have found MySpace user pages carrying the malicious Virut URL. Either way you can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

If your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. You should change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:There is no guarantee this infection can be completely removed. In some instances it may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Reinstalling Windows without first wiping the entire hard drive with a repartition and/or format will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system will still be there afterwards. Please read:
Posted Image

#7 jezwagg

jezwagg
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 20 May 2009 - 10:21 AM

Hi, sorry been away from my PC for a days. Clearly bad news and much to do. At present don't seem to be actually suffering much with the actual operation of the PC so should be able to take the necessary steps as recommended. I'll report back when hopefully everything is Ok. Thanks for your help. Any advice on reformatting and reloading would be welcome.

#8 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:29 PM

Posted 20 May 2009 - 11:07 AM

Hello

Some instructions how to reformat:
http://www.techspot.com/vb/topic53502.html
http://helpdesk.its.uiowa.edu/windows/inst...ns/reformat.htm :thumbup2:
Posted Image

#9 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:29 PM

Posted 26 May 2009 - 10:33 AM

This thread will now be closed.
If you need this topic reopened, please contact me.

This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image

#10 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:29 PM

Posted 17 June 2009 - 03:20 AM

Hello

Topic is no reopened.
Let's do scan with Dr.Web CureIt:

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.
    This is only a short scan.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
  • Back at the main window, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' i at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
    Posted Image
    If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Imageat the right, and the scan will start.
    his will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply
And then please run DDS and post its logs back here with Dr.Web CureIt log :thumbup2:
Posted Image

#11 jezwagg

jezwagg
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 17 June 2009 - 10:19 AM

Hi, Firstly thanks for your quick response.

I ran the Dr.Web scans and the log is as follows. The DDS log follows it. The attach log is attached.

OrangeFirefox.exe\data005;C:\Program Files\Orange\setup\OrangeFirefox.exe;Tool.Prockill;;
OrangeFirefox.exe;C:\Program Files\Orange\setup;Archive contains infected objects;Moved.;
A0005132.exe\data005;C:\System Volume Information\_restore{F0D9B5E0-E987-4D8E-9CED-6C70719A41E7}\RP16\A0005132.exe;Tool.Prockill;;
A0005132.exe;C:\System Volume Information\_restore{F0D9B5E0-E987-4D8E-9CED-6C70719A41E7}\RP16;Archive contains infected objects;Moved.;
A0003733.reg;C:\System Volume Information\_restore{F0D9B5E0-E987-4D8E-9CED-6C70719A41E7}\RP6;Trojan.StartPage.1505;Deleted.;



DDS (Ver_09-05-14.01) - NTFSx86
Run by GEOFF at 16:12:52.20 on Wed 06/17/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.121 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\GEOFF\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.orange.co.uk
uSearch Bar = hxxp://www.orange.co.uk/iesearch/
uInternet Connection Wizard,ShellNext = hxxp://www.orange.co.uk/
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Easy-PrintToolBox] c:\program files\canon\easy-printtoolbox\BJPSMAIN.EXE /logon
mRun: [CHotkey] mHotkey.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-16 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-16 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-16 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-16 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-16 298776]

=============== Created Last 30 ================

2009-06-17 14:12 <DIR> --d----- c:\documents and settings\geoff\DoctorWeb
2009-06-16 21:54 <DIR> --d----- C:\ATI
2009-06-16 21:47 <DIR> --d----- c:\program files\filehippo.com
2009-06-16 21:29 <DIR> --d----- c:\docume~1\geoff\applic~1\Malwarebytes
2009-06-16 21:28 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-16 21:28 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-16 21:28 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-16 21:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-16 21:23 1,071,088 a------- c:\windows\system32\MSCOMCTL.OCX
2009-06-16 21:23 118,784 a------- c:\windows\system32\MSSTDFMT.DLL
2009-06-16 21:23 <DIR> --d----- c:\program files\SpywareBlaster
2009-06-16 21:14 <DIR> --d----- c:\program files\Trend Micro
2009-06-16 20:19 754 a------- c:\windows\WORDPAD.INI
2009-06-16 20:16 477,184 a------- c:\windows\mHotkey.exe
2009-06-16 20:16 233,472 a------- c:\windows\InstIt.exe
2009-06-16 20:16 24,576 a------- c:\windows\HKNTDLL.dll
2009-06-16 20:16 5,280 a------- c:\windows\hotbtnv.vxd
2009-06-16 20:16 3,333 a------- c:\windows\NT4_98.reg
2009-06-16 20:16 3,329 a------- c:\windows\2K.reg
2009-06-16 20:16 3,323 a------- c:\windows\MeXP.reg
2009-06-16 20:16 491 a------- c:\windows\Instit.ini
2009-06-16 20:15 <DIR> --d----- C:\TV Tuner
2009-06-16 20:14 <DIR> --d----- C:\Sound
2009-06-16 20:13 3,548 a----r-- c:\windows\system32\drivers\WinFlash.sys
2009-06-16 20:11 221,184 a------- c:\windows\system32\wmpns.dll
2009-06-16 20:10 <DIR> --d----- c:\windows\RegisteredPackages
2009-06-16 20:07 <DIR> --d----- c:\windows\Cache
2009-06-16 18:07 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-06-16 16:59 <DIR> --d----- c:\docume~1\geoff\applic~1\OpenOffice.org
2009-06-16 16:56 <DIR> --d----- c:\program files\JRE
2009-06-16 16:56 <DIR> --d----- c:\program files\OpenOffice.org 3
2009-06-16 16:23 184 a------- c:\docume~1\geoff\applic~1\wklnhst.dat
2009-06-16 15:59 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-06-16 15:59 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-06-16 15:58 163,840 a------- c:\windows\BJPSUNST.EXE
2009-06-16 15:56 306,688 a------- c:\windows\IsUninst.exe
2009-06-16 15:56 <DIR> --d----- c:\windows\StartHtmico
2009-06-16 15:55 8,704 a------- c:\windows\system32\CNMVS78.DLL
2009-06-16 15:55 140,288 a------- c:\windows\system32\CNMLM78.DLL
2009-06-16 15:55 90,112 a----r-- c:\windows\system32\CNMCP78.exe
2009-06-16 15:53 <DIR> --d----- c:\program files\Canon
2009-06-16 15:15 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-06-16 15:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-06-16 15:08 <DIR> --d----- c:\program files\CCleaner
2009-06-16 14:12 664 a------- c:\windows\system32\d3d9caps.dat
2009-06-16 14:11 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-16 14:11 73,728 a------- c:\windows\system32\javacpl.cpl
2009-06-16 13:16 <DIR> --dsh--- c:\documents and settings\geoff\PrivacIE
2009-06-16 12:14 <DIR> --d----- c:\windows\system32\scripting
2009-06-16 12:14 <DIR> --d----- c:\windows\l2schemas
2009-06-16 12:14 <DIR> --d----- c:\windows\system32\en
2009-06-16 12:14 <DIR> --d----- c:\windows\system32\bits
2009-06-16 12:10 <DIR> --d----- c:\windows\ServicePackFiles
2009-06-16 12:06 <DIR> --d----- c:\windows\network diagnostic
2009-06-16 12:05 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-06-16 12:01 <DIR> --d----- c:\windows\EHome
2009-06-16 11:50 <DIR> --dsh--- c:\documents and settings\geoff\IETldCache
2009-06-16 11:45 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-16 11:45 1,985,024 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-06-16 11:45 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-16 11:45 11,064,832 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-06-16 11:45 <DIR> --d----- c:\windows\ie8updates
2009-06-16 11:45 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-16 11:43 <DIR> -cd-h--- c:\windows\ie8
2009-06-16 11:34 375,519 -c------ c:\windows\system32\dllcache\nuskin.wmv
2009-06-16 11:32 104,960 -------- c:\windows\system32\drivers\atinrvxx.sys
2009-06-16 11:15 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-06-16 11:15 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-06-16 11:15 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-06-16 11:15 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-06-16 11:15 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-06-16 11:15 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-06-16 11:15 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-16 11:15 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-06-16 11:15 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-06-16 11:15 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-06-16 11:15 2,189,056 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-06-16 11:15 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-06-16 11:14 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-06-16 11:13 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-06-16 11:13 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-06-16 11:12 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-06-16 11:12 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-06-16 11:11 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-06-16 11:11 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-06-16 11:11 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-06-16 11:11 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-06-16 11:00 <DIR> --dsh--- c:\documents and settings\geoff\UserData
2009-06-16 10:41 <DIR> --d----- c:\windows\system32\PreInstall
2009-06-16 10:41 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-06-16 10:40 <DIR> --d-h--- c:\windows\$hf_mig$
2009-06-16 10:29 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-16 10:29 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-06-16 10:29 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-16 10:29 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-06-16 10:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-06-16 10:29 <DIR> --d----- c:\program files\AVG
2009-06-16 10:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-06-16 10:21 583,774 a------- c:\windows\Orange_Vista.ico
2009-06-16 10:21 270,398 a------- c:\windows\Siemens.ico
2009-06-16 10:21 25,214 a------- c:\windows\Orange.ico
2009-06-16 10:21 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-06-16 10:21 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-06-16 10:20 122,176 a------- c:\windows\Uninstall_Siemens.EXE
2009-06-16 10:19 <DIR> --d----- c:\program files\Orange
2009-06-15 22:44 3,072 a------- c:\windows\system32\drivers\audstub.sys
2009-06-15 22:43 21,504 a------- c:\windows\system32\hidserv.dll
2009-06-15 22:43 57,600 a------- c:\windows\system32\drivers\redbook.sys
2009-06-15 22:43 6,400 a------- c:\windows\system32\drivers\enum1394.sys
2009-06-15 22:43 44,672 a------- c:\windows\system32\drivers\uagp35.sys
2009-06-15 22:43 32,768 a------- c:\windows\system32\drivers\sisnic.sys
2009-06-15 22:42 74,240 a------- c:\windows\system32\usbui.dll
2009-06-15 22:41 <DIR> --d----- c:\program files\common files\ODBC
2009-06-15 22:41 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-06-15 22:41 <DIR> --d--r-- c:\documents and settings\all users\Documents
2009-06-15 22:40 1,086,058 a----r-- c:\windows\SET4.tmp
2009-06-15 22:40 1,042,903 a----r-- c:\windows\SET3.tmp
2009-06-15 22:40 <DIR> --d----- c:\windows\system32\CatRoot2
2009-06-15 22:40 <DIR> --d----- c:\windows\system32\CatRoot
2009-06-15 22:40 <DIR> --d----- C:\Documents and Settings
2009-06-15 22:39 302 a------- c:\windows\system32\$winnt$.inf
2009-06-15 21:50 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-06-15 21:50 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-06-15 21:49 <DIR> --d----- c:\program files\common files\MSSoap
2009-06-15 21:47 <DIR> --d----- c:\program files\Online Services
2009-06-15 21:47 <DIR> --d----- c:\program files\Messenger
2009-06-15 21:47 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-06-15 21:46 <DIR> --d----- c:\program files\Windows NT

==================== Find3M ====================

2009-06-16 12:18 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-15 21:48 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-05-13 06:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 16:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-17 13:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 15:51 585,216 a------- c:\windows\system32\rpcrt4.dll

============= FINISH: 16:13:37.92 ===============

Attached Files



#12 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:29 PM

Posted 17 June 2009 - 10:32 AM

Hello

Logs are looking ok. I don't see anything else than old Java version.

Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):

Java™ 6 Update 13



How's pc working?
Posted Image

#13 jezwagg

jezwagg
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 17 June 2009 - 10:50 AM

Hi,

I've removed the old Java. Open Office insisted on downloading that version even though I already had 14. The computer operates fine except for this problem. In taskmgr processes iexplore.exe starts with a mem usage of about 40,000K and as each new website browsed (on the same tab) works it's way up towards 150,000K and beyond at which point the the PC starts working hard wih the fan kicking in.

Running scans usually makes the system work equally hard, although the .exe files don't grow.

#14 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:29 PM

Posted 17 June 2009 - 11:01 AM

It's normal that scannings make computer slow... Have you downloaded all updates from windows update?
Posted Image

#15 jezwagg

jezwagg
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 17 June 2009 - 02:14 PM

I found two priority updates I didn't have:

KB951847 Microsoft.Net frammework 3.5 SP1 & Net 3.5 Family Updates for .Net versions 2.0 to 3.5
KB961118 Windows XP

I've now downloaded them and rebooted. iexplore.exe problem continues.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users