Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible infection?


  • This topic is locked This topic is locked
8 replies to this topic

#1 holeechow85

holeechow85

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 16 May 2009 - 12:59 AM

Hello,

I created a partition for programs and such on my HDD nearly a week ago, and it was fine until recently. Two days ago, it stated at least 100 GB free space was available. Last night, it was nearly zero. Needless to say, I was shocked. I'm literally unable to download, install, or save anything to that partition. The other partition with the OS (Vista Ultimate 64-bit) seems to be fine. Internet Explorer and Firefox are running normally with no signs of slowing down.

However, as I've tried this several times, but the CCleaner has yet to go beyond the 28% mark on the Windows section, and it's always at the same file location: D:\$Recycle.Bin...

The D:\ is the partition with issues. Also, now and then, AVG would send a pop-up stating that it has discovered a trojan, but whenever I tried to get rid of it or move it to the vault, it said the decision was canceled by the user.

Also, I'm unable to edit the Hosts file despite turning off the "Read Only" option on its properties menu.

I ran HijackThis, came up with a ref file, then disabled all real-time protection. I skipped the Uninstall Programs step because there were no suspicious programs that needed uninstalling. After that, I ran CCleaner to the best of its ability (both in safe mode and regular), then Spybot Search & Destroy and Windows Defender at the same time. They turned up no results.

Then I ran an online antivirus scan, which was F-Secure Online Virus Scanner. It turned up one malware and a few spywares, but I didn't write down what they were. F-Secure was able to remove all but one (I don't remember what it was). I also ran Windows Live OneCare Safety Scanner, but since I use the 64-bit version of Vista Ultimate, I could only use the beta version of the scanner. It took forever to scan, and eventually I ended it because it was stuck on scanning the registry. I tried to run BitDefender Online and Trend Micro Housecall, but they would not respond.

The first HT scan results:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:39:28 PM, on 5/15/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\RocketDock\RocketDock.exe
C:\Program Files (x86)\AIM6\aim6.exe
D:\avgtray.exe
C:\Program Files (x86)\AIM6\aolsoftware.exe
D:\CCleaner\CCleaner.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG8_TRAY] D:\avgtray.exe
O4 - HKCU\..\Run: [ccleaner] "D:\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [RocketDock] "D:\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\avgpp.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\avgwdsvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files (x86)\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - D:\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TabletServicePen - Unknown owner - C:\Windows\system32\Pen_Tablet.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - D:\UpdateCenterService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7954 bytes

The second HT scan results after the cleaning and such:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:57 AM, on 5/16/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\RocketDock\RocketDock.exe
C:\Program Files (x86)\AIM6\aim6.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
D:\avgtray.exe
C:\Program Files (x86)\AIM6\aolsoftware.exe
D:\CCleaner\CCleaner.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\JGsoft\EditPadLite\EditPadLite.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG8_TRAY] D:\avgtray.exe
O4 - HKCU\..\Run: [ccleaner] "D:\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [RocketDock] "D:\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab
O16 - DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} (F-Secure Online Scanner 4.0 Launcher) - http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\avgpp.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\avgwdsvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files (x86)\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - D:\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TabletServicePen - Unknown owner - C:\Windows\system32\Pen_Tablet.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - D:\UpdateCenterService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8498 bytes

Update!

I ran AVG again today, and it found many tracking cookies in Firefox's Roaming Data stuff and cleaned them. I also ran BitDefender Online Antivirus Scanner (actually is still running now), but out of curiosity's sake, I checked on the problematic partition. To my surprise, it suddenly has around 113 GB of free space. I don't know what to make of it. I'm still a bit suspicious and paranoid, to be frank.

Edited by holeechow85, 16 May 2009 - 04:06 PM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:23 PM

Posted 30 May 2009 - 01:22 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HERE

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 holeechow85

holeechow85
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 02 June 2009 - 04:30 PM

Hello,

The situation is now different. Since then, I've formatted the partition and installed a fresh copy of Vista Ultimate 32-bit with SP1. Everything appeared to be fine until yesterday, when the programs took so long to start up after booting. I'm talking about like the antivirus protections and CCleaner, let alone Firefox or any other program. In addition to the slow start (I already checked for any auto startup programs, and there are very few), a program will not work. Every single time I try to start it, I eventually have to close it out and it's always because of some AppHang B1 error.

Not too long ago, I was running an utility program when suddenly there was a blue screen that only stayed on screen for so long befoe the computer shut itself down.

I attached a zipped DDS file, by the way...


DDS (Ver_09-05-14.01) - NTFSx86
Run by August at 16:16:34.50 on Tue 06/02/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista Black Edition™ 2009 6.0.6001.1.1252.1.1033.18.3006.1647 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\JGsoft\EditPadLite\EditPadLite.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Users\August\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {755E5192-92B5-363F-BBB4-4BEDC2FF8DB0} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
uRun: [ccleaner] "c:\program files\ccleaner\ccleaner.exe" /AUTO
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [<NO NAME>]
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\august\appdata\roaming\mozilla\firefox\profiles\on0f62ve.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.inbox.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?&q=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\users\august\appdata\roaming\mozilla\firefox\profiles\on0f62ve.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-5-27 51472]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-5-27 39184]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-27 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-27 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-5-27 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-27 298776]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-5-28 1153368]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-6-1 3032360]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l160x86.sys [2009-4-27 47104]
R3 samhidb;samhidb;c:\windows\system32\drivers\samhidb.sys [2009-6-1 22391]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-5-27 33040]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo winoptimizer 6\DfSdkS.exe [2009-6-2 410976]
S3 FKFAP;FKFAP;c:\program files\perfect uninstaller\FKFAP.sys [2009-6-2 13760]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-6-1 15144]

=============== Created Last 30 ================

2009-06-02 16:01 694,964 a------- c:\windows\system32\PerfStringBackup.TMP
2009-06-02 03:25 42 a------- c:\windows\system32\Jiii_PNUCT.pnc
2009-06-02 03:24 42 a------- c:\windows\system32\AK083E209605E394C.lie
2009-06-02 03:24 <DIR> --d----- c:\program files\Perfect Uninstaller
2009-06-02 02:51 <DIR> --d----- c:\users\august\appdata\roaming\Malwarebytes
2009-06-02 02:51 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-02 02:50 <DIR> --d----- c:\programdata\Malwarebytes
2009-06-02 02:50 <DIR> --d----- c:\progra~2\Malwarebytes
2009-06-02 02:50 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-02 02:50 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-02 02:25 39,776 a------- c:\windows\system32\DfSdkBt64.exe
2009-06-02 02:25 33,632 a------- c:\windows\system32\DfSdkBt.exe
2009-06-02 02:24 <DIR> --d----- c:\program files\Ashampoo
2009-06-02 02:08 <DIR> --d----- c:\programdata\FLEXnet
2009-06-01 23:51 76,821,352 a------- c:\windows\system32\xa7274326.exe
2009-06-01 23:51 76,821,352 a------- c:\windows\system32\xa7270176.exe
2009-06-01 23:35 654,208 a------- C:\autoruns.exe
2009-06-01 23:35 546,688 a------- C:\autorunsc.exe
2009-06-01 23:35 49,244 a------- C:\autoruns.chm
2009-06-01 23:22 180 a------- c:\windows\system32\sam.ini
2009-06-01 23:18 2,297,552 a------- c:\windows\system32\d3dx9_26.dll
2009-06-01 23:09 <DIR> --d----- c:\windows\system32\directx
2009-06-01 23:08 <DIR> --d----- c:\programdata\Apple Computer
2009-06-01 23:07 <DIR> --d----- c:\programdata\Apple
2009-06-01 23:07 <DIR> --d----- c:\program files\FeedStation
2009-06-01 23:07 <DIR> --d----- c:\program files\FeedDemon
2009-06-01 23:06 <DIR> --d----- c:\programdata\DVD Shrink
2009-06-01 23:06 <DIR> --d----- c:\program files\DVD Shrink
2009-06-01 21:45 <DIR> --d----- c:\programdata\ZoomBrowser
2009-06-01 21:45 <DIR> --d----- c:\progra~2\ZoomBrowser
2009-06-01 21:45 <DIR> --d----- c:\program files\Canon
2009-06-01 21:44 <DIR> --d----- c:\program files\common files\Canon
2009-06-01 21:42 <DIR> --d----- c:\users\august\appdata\roaming\WTablet
2009-06-01 21:41 1,532,082 -------- c:\windows\system32\PenTablet.znc
2009-06-01 21:41 3,708,200 -------- c:\windows\system32\PenTablet.cpl
2009-06-01 21:41 11,440 a------- c:\windows\system32\drivers\WacomVKHid.sys
2009-06-01 21:40 13,480 a------- c:\windows\system32\drivers\wacomvhid.sys
2009-06-01 21:40 11,312 a------- c:\windows\system32\drivers\wacommousefilter.sys
2009-06-01 21:40 15,144 a------- c:\windows\system32\drivers\wacmoumonitor.sys
2009-06-01 21:40 <DIR> --d----- c:\windows\system32\WTablet
2009-06-01 21:40 181,544 -------- c:\windows\system32\Wintab32.dll
2009-06-01 21:40 128,296 -------- c:\windows\system32\Pen_Tablet.dll
2009-06-01 21:40 3,032,360 -------- c:\windows\system32\Pen_Tablet.exe
2009-06-01 21:40 <DIR> --d----- c:\program files\Tablet
2009-06-01 21:37 487,424 a------- c:\windows\system32\FDRpage910.dll
2009-06-01 21:37 77,824 a------- c:\windows\system32\FDRdriver910.dll
2009-06-01 21:37 22,391 a------- c:\windows\system32\drivers\samhidb.sys
2009-06-01 21:37 <DIR> --d----- c:\program files\PHILIPS
2009-06-01 21:37 208,896 a------- c:\windows\system32\CreateDir910.exe
2009-06-01 21:28 <DIR> --d----- c:\program files\Nero
2009-06-01 21:28 <DIR> --d----- c:\programdata\Nero
2009-06-01 21:28 <DIR> --d----- c:\progra~2\Nero
2009-06-01 21:10 176,128 a------- c:\windows\system32\wr92723.dll
2009-06-01 21:10 76,821,352 a------- c:\windows\system32\xa5108939.exe
2009-06-01 21:10 76,821,352 a------- c:\windows\system32\xa5099828.exe
2009-06-01 21:08 5,018 a--sh--- c:\programdata\KGyGaAvL.sys
2009-06-01 21:08 5,018 a--sh--- c:\progra~2\KGyGaAvL.sys
2009-06-01 21:08 8 ---shr-- c:\programdata\17F5BB1DAC.sys
2009-06-01 21:08 8 ---shr-- c:\progra~2\17F5BB1DAC.sys
2009-06-01 21:08 <DIR> --d----- c:\program files\common files\Corel
2009-06-01 21:08 <DIR> --d----- c:\program files\common files\Protexis
2009-06-01 21:08 <DIR> --d----- c:\programdata\Corel
2009-06-01 21:08 <DIR> --d----- c:\progra~2\Corel
2009-06-01 21:07 <DIR> --d----- c:\program files\Corel
2009-06-01 20:28 <DIR> --d----- c:\programdata\ALM
2009-06-01 20:28 <DIR> --d----- c:\progra~2\ALM
2009-06-01 20:24 <DIR> --d----- c:\program files\common files\PX Storage Engine
2009-06-01 20:15 22,872 a----r-- c:\windows\system32\AdobePDFUI.dll
2009-06-01 20:05 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-05-30 02:30 <DIR> --d----- c:\programdata\Adobe
2009-05-30 02:04 <DIR> --d----- c:\users\august\appdata\roaming\VSRevoGroup
2009-05-30 00:49 <DIR> --d----- c:\windows\system32\EventProviders
2009-05-30 00:49 <DIR> --d----- C:\3094747c6669ea6c6d
2009-05-29 22:49 <DIR> --d----- c:\program files\MSXML 4.0
2009-05-29 12:22 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-05-29 03:22 <DIR> --d----- c:\programdata\Yahoo!
2009-05-29 03:22 <DIR> --d----- c:\program files\Yahoo!
2009-05-29 00:53 <DIR> --d----- c:\programdata\WEBREG
2009-05-29 00:53 <DIR> --d----- c:\progra~2\WEBREG
2009-05-29 00:48 <DIR> --d----- c:\programdata\Hewlett-Packard
2009-05-29 00:45 <DIR> --d----- c:\programdata\HPSSUPPLY
2009-05-29 00:43 <DIR> --d----- c:\programdata\HP Product Assistant
2009-05-29 00:43 <DIR> --d----- c:\program files\common files\HP
2009-05-29 00:42 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2009-05-29 00:41 267,864 a------- c:\windows\system32\hpzids01.dll
2009-05-29 00:39 <DIR> --d----- c:\program files\HP
2009-05-29 00:39 147,622 a------- c:\windows\hpoins21.dat
2009-05-29 00:38 <DIR> --d----- c:\programdata\HP
2009-05-28 20:01 32,656 a------- c:\windows\system32\msonpmon.dll
2009-05-28 19:55 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2009-05-28 19:55 <DIR> --d----- c:\programdata\Microsoft Help
2009-05-28 19:53 <DIR> --d----- c:\windows\Application Data
2009-05-28 12:44 <DIR> --d----- c:\program files\uTorrent
2009-05-28 12:44 <DIR> --d----- c:\users\august\appdata\roaming\uTorrent
2009-05-28 01:04 <DIR> --d----- c:\program files\IZArc
2009-05-28 00:55 <DIR> --d----- c:\users\august\Tracing
2009-05-28 00:53 <DIR> --d----- c:\program files\Microsoft
2009-05-28 00:52 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-05-28 00:51 <DIR> --d----- c:\windows\PCHEALTH
2009-05-28 00:47 <DIR> --d----- c:\programdata\Viewpoint
2009-05-28 00:47 <DIR> --d----- c:\progra~2\Viewpoint
2009-05-28 00:47 <DIR> --d----- c:\program files\Viewpoint
2009-05-28 00:47 <DIR> --d----- c:\programdata\acccore
2009-05-28 00:47 <DIR> --d----- c:\progra~2\acccore
2009-05-28 00:46 <DIR> --d----- c:\programdata\AOL OCP
2009-05-28 00:46 <DIR> --d----- c:\programdata\AOL
2009-05-28 00:45 <DIR> --d----- c:\program files\common files\AOL
2009-05-28 00:45 <DIR> --d----- c:\program files\common files\Windows Live
2009-05-28 00:44 <DIR> --d----- c:\program files\AIM6
2009-05-28 00:44 366 a---h--- C:\IPH.PH
2009-05-28 00:43 <DIR> --d----- c:\program files\Trend Micro
2009-05-28 00:34 <DIR> --d----- c:\windows\SendTo
2009-05-28 00:34 68,232 a------- c:\windows\UnDeployV.exe
2009-05-28 00:34 <DIR> --d----- c:\program files\JGsoft
2009-05-28 00:18 <DIR> --d----- c:\windows\Panther
2009-05-28 00:18 8,192 a--s-r-- C:\BOOTSECT.BAK
2009-05-28 00:18 333,257 a--shr-- C:\bootmgr
2009-05-28 00:18 <DIR> --dsh--- C:\Boot
2009-05-28 00:18 171,136 a--shr-- C:\grldr
2009-05-28 00:18 59 a----r-- c:\windows\DELL_VERSION
2009-05-28 00:18 <DIR> --d----- c:\windows\system32\OEM
2009-05-28 00:17 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-05-28 00:17 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-05-28 00:17 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-05-28 00:13 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-27 23:59 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-27 23:59 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-27 23:59 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-27 23:59 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-05-27 23:39 <DIR> --d----- c:\users\august\appdata\roaming\Auslogics
2009-05-27 23:38 <DIR> --d----- c:\program files\Auslogics
2009-05-27 23:29 <DIR> --d----- c:\program files\VS Revo Group
2009-05-27 23:24 801,312 a------- c:\windows\system32\nvcplui.exe
2009-05-27 23:24 453,152 a------- c:\windows\system32\nvuninst.exe
2009-05-27 23:24 420,384 a------- c:\windows\system32\nvcpl.cpl
2009-05-27 23:24 313,888 a------- c:\windows\system32\nvexpbar.dll
2009-05-27 23:23 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-05-27 23:07 106,605 a------- c:\windows\system32\StructuredQuerySchema.bin
2009-05-27 23:07 18,904 a------- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2009-05-27 23:07 11,776 a------- c:\windows\system32\msshooks.dll
2009-05-27 23:04 2,048 a------- c:\windows\system32\tzres.dll
2009-05-27 22:59 <DIR> --d----- c:\programdata\avg8
2009-05-27 22:59 <DIR> --d----- c:\program files\AVG
2009-05-27 22:59 <DIR> --d----- c:\progra~2\avg8
2009-05-27 22:44 <DIR> --dsh--- c:\windows\Installer
2009-05-27 22:41 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-05-27 22:41 97,800 a------- c:\windows\system32\infocardapi.dll
2009-05-27 22:41 622,080 a------- c:\windows\system32\icardagt.exe
2009-05-27 22:41 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-05-27 22:41 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-05-27 22:41 11,264 a------- c:\windows\system32\icardres.dll
2009-05-27 22:41 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-05-27 22:41 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-05-27 22:37 <DIR> a-d----- c:\programdata\TEMP
2009-05-27 22:37 51,472 a------- c:\windows\system32\drivers\TfFsMon.sys
2009-05-27 22:37 39,184 a------- c:\windows\system32\drivers\TfSysMon.sys
2009-05-27 22:37 33,040 a------- c:\windows\system32\drivers\TfNetMon.sys
2009-05-27 22:37 12,560 a------- c:\windows\system32\drivers\TfKbMon.sys
2009-05-27 22:37 <DIR> --d----- c:\programdata\PC Tools
2009-05-27 22:37 <DIR> --d----- c:\program files\ThreatFire
2009-05-27 22:37 <DIR> --d----- c:\progra~2\PC Tools
2009-05-27 22:37 96,760 a------- c:\windows\system32\dfshim.dll
2009-05-27 22:37 282,112 a------- c:\windows\system32\mscoree.dll
2009-05-27 22:37 41,984 a------- c:\windows\system32\netfxperf.dll
2009-05-27 22:37 158,720 a------- c:\windows\system32\mscorier.dll
2009-05-27 22:37 83,968 a------- c:\windows\system32\mscories.dll
2009-05-27 22:36 1,108,512 a------- c:\windows\system32\nvcpluir.dll
2009-05-27 22:29 <DIR> --d----- c:\program files\RocketDock
2009-05-27 22:21 <DIR> --d----- c:\windows\pss
2009-05-27 22:08 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-05-27 22:08 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-05-27 22:08 801,280 a------- c:\windows\system32\NaturalLanguage6.dll
2009-05-27 22:03 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-05-27 22:03 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-05-27 22:02 428,544 a------- c:\windows\system32\EncDec.dll
2009-05-27 22:02 217,088 a------- c:\windows\system32\psisrndr.ax
2009-05-27 22:02 293,376 a------- c:\windows\system32\psisdecd.dll
2009-05-27 22:02 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-05-27 22:02 80,896 a------- c:\windows\system32\MSNP.ax
2009-05-27 22:02 57,856 a------- c:\windows\system32\MSDvbNP.ax
2009-05-27 21:59 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-05-27 21:58 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-05-27 21:57 180,224 a------- c:\windows\system32\scrobj.dll
2009-05-27 21:57 172,032 a------- c:\windows\system32\scrrun.dll
2009-05-27 21:57 155,648 a------- c:\windows\system32\wscript.exe
2009-05-27 21:57 135,168 a------- c:\windows\system32\wshom.ocx
2009-05-27 21:57 135,168 a------- c:\windows\system32\cscript.exe
2009-05-27 21:57 90,112 a------- c:\windows\system32\wshext.dll
2009-05-27 21:56 2,033,152 a------- c:\windows\system32\win32k.sys
2009-05-27 21:56 2,868,736 a------- c:\windows\system32\mf.dll
2009-05-27 21:56 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-05-27 21:56 94,720 a------- c:\windows\system32\logagent.exe
2009-05-27 21:56 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2009-05-27 21:56 738,304 a------- c:\windows\system32\inetcomm.dll
2009-05-27 21:55 1,314,816 a------- c:\windows\system32\quartz.dll
2009-05-27 21:55 1,645,568 a------- c:\windows\system32\connect.dll
2009-05-27 21:54 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-05-27 21:47 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-05-27 21:46 83,456 a------- c:\windows\system32\wudriver.dll
2009-05-27 21:46 162,064 a------- c:\windows\system32\wuwebv.dll
2009-05-27 21:46 31,232 a------- c:\windows\system32\wuapp.exe
2009-05-27 21:40 <DIR> --d----- c:\windows\system32\Attansic
2009-05-27 21:40 37,376 a------- c:\windows\system32\drivers\atl01_03.sys
2009-05-27 21:37 <DIR> --d----- c:\programdata\NVIDIA
2009-05-27 21:33 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-05-27 21:33 <DIR> --d----- c:\program files\Utilities
2009-05-27 21:33 <DIR> --d----- c:\program files\CCleaner
2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2009-06-01 21:41 86,016 a------- c:\windows\inf\infstrng.dat
2009-06-01 21:41 51,200 a------- c:\windows\inf\infpub.dat
2009-06-01 21:41 86,016 a------- c:\windows\inf\infstor.dat
2009-05-27 23:25 174 a--sh--- c:\program files\desktop.ini
2009-05-27 23:20 665,600 a------- c:\windows\inf\drvindex.dat
2009-04-27 01:55 47,104 a------- c:\windows\system32\drivers\l160x86.sys
2009-03-16 22:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-16 22:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-16 22:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-16 14:18 517,448 a------- c:\windows\system32\XAudio2_4.dll
2009-03-16 14:18 235,352 a------- c:\windows\system32\xactengine3_4.dll
2009-03-16 14:18 69,448 a------- c:\windows\system32\XAPOFX1_3.dll
2009-03-16 14:18 22,360 a------- c:\windows\system32\X3DAudio1_6.dll
2009-03-09 15:27 4,178,264 a------- c:\windows\system32\D3DX9_41.dll
2009-03-09 15:27 1,846,632 a------- c:\windows\system32\D3DCompiler_41.dll
2009-03-09 15:27 453,456 a------- c:\windows\system32\d3dx10_41.dll
2009-03-08 06:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 06:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 06:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 06:33 109,056 a------- c:\windows\system32\iesysprep.dll
2009-03-08 06:33 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-03-08 06:33 132,608 a------- c:\windows\system32\ieUnatt.exe
2009-03-08 06:33 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 06:33 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 06:33 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-03-08 06:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 06:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 06:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 06:32 66,560 a------- c:\windows\system32\wextract.exe
2009-03-08 06:32 169,472 a------- c:\windows\system32\iexpress.exe
2009-03-08 06:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 06:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 06:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 06:22 156,160 a------- c:\windows\system32\msls31.dll
2006-11-02 07:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-07-17 08:04 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 16:17:44.87 ===============

Attached Files



#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:23 AM

Posted 03 June 2009 - 07:36 PM

Hi holeechow85,

I can't see any infections on any of the logs.

I can see that AppHang B1 is causing the problem so please visit this link.

Please run through the options to see if that helps.

Post back if you need any other help but the logs are all clean. If you do manage to get the browser back and you still suspect malware then post back with a new DDS log and we'll have a good look into your PC.
Posted Image
m0le is a proud member of UNITE

#5 holeechow85

holeechow85
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 04 June 2009 - 01:18 PM

Oh, I should have mentioned earlier that the program in the question is Corel Painter SketchPad--it's the one with the AppHang B1 problem. I don't know if the fix for IE will work for Corel?

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:23 AM

Posted 04 June 2009 - 04:19 PM

Oh, right. That probably won't fix it then.

Is the Corel program the only one that hangs then?
Posted Image
m0le is a proud member of UNITE

#7 holeechow85

holeechow85
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 04 June 2009 - 05:53 PM

Insofar as I can see, yes. All other major programs seem to be working properly. I've uninstalled and re-installed the program many times, only to get the same problem.

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:23 AM

Posted 04 June 2009 - 06:24 PM

You would be better to try this forum, holeechow85:

Graphics Design and Photo Editing


It's not a malware issue though so I can say....

Okay, your log is clean. Good stuff! :thumbup2:

Let's firstly do some housekeeping

I don't see an Anti Virus Program running on your machine
  • Download and install an antivirus program, and make sure that you keep it updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Two good antivirus programs free for non-commercial home use are Avast! and Antivir
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
Please set your system to hide all hidden files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders.
Check: Hide file extensions for known file types
Check the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Here's a list of ways you can avoid problems in the future:

Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Other recommended, and free, AntiSpyware programs are Spybot - Search and Destroy and Ad-Aware Personal.

Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Tutorials on using these programs can be found below:

Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer


That's it, good luck with your app problem.

Happy surfing!

Cheers,


m0le
Posted Image
m0le is a proud member of UNITE

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:23 AM

Posted 10 June 2009 - 03:54 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :thumbup2:

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users