Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow computer, Adds popping up on each page I browse


  • This topic is locked This topic is locked
5 replies to this topic

#1 502master

502master

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 29 May 2009 - 08:53 PM

This computer is used by several people. It is now very slow, and ads pop up, also things shut down at random. Dell inspiron 1521 running vista. Please help us fix this.





DDS (Ver_09-05-14.01) - NTFSx86
Run by Jennifer at 18:45:09.09 on Fri 05/29/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.893.166 [GMT -7:00]

AV: Windows Live OneCare *On-access scanning enabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Windows Live OneCare *enabled* (Updated) {CC7E50BA-BA8C-4DDE-B5AC-EA53BC38D01B}
FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hide My IP 2009\SecureSrv.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\IpSharkk\IpSharkk.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Jennifer\Desktop\dds.scr

============== Pseudo HJT Report ===============

uWindow Title = Internet Explorer provided by Dell
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071011
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071011
mStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mSearchAssistant =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: CoffeeCup Software Popup Blocker: {49e0e0f0-5c30-11d4-945d-010002000012} - c:\progra~1\coffee~1\popupb~1\CCPOPB~1.DLL
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No File
uRun: [Aim6]
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [IpSharkk] "c:\program files\ipsharkk\IpSharkk.exe" /auto
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [<NO NAME>]
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [%PROVIDERID%] "bin\sprtcmd.exe" /P %PROVIDERID%
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [iLike] c:\program files\ilike\1.2.13\ilikesidebar.exe /checkforupdate
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\SecureNet.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\480\G2AWinLogon.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\jennifer\appdata\roaming\mozilla\firefox\profiles\o38ezb30.default\
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\jennifer\appdata\roaming\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\users\jennifer\appdata\roaming\mozilla\firefox\profiles\o38ezb30.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 anf0100.sys;anf0100.sys;c:\windows\system32\drivers\anf0100.sys [2009-5-28 9728]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2007-11-6 73728]
R2 HssSrv;Hotspot Shield Routing Service;c:\program files\hotspot shield\hsswpr\hsssrv.exe [2009-5-20 331312]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2009-3-22 24936]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-5-7 1153368]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-17 24652]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\HssDrv.sys [2009-5-20 33840]
R3 SecureSrv;SecureSrv;c:\program files\hide my ip 2009\SecureSrv.exe [2009-5-29 1691648]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\hotspot shield\bin\HssTrayService.exe [2009-5-20 34352]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2007-4-4 38272]
S3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\drivers\sustucap.sys [2007-4-4 38272]
S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2007-4-4 21376]

=============== Created Last 30 ================

2009-05-29 11:26 <DIR> --d----- C:\Hotspot Shield
2009-05-29 11:24 <DIR> --d----- c:\windows\LastGood.Tmp
2009-05-29 11:23 <DIR> --d----- c:\program files\Hotspot Shield
2009-05-29 11:07 163,840 a------- c:\windows\system32\SecureNet.dll
2009-05-29 11:06 <DIR> --d----- c:\program files\Hide My IP 2009
2009-05-28 05:53 9,728 a------- c:\windows\system32\drivers\anf0100.sys
2009-05-28 05:53 <DIR> --d----- c:\program files\IpSharkk
2009-05-26 16:28 <DIR> --d----- c:\program files\Trend Micro
2009-05-20 12:54 33,840 a------- c:\windows\system32\drivers\HssDrv.sys
2009-05-14 20:22 <DIR> --d----- c:\program files\Wedding Dash 2
2009-05-14 11:08 27,136 a------- c:\windows\system32\drivers\tapvpn.sys
2009-05-07 12:11 <DIR> --d----- c:\users\jennifer\appdata\roaming\Malwarebytes
2009-05-07 12:11 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-07 12:11 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-07 12:11 <DIR> --d----- c:\programdata\Malwarebytes
2009-05-07 12:11 <DIR> --d----- c:\progra~2\Malwarebytes
2009-05-07 12:11 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-07 11:37 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-05-07 11:37 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-05-07 11:37 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy

==================== Find3M ====================

2009-05-29 18:12 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-29 11:25 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-29 11:25 51,200 a------- c:\windows\inf\infpub.dat
2009-05-29 11:25 86,016 a------- c:\windows\inf\infstor.dat
2009-03-16 20:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-16 20:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-16 20:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 109,056 a------- c:\windows\system32\iesysprep.dll
2009-03-08 04:33 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-03-08 04:33 132,608 a------- c:\windows\system32\ieUnatt.exe
2009-03-08 04:33 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 04:33 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 04:33 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:32 66,560 a------- c:\windows\system32\wextract.exe
2009-03-08 04:32 169,472 a------- c:\windows\system32\iexpress.exe
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-02 21:46 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-02 21:46 3,547,632 a------- c:\windows\system32\ntoskrnl.exe
2009-03-02 21:39 183,296 a------- c:\windows\system32\sdohlp.dll
2009-03-02 21:39 551,424 a------- c:\windows\system32\rpcss.dll
2009-03-02 21:39 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-02 21:37 98,304 a------- c:\windows\system32\iasrecst.dll
2009-03-02 21:37 54,784 a------- c:\windows\system32\iasads.dll
2009-03-02 21:37 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-03-02 20:04 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-02 19:38 17,408 a------- c:\windows\system32\iashost.exe
2008-10-11 18:20 25,600 a------- c:\users\jennifer\usbsermptxp.sys
2008-10-11 18:20 22,768 a------- c:\users\jennifer\usbsermpt.sys
2008-06-27 14:18 174 a--sh--- c:\program files\desktop.ini
2008-06-27 14:02 665,600 a------- c:\windows\inf\drvindex.dat
2007-11-05 16:15 60,968 a------- c:\users\jennifer\GoToAssistDownloadHelper.exe
2006-11-02 05:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2002-07-31 20:55 106 ---sh--- c:\windows\WSYS049.SYS
2008-10-11 17:46 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-10-11 17:46 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-10-11 17:46 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 18:45:51.34 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:51 AM

Posted 10 June 2009 - 10:29 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 502master

502master
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 15 June 2009 - 10:44 AM

Seems to be running really slow.


DDS (Ver_09-05-14.01) - NTFSx86
Run by Jennifer at 8:41:13.22 on Mon 06/15/2009
Internet Explorer: 8.0.6001.18783 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.893.280 [GMT -7:00]

AV: Windows Live OneCare *On-access scanning enabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Windows Live OneCare *enabled* (Updated) {CC7E50BA-BA8C-4DDE-B5AC-EA53BC38D01B}
FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Hide My IP 2009\SecureSrv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Program Files\Vuze\Azureus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jennifer\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071011
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071011
mStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mSearchAssistant =
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: CoffeeCup Software Popup Blocker: {49e0e0f0-5c30-11d4-945d-010002000012} - c:\progra~1\coffee~1\popupb~1\CCPOPB~1.DLL
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows

live\WindowsLiveLogin.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No File
uRun: [Aim6]
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [IpSharkk] "c:\program files\ipsharkk\IpSharkk.exe" /auto
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [<NO NAME>]
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [%PROVIDERID%] "bin\sprtcmd.exe" /P %PROVIDERID%
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Recordpad] "c:\program files\nch swift sound\recordpad\recordpad.exe" -logon
StartupFolder: c:\users\jennifer\appdata\roaming\micros~1\windows\startm~1\programs\startup\memoni~1.lnk - c:\program files\sprint music

manager\MEMonitor.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AIM Toolbar Search - c:\programdata\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web

printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\SecureNet.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\480\G2AWinLogon.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\jennifer\appdata\roaming\mozilla\firefox\profiles\o38ezb30.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\jennifer\appdata\roaming\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\users\jennifer\appdata\roaming\mozilla\firefox\profiles\o38ezb30.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\HssDrv.sys [2009-5-20 33840]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2007-4-4 47360]
S3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\drivers\sustucap.sys [2007-4-4 47360]
S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2007-4-4 28032]

=============== Created Last 30 ================

2009-06-14 07:53 <DIR> --d----- c:\programdata\PlayPond
2009-06-14 07:53 <DIR> --d----- c:\progra~2\PlayPond
2009-06-09 20:35 <DIR> --d----- c:\users\jennifer\appdata\roaming\Mp3 Editor for Free
2009-06-09 20:35 479,232 a------- c:\windows\system32\NCTAudioVisualization2.dll
2009-06-09 20:35 348,160 a------- c:\windows\system32\NCTWMAFile2.dll
2009-06-09 20:35 113,486 a------- c:\windows\system32\NCTWMAProfiles.prx
2009-06-09 20:35 1,986,560 a------- c:\windows\system32\NCTAudioFile2.dll
2009-06-09 20:35 1,212,416 a------- c:\windows\system32\NCTAudioInformation2.dll
2009-06-09 20:35 880,640 a------- c:\windows\system32\NCTAudioEditor2.dll
2009-06-09 20:35 602,112 a------- c:\windows\system32\NCTAudioTransform2.dll
2009-06-09 20:35 458,752 a------- c:\windows\system32\NCTAudioRecord2.dll
2009-06-09 20:35 458,752 a------- c:\windows\system32\NCTAudioPlayer2.dll
2009-06-09 20:35 835,584 a------- c:\windows\system32\NCTAudioCDGrabber2.dll
2009-06-09 20:35 344,064 a------- c:\windows\system32\msvcr70.dll
2009-06-09 20:35 <DIR> --d----- c:\program files\Mp3 Editor for Free
2009-06-09 16:13 123 a------- c:\windows\Winsus0.dat
2009-06-09 15:58 <DIR> --d----- c:\windows\system\iosubsys
2009-06-08 19:11 <DIR> --d----- c:\program files\Audacity
2009-06-08 15:45 <DIR> --d----- c:\program files\LG Electronics
2009-06-08 15:44 1,609,728 -------- c:\windows\MEDB.mdb
2009-06-08 15:44 <DIR> --d----- c:\program files\Sprint music manager
2009-06-07 14:35 <DIR> --d----- C:\LG Electronics
2009-06-04 16:21 <DIR> --d----- c:\program files\Dream Day Wedding Married in Manhattan
2009-06-03 18:32 <DIR> --d----- c:\program files\Games
2009-06-03 13:10 <DIR> --d----- c:\users\jennifer\Photobleepet
2009-06-03 13:08 <DIR> --d----- c:\program files\Photobleepet
2009-06-02 11:57 <DIR> --d----- c:\program files\common files\Software Update Utility
2009-06-02 11:57 <DIR> --d----- c:\programdata\AIM Toolbar
2009-06-02 11:57 <DIR> --d----- c:\program files\AIM Toolbar
2009-06-02 11:57 <DIR> --d----- c:\progra~2\AIM Toolbar
2009-05-31 11:46 <DIR> --dsh--- c:\windows\system32\%APPDATA%
2009-05-29 11:26 <DIR> --d----- C:\Hotspot Shield
2009-05-29 11:23 <DIR> --d----- c:\program files\Hotspot Shield
2009-05-29 11:07 163,840 a------- c:\windows\system32\SecureNet.dll
2009-05-29 11:06 <DIR> --d----- c:\program files\Hide My IP 2009
2009-05-28 05:53 <DIR> --d----- c:\program files\IpSharkk
2009-05-26 16:28 <DIR> --d----- c:\program files\Trend Micro
2009-05-20 12:54 33,840 a------- c:\windows\system32\drivers\HssDrv.sys

==================== Find3M ====================

2009-06-09 16:08 86,016 a------- c:\windows\inf\infstor.dat
2009-06-09 16:08 51,200 a------- c:\windows\inf\infpub.dat
2009-06-09 16:08 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-07 20:47 25,952 a------- c:\windows\system32\drivers\wnsdrvr.sys
2009-05-29 18:12 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-26 13:20 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 13:19 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-14 11:08 27,136 a------- c:\windows\system32\drivers\tapvpn.sys
2009-05-08 22:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-08 22:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-04-28 10:46 28,032 a------- c:\windows\system32\drivers\sustucau.sys
2009-04-28 10:46 47,360 a------- c:\windows\system32\drivers\sustucap.sys
2009-04-28 10:46 47,360 a------- c:\windows\system32\drivers\sustucam.sys
2009-04-23 05:43 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 05:42 636,928 a------- c:\windows\system32\localspl.dll
2009-04-21 04:55 2,033,152 a------- c:\windows\system32\win32k.sys
2008-10-11 18:20 25,600 a------- c:\users\jennifer\usbsermptxp.sys
2008-10-11 18:20 22,768 a------- c:\users\jennifer\usbsermpt.sys
2008-06-27 14:18 174 a--sh--- c:\program files\desktop.ini
2008-06-27 14:02 665,600 a------- c:\windows\inf\drvindex.dat
2007-11-05 16:15 60,968 a------- c:\users\jennifer\GoToAssistDownloadHelper.exe
2006-11-02 05:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2002-07-31 20:55 106 ---sh--- c:\windows\WSYS049.SYS
2008-10-11 17:46 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-10-11 17:46 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5

\index.dat
2008-10-11 17:46 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 8:42:30.51 ===============

#4 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:51 AM

Posted 17 June 2009 - 11:03 AM

Hello 502master :thumbup2: Welcome to the BC HijackThis Log and Analysis forum. Sorry about your wait, but I will be assisting you in cleaning up your system from here on out.


I ask that you refrain from running tools other than those we suggest while we are performing the clean-up. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.



In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.





I need to get a little different look at your system so please perform the following. I see that you have MalwareBytes installed. If you ran it what was the results? You can find the log to post by double clicking on the program to open it up then clicking on Logs. If you have ran it more than once there will be more than one log. Select the one with the latest date and then click on Open. Please copy and paste that log into your next reply along with the RSIT log.





  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)





When completed please post both both logs from RSIT as well as the one from MBAM

Please do not post any logs as an attachment unless asked to do so.





Thanks,



thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#5 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:51 AM

Posted 21 June 2009 - 08:18 AM

Hello again, do you still require assistance?
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#6 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:51 AM

Posted 22 June 2009 - 08:58 AM

Due to the lack of feedback This Topic is closed.

Should you need it reopened, please contact my by PM. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users