Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Chinese Hackers Target Satellite, Geospatial Imaging, Defense Companies

Featured Deal: Get 95% off The Complete Adobe CC Training Bundle Deal

Photo

Firefox "Already running but not responding" problem

Started by finglonger , Jul 06 2009 03:03 PM

  • This topic is locked This topic is locked
11 replies to this topic

#1 finglonger

finglonger

  • Members
  • 6 posts
  • OFFLINE
    •  
  • Local time:05:45 PM

Posted 06 July 2009 - 03:03 PM

Hi,

I'm having a problem with my computer and I'm concerned it may be a trojan/malware issue, occasionally Firefox will freeze and when it is closed and restarted it will complain that the program is already running. I checked in Task Manager and the application is not visible but the processes pane shows a Firefox.exe process running which can't be killed by task manager.

Once this happens the computer won't shut down or log off and has to be killed with a "hard reset".

The Hijack This! log is below and i've attached attach.txt, any help you could give would be much appreciated.

Many thanks,

Paul

DDS (Ver_09-06-26.01) - NTFSx86
Run by Paul at 20:44:06.08 on 06/07/2009
Internet Explorer: 8.0.6001.18783 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2039.848 [GMT 1:00]

SP: ZoneAlarm Anti-Spyware *enabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k rpcss
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\SLsvc.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\taskeng.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\AEADISRV.EXE
C:\Windows\system32\agrsmsvc.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\PDF Complete\pdfsvc.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\Dwm.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\SearchIndexer.exe
C:\windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\regedit.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\explorer.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\Paul\Desktop\dds.scr
C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PDF Complete] "c:\program files\pdf complete\pdfsty.exe"
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
StartupFolder: c:\users\paul\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: DeviceNP - DeviceNP.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\paul\appdata\roaming\mozilla\firefox\profiles\csymspz3.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-24 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-24 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-6-24 51792]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2008-11-22 540448]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-11-22 193840]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2007-6-8 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2007-6-8 172131]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-8 1112560]
SUnknown rpcnetp;rpcnetp; [x]

=============== Created Last 30 ================

2009-07-06 19:36 <DIR> --d----- c:\program files\Trend Micro
2009-07-06 18:22 17,408 a------- c:\windows\system32\rpcnetp.exe
2009-06-27 13:03 <DIR> --d----- c:\users\paul\appdata\roaming\OpenOffice.org
2009-06-26 19:42 1,221,512 a------- c:\windows\system32\zpeng25.dll
2009-06-26 19:41 350,192 a---h--- c:\windows\system32\drivers\vsconfig.xml
2009-06-26 19:41 293,528 a------- c:\windows\system32\drivers\vsdatant.sys
2009-06-26 19:41 <DIR> --d----- c:\windows\system32\ZoneLabs
2009-06-25 01:11 12 a------- c:\windows\bthservsdp.dat
2009-06-24 21:19 170,496 a------- c:\windows\system32\tcpipcfg.dll
2009-06-24 21:19 22,528 a------- c:\windows\system32\netiougc.exe
2009-06-24 21:18 <DIR> --d----- c:\program files\Zone Labs
2009-06-24 21:15 <DIR> --d----- c:\programdata\CheckPoint
2009-06-24 21:15 <DIR> --d----- c:\progra~2\CheckPoint
2009-06-24 21:15 <DIR> --d----- c:\windows\Internet Logs
2009-06-24 21:02 <DIR> --d----- c:\program files\JRE
2009-06-24 21:02 <DIR> --d----- c:\program files\OpenOffice.org 3
2009-06-24 20:07 56 a---h--- c:\programdata\ezsidmv.dat
2009-06-24 20:07 56 a---h--- c:\progra~2\ezsidmv.dat
2009-06-24 20:06 <DIR> --d--r-- c:\program files\Skype
2009-06-24 20:06 <DIR> --d----- c:\programdata\Skype
2009-06-24 20:01 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-24 19:03 51,792 a------- c:\windows\system32\drivers\aswMonFlt.sys
2009-06-24 18:47 72,704 a------- c:\windows\system32\admparse.dll
2009-06-24 18:44 <DIR> --d----- C:\Anquet Map Data
2009-06-24 18:43 <DIR> --d----- c:\program files\Anquet Technology Ltd
2009-06-24 18:20 2,048 a------- c:\windows\system32\tzres.dll
2009-06-24 18:09 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-06-24 18:09 97,800 a------- c:\windows\system32\infocardapi.dll
2009-06-24 18:09 622,080 a------- c:\windows\system32\icardagt.exe
2009-06-24 18:09 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-06-24 18:09 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-06-24 18:09 11,264 a------- c:\windows\system32\icardres.dll
2009-06-24 18:09 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-06-24 18:09 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-06-24 18:05 96,760 a------- c:\windows\system32\dfshim.dll
2009-06-24 18:05 282,112 a------- c:\windows\system32\mscoree.dll
2009-06-24 18:05 41,984 a------- c:\windows\system32\netfxperf.dll
2009-06-24 18:05 158,720 a------- c:\windows\system32\mscorier.dll
2009-06-24 18:05 83,968 a------- c:\windows\system32\mscories.dll
2009-06-24 18:04 <DIR> --d----- c:\program files\MSXML 4.0
2009-06-24 17:56 428,544 a------- c:\windows\system32\EncDec.dll
2009-06-24 17:56 217,088 a------- c:\windows\system32\psisrndr.ax
2009-06-24 17:56 293,376 a------- c:\windows\system32\psisdecd.dll
2009-06-24 17:56 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-06-24 17:56 80,896 a------- c:\windows\system32\MSNP.ax
2009-06-24 17:56 57,856 a------- c:\windows\system32\MSDvbNP.ax
2009-06-24 17:54 2,868,736 a------- c:\windows\system32\mf.dll
2009-06-24 17:54 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-06-24 17:54 94,720 a------- c:\windows\system32\logagent.exe
2009-06-24 17:54 2,033,152 a------- c:\windows\system32\win32k.sys
2009-06-24 17:54 376,832 a------- c:\windows\system32\winhttp.dll
2009-06-24 17:54 562,176 a------- c:\windows\system32\msdtcprx.dll
2009-06-24 17:54 38,912 a------- c:\windows\system32\xolehlp.dll
2009-06-24 17:52 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-06-24 17:52 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2009-06-24 17:52 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-06-24 17:52 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-06-24 17:52 2,927,104 a------- c:\windows\explorer.exe
2009-06-24 17:51 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-06-24 17:51 7,680 a------- c:\windows\system32\spwmp.dll
2009-06-24 17:51 4,096 a------- c:\windows\system32\msdxm.ocx
2009-06-24 17:51 4,096 a------- c:\windows\system32\dxmasf.dll
2009-06-24 17:51 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-06-24 17:51 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-06-24 17:51 636,928 a------- c:\windows\system32\localspl.dll
2009-06-24 17:50 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-06-24 17:50 147,456 a------- c:\windows\system32\Faultrep.dll
2009-06-24 17:50 125,952 a------- c:\windows\system32\wersvc.dll
2009-06-24 17:40 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-06-24 17:39 83,456 a------- c:\windows\system32\wudriver.dll
2009-06-24 17:39 162,064 a------- c:\windows\system32\wuwebv.dll
2009-06-24 17:39 31,232 a------- c:\windows\system32\wuapp.exe
2009-06-24 17:38 384 a------- c:\windows\myClean.bat
2009-06-24 17:36 <DIR> --d----- c:\users\paul\Bluetooth Software
2009-06-24 17:36 44 a------- c:\windows\system\hpsysdrv.dat
2009-06-24 17:29 80,936 a------- c:\windows\system32\drivers\btwavdt.sys
2009-06-24 17:29 80,424 a------- c:\windows\system32\drivers\btwaudio.sys
2009-06-24 17:29 16,168 a------- c:\windows\system32\drivers\btwrchid.sys
2009-06-24 17:29 233,472 a------- c:\windows\system32\BtwRSupport.dll
2009-06-24 17:29 <DIR> --d----- c:\windows\system32\es-MX
2009-06-24 17:29 <DIR> --d----- c:\windows\system32\es-AR
2009-06-24 17:29 <DIR> --d----- c:\program files\WIDCOMM
2009-06-24 17:26 204,800 a------- c:\windows\system32\IVIresizeW7.dll
2009-06-24 17:26 188,416 a------- c:\windows\system32\IVIresizePX.dll
2009-06-24 17:26 200,704 a------- c:\windows\system32\IVIresizeA6.dll
2009-06-24 17:26 192,512 a------- c:\windows\system32\IVIresizeP6.dll
2009-06-24 17:26 192,512 a------- c:\windows\system32\IVIresizeM6.dll
2009-06-24 17:26 20,480 a------- c:\windows\system32\IVIresize.dll
2009-06-24 17:24 <DIR> --d----- c:\program files\common files\InterVideo
2009-06-24 17:24 <DIR> --d----- c:\program files\InterVideo
2009-06-24 17:24 0 a--shr-- c:\windows\system32\drivers\103C_HP_bNB_550_Y5336AN_0U_QCNU91030CH_E489318-A42_4A_I3618_SHP_V12.00_68MVU F.05_T090119_WV3-1_L409_M2039_J160_7Intel_86FD_91.80_#081121_N_(NN312EA#ABU)_XMOBILE_CN10_Z_2F.05_G80862A12;80862A13.MRK
2009-06-24 17:23 <DIR> --d----- c:\users\Paul

==================== Find3M ====================

2009-07-06 18:38 17,408 a------- c:\windows\system32\rpcnetp.dll
2009-06-30 09:17 714,398 a------- c:\windows\system32\perfh013.dat
2009-06-30 09:17 151,514 a------- c:\windows\system32\perfc013.dat
2009-06-26 19:42 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-26 19:42 51,200 a------- c:\windows\inf\infpub.dat
2009-06-26 19:42 86,016 a------- c:\windows\inf\infstor.dat
2009-05-09 06:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 06:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-04-23 13:43 784,896 a------- c:\windows\system32\rpcrt4.dll
2008-11-22 08:44 665,600 a------- c:\windows\inf\drvindex.dat
2008-04-16 00:09 336,440 a------- c:\windows\inf\perflib\0413\perfi.dat
2008-04-16 00:09 41,976 a------- c:\windows\inf\perflib\0413\perfd.dat
2008-04-16 00:09 41,976 a------- c:\windows\inf\perflib\0413\perfc.dat
2008-04-16 00:09 336,440 a------- c:\windows\inf\perflib\0413\perfh.dat
2008-01-21 03:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 20:44:32.24 ===============

Attached Files


BC AdBot (Login to Remove)

 

#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:At home
  • Local time:12:45 AM

Posted 13 July 2009 - 05:41 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+

#3 finglonger

finglonger
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
    •  
  • Local time:05:45 PM

Posted 14 July 2009 - 01:32 AM

Hi,

I have attached new versions of the logs as requested. Thank you for your help with my query.

Regards,

Paul


DDS (Ver_09-06-26.01) - NTFSx86
Run by Paul at 7:26:12.64 on 14/07/2009
Internet Explorer: 8.0.6001.18783 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2039.1011 [GMT 1:00]

SP: ZoneAlarm Anti-Spyware *enabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k rpcss
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\SLsvc.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\windows\system32\taskeng.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\AEADISRV.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\PDF Complete\pdfsvc.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\SearchIndexer.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\Paul\Desktop\script.scr
C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PDF Complete] "c:\program files\pdf complete\pdfsty.exe"
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\paul\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: DeviceNP - DeviceNP.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\paul\appdata\roaming\mozilla\firefox\profiles\csymspz3.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-24 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-24 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-6-24 51792]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2008-11-22 540448]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-11-22 193840]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
S2 rpcnetp;rpcnetp;c:\windows\system32\rpcnetp.exe --> c:\windows\system32\rpcnetp.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2007-6-8 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2007-6-8 172131]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-8 1112560]

=============== Created Last 30 ================

2009-07-11 15:56 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-07-11 15:56 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-07-11 15:55 <DIR> --d----- c:\program files\iPod
2009-07-11 15:55 <DIR> --d----- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-11 15:55 <DIR> --d----- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-11 15:55 <DIR> --d----- c:\program files\iTunes
2009-07-11 15:55 <DIR> --d----- c:\program files\Bonjour
2009-07-11 15:54 <DIR> --d----- c:\programdata\Apple Computer
2009-07-11 15:53 <DIR> --d----- c:\programdata\Apple
2009-07-11 15:04 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-07-06 19:36 <DIR> --d----- c:\program files\Trend Micro
2009-06-27 13:03 <DIR> --d----- c:\users\paul\appdata\roaming\OpenOffice.org
2009-06-26 19:42 1,221,512 a------- c:\windows\system32\zpeng25.dll
2009-06-26 19:41 350,192 a---h--- c:\windows\system32\drivers\vsconfig.xml
2009-06-26 19:41 293,528 a------- c:\windows\system32\drivers\vsdatant.sys
2009-06-26 19:41 <DIR> --d----- c:\windows\system32\ZoneLabs
2009-06-25 01:11 12 a------- c:\windows\bthservsdp.dat
2009-06-24 21:19 170,496 a------- c:\windows\system32\tcpipcfg.dll
2009-06-24 21:19 22,528 a------- c:\windows\system32\netiougc.exe
2009-06-24 21:18 <DIR> --d----- c:\program files\Zone Labs
2009-06-24 21:15 <DIR> --d----- c:\programdata\CheckPoint
2009-06-24 21:15 <DIR> --d----- c:\progra~2\CheckPoint
2009-06-24 21:15 <DIR> --d----- c:\windows\Internet Logs
2009-06-24 21:02 <DIR> --d----- c:\program files\JRE
2009-06-24 21:02 <DIR> --d----- c:\program files\OpenOffice.org 3
2009-06-24 20:07 56 a---h--- c:\programdata\ezsidmv.dat
2009-06-24 20:07 56 a---h--- c:\progra~2\ezsidmv.dat
2009-06-24 20:06 <DIR> --d--r-- c:\program files\Skype
2009-06-24 20:06 <DIR> --d----- c:\programdata\Skype
2009-06-24 20:01 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-24 19:03 51,792 a------- c:\windows\system32\drivers\aswMonFlt.sys
2009-06-24 18:47 72,704 a------- c:\windows\system32\admparse.dll
2009-06-24 18:44 <DIR> --d----- C:\Anquet Map Data
2009-06-24 18:43 <DIR> --d----- c:\program files\Anquet Technology Ltd
2009-06-24 18:20 2,048 a------- c:\windows\system32\tzres.dll
2009-06-24 18:09 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-06-24 18:09 97,800 a------- c:\windows\system32\infocardapi.dll
2009-06-24 18:09 622,080 a------- c:\windows\system32\icardagt.exe
2009-06-24 18:09 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-06-24 18:09 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-06-24 18:09 11,264 a------- c:\windows\system32\icardres.dll
2009-06-24 18:09 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-06-24 18:09 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-06-24 18:05 96,760 a------- c:\windows\system32\dfshim.dll
2009-06-24 18:05 282,112 a------- c:\windows\system32\mscoree.dll
2009-06-24 18:05 41,984 a------- c:\windows\system32\netfxperf.dll
2009-06-24 18:05 158,720 a------- c:\windows\system32\mscorier.dll
2009-06-24 18:05 83,968 a------- c:\windows\system32\mscories.dll
2009-06-24 18:04 <DIR> --d----- c:\program files\MSXML 4.0
2009-06-24 17:56 428,544 a------- c:\windows\system32\EncDec.dll
2009-06-24 17:56 217,088 a------- c:\windows\system32\psisrndr.ax
2009-06-24 17:56 293,376 a------- c:\windows\system32\psisdecd.dll
2009-06-24 17:56 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-06-24 17:56 80,896 a------- c:\windows\system32\MSNP.ax
2009-06-24 17:56 57,856 a------- c:\windows\system32\MSDvbNP.ax
2009-06-24 17:54 2,868,736 a------- c:\windows\system32\mf.dll
2009-06-24 17:54 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-06-24 17:54 94,720 a------- c:\windows\system32\logagent.exe
2009-06-24 17:54 2,033,152 a------- c:\windows\system32\win32k.sys
2009-06-24 17:54 376,832 a------- c:\windows\system32\winhttp.dll
2009-06-24 17:54 562,176 a------- c:\windows\system32\msdtcprx.dll
2009-06-24 17:54 38,912 a------- c:\windows\system32\xolehlp.dll
2009-06-24 17:52 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-06-24 17:52 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2009-06-24 17:52 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-06-24 17:52 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-06-24 17:52 2,927,104 a------- c:\windows\explorer.exe
2009-06-24 17:51 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-06-24 17:51 7,680 a------- c:\windows\system32\spwmp.dll
2009-06-24 17:51 4,096 a------- c:\windows\system32\msdxm.ocx
2009-06-24 17:51 4,096 a------- c:\windows\system32\dxmasf.dll
2009-06-24 17:51 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-06-24 17:51 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-06-24 17:51 636,928 a------- c:\windows\system32\localspl.dll
2009-06-24 17:50 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-06-24 17:50 147,456 a------- c:\windows\system32\Faultrep.dll
2009-06-24 17:50 125,952 a------- c:\windows\system32\wersvc.dll
2009-06-24 17:40 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-06-24 17:39 83,456 a------- c:\windows\system32\wudriver.dll
2009-06-24 17:39 162,064 a------- c:\windows\system32\wuwebv.dll
2009-06-24 17:39 31,232 a------- c:\windows\system32\wuapp.exe
2009-06-24 17:38 384 a------- c:\windows\myClean.bat
2009-06-24 17:36 <DIR> --d----- c:\users\paul\Bluetooth Software
2009-06-24 17:36 44 a------- c:\windows\system\hpsysdrv.dat
2009-06-24 17:29 80,936 a------- c:\windows\system32\drivers\btwavdt.sys
2009-06-24 17:29 80,424 a------- c:\windows\system32\drivers\btwaudio.sys
2009-06-24 17:29 16,168 a------- c:\windows\system32\drivers\btwrchid.sys
2009-06-24 17:29 233,472 a------- c:\windows\system32\BtwRSupport.dll
2009-06-24 17:29 <DIR> --d----- c:\windows\system32\es-MX
2009-06-24 17:29 <DIR> --d----- c:\windows\system32\es-AR
2009-06-24 17:29 <DIR> --d----- c:\program files\WIDCOMM
2009-06-24 17:26 204,800 a------- c:\windows\system32\IVIresizeW7.dll
2009-06-24 17:26 188,416 a------- c:\windows\system32\IVIresizePX.dll
2009-06-24 17:26 200,704 a------- c:\windows\system32\IVIresizeA6.dll
2009-06-24 17:26 192,512 a------- c:\windows\system32\IVIresizeP6.dll
2009-06-24 17:26 192,512 a------- c:\windows\system32\IVIresizeM6.dll
2009-06-24 17:26 20,480 a------- c:\windows\system32\IVIresize.dll
2009-06-24 17:24 <DIR> --d----- c:\program files\common files\InterVideo
2009-06-24 17:24 <DIR> --d----- c:\program files\InterVideo
2009-06-24 17:24 0 a--shr-- c:\windows\system32\drivers\103C_HP_bNB_550_Y5336AN_0U_QCNU91030CH_E489318-A42_4A_I3618_SHP_V12.00_68MVU F.05_T090119_WV3-1_L409_M2039_J160_7Intel_86FD_91.80_#081121_N_(NN312EA#ABU)_XMOBILE_CN10_Z_2F.05_G80862A12;80862A13.MRK
2009-06-24 17:23 <DIR> --d----- c:\users\Paul

==================== Find3M ====================

2009-07-13 21:39 17,408 a------- c:\windows\system32\rpcnetp.dll
2009-07-11 15:54 143,360 a------- c:\windows\inf\infstrng.dat
2009-07-11 15:54 86,016 a------- c:\windows\inf\infstor.dat
2009-07-11 15:54 51,200 a------- c:\windows\inf\infpub.dat
2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-05 11:42 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-09 06:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 06:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-04-23 13:43 784,896 a------- c:\windows\system32\rpcrt4.dll
2008-11-22 08:44 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-21 03:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 7:26:30.07 ===============

Attached Files


#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:45 PM

Posted 14 July 2009 - 07:06 PM

Hi finglonger,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

I will be back soon with the first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#5 finglonger

finglonger
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
    •  
  • Local time:05:45 PM

Posted 15 July 2009 - 01:18 AM

Hi M0le,

Thanks for taking the time to look into my problem, I'm still here!

Thanks,

Paul

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:45 PM

Posted 15 July 2009 - 07:13 PM

Hi finglonger,

Well, there's no malware in the log. The issue you describe is discussed here so you may want to read that.

In the meantime just to be sure we will do a deeper scan of the PC and see if anything comes up.

If the link above fixes the problem then let me know.

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop, please rename it as gamer.exe.
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

Then

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#7 finglonger

finglonger
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
    •  
  • Local time:05:45 PM

Posted 16 July 2009 - 12:47 PM

Hi M0le,

The link you gave me was very reassuring, thank you! It seems to describe my problem exactly - I'm probably a little paranoid about the possibility of a virus/malware problem.

I have run the GMER application and ESET is currently running - I'll post a log from that when it finishes. In the meantime the GMER log is pasted below, I'll post again when I have the ESET log.

<edit 16/07/2009 19:02>
By the way, I didn't get the warning message you mentioned in step 5 of your GMER instructions. I got a windows vista warning asking if I chose to run the program, but no rootkit warnings.
</edit>

Thanks again,

Paul




GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-16 18:36:58
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcConnectPort [0x8DED3880]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0x8DED34E0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0x8DED0828]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0x8DEE6D9C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0x8DED3C36]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0x8DEE4AF8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0x8DEE4D12]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0x8DEE8780]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0x8DED3CDE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0x8DED0D0A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0x8DEE7698]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0x8DEE7414]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0x8DEE44F8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0x8DEE7BC6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0x8DEE7C3E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKeyEx [0x8DEE7D2E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0x8DED0BA2]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0x8DEE5F18]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0x8DEE8370]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0x8DEE7DA6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0x8DED316A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0x8DEE81B0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0x8DED3680]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0x8DED0EF8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0x8DEE711A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0x8DEE5486]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0x8DEE5362]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateUserProcess [0x8DEE4F30]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 370 81CF6934 4 Bytes [80, 38, ED, 8D]
.text ntkrnlpa.exe!KeSetTimerEx + 3F4 81CF69B8 4 Bytes JMP 6F044A3E
.text ntkrnlpa.exe!KeSetTimerEx + 40C 81CF69D0 4 Bytes [28, 08, ED, 8D]
.text ntkrnlpa.exe!KeSetTimerEx + 41C 81CF69E0 4 Bytes [9C, 6D, EE, 8D]
.text ntkrnlpa.exe!KeSetTimerEx + 438 81CF69FC 12 Bytes [36, 3C, ED, 8D, F8, 4A, EE, ...]
.text ...

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\windows\system32\services.exe[648] @ C:\windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 001F0002
IAT C:\windows\system32\services.exe[648] @ C:\windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 001F0000

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00247e348c8f
Reg HKLM\SYSTEM\ControlSet013\Services\BTHPORT\Parameters\Keys\00247e348c8f

---- EOF - GMER 1.0.15 ----

Edited by finglonger, 16 July 2009 - 01:04 PM.

#8 finglonger

finglonger
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
    •  
  • Local time:05:45 PM

Posted 16 July 2009 - 02:23 PM

Hi,

The ESET scan completed but didn't find anything (hence, no log to post)

Regards,

Paul

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:45 PM

Posted 16 July 2009 - 03:27 PM

Yes, I don't think this is malware, finglonger.

Your logs are clean and there's no sign of anything at all. :thumbup2:

See how the Firefox issue goes, I will leave this open for 5 days in case you need to add anything but I think this is a browser fault.

Cheers,

m0le
Posted Image
m0le is a proud member of UNITE

#10 finglonger

finglonger
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
    •  
  • Local time:05:45 PM

Posted 17 July 2009 - 12:22 AM

I cannot thank you enough for your patience and help.

I've made a small donation to the cause in yor signature.

Thanks again,

Paul

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:45 PM

Posted 17 July 2009 - 06:39 AM

Thanks Paul, that is very much appreciated.

Glad we could get your PC back up and running :thumbup2:

m0le
Posted Image
m0le is a proud member of UNITE

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:45 PM

Posted 22 July 2009 - 03:27 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :thumbup2:

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE
Back to Virus, Trojan, Spyware, and Malware Removal Assistance


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Assistance
  4. Privacy Policy
  5. Rules ·