Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox stalling out... keeps running in task manager even after trying to kill it...


  • This topic is locked This topic is locked
10 replies to this topic

#1 Krybaby

Krybaby

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 11 July 2009 - 07:52 PM

My firefox, IE, and Safari will all freeze up... and say loading for like..... EVER... I will close Firefox... and try to reopen it, but it says that its still running and blah blah blah.. so I pull up task manager and sure enough there it is. I then try to end task, REPEATEDLY... no effect. I then reboot, I run spybot S&D and Avast, neither of which find the source of the problem. I then run Wise Disk Cleaner 4. low and behold, I have like..... 500+ of these MSS***** files * = a number, they go in sequential order down the list. The first time I ran wise disk cleaner after having this problem there were over 4000 files found... I normally get about 400 files everytime, and generally 256 of them cannot be deleted. Aside from the plethora of MSS files... I get a whole gang of new symantec files that I never had come up in the wise cleaner before. I went to the folder that contains the MSS files, and opened it. While that folder was opened, I started firefox, and bang... those files started popping up..... about 1 ever 2 seconds. Okay.... so that is the info that I have to give you. Now its time for me to tell you how I think I caused this problem.... and yes, I have learned my lesson, I was trying to get an ISO copy of the Sims 3 to see what its like.... big mistake... not gonna do that again.... dumb dumb dumb... Just buy games and save yourself the headache..... :thumbup2:

Here is the log you requested. I have a Hijackthis log file if you would like that as well, please let me know.

DDS (Ver_09-06-26.01) - NTFSx86
Run by connie at 2:34:26.77 on Sat 07/11/2009
Internet Explorer: 8.0.6001.18783
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.722 [GMT -5:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: ZoneAlarm Anti-Spyware *enabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\schtasks.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Windows\vVX3000.exe
C:\Windows\system32\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Users\connie\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\connie\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uSearch Bar =
mStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.0\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [fssui] "c:\program files\windows live\family safety\fsui.exe" -autorun
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\connie\appdata\roaming\mozilla\firefox\profiles\qezysh0q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.playlist.com/playlist/16486195723/standalone
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\users\connie\appdata\roaming\mozilla\firefox\profiles\qezysh0q.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-3-28 114768]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20070823.002\IDSvix86.sys [2007-11-30 180272]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-28 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-3-28 51792]
R2 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-11-1 149352]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-6-23 1153368]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2007-11-30 112688]
R3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-4-25 55280]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]

=============== Created Last 30 ================

2009-07-11 01:36 <DIR> --d----- c:\program files\Trend Micro
2009-07-10 05:31 <DIR> --d----- c:\windows\system32\eu-ES
2009-07-10 05:31 <DIR> --d----- c:\windows\system32\ca-ES
2009-07-10 05:31 <DIR> --d----- c:\windows\system32\vi-VN
2009-07-10 03:18 314,703,771 a------- c:\windows\MEMORY.DMP
2009-07-10 03:16 <DIR> --d----- c:\windows\system32\EventProviders
2009-07-10 03:16 <DIR> --d----- C:\9120e7874c10f0f9657d
2009-07-10 03:10 <DIR> --d----- c:\program files\Wise Registry Cleaner
2009-07-10 03:06 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-07-10 03:06 1,081,344 a------- c:\windows\system32\SLCExt.dll
2009-07-10 03:06 3,408,896 a------- c:\windows\system32\SLsvc.exe
2009-07-10 03:04 1,381,376 a------- c:\windows\system32\Query.dll
2009-07-10 03:03 1,533,440 a------- c:\windows\system32\wcnwiz.dll
2009-07-10 03:02 642,560 a------- c:\windows\system32\rasgcw.dll
2009-07-10 03:01 744,448 a------- c:\windows\system32\wbem\wbemcore.dll
2009-07-10 03:01 614,912 a------- c:\windows\system32\wbem\fastprox.dll
2009-07-10 03:01 265,728 a------- c:\windows\system32\wbem\repdrvfs.dll
2009-07-10 03:01 265,728 a------- c:\windows\system32\wbem\esscli.dll
2009-07-10 03:01 189,440 a------- c:\windows\system32\wbem\mofd.dll
2009-07-10 03:01 83,968 a------- c:\windows\system32\wbem\wmiutils.dll
2009-07-10 03:01 30,208 a------- c:\windows\system32\wbem\wbemprox.dll
2009-07-10 03:01 705,536 a------- c:\windows\system32\SmiEngine.dll
2009-07-10 03:01 218,624 a------- c:\windows\system32\wdscore.dll
2009-07-10 03:01 130,560 a------- c:\windows\system32\PkgMgr.exe
2009-07-10 03:01 247,808 a------- c:\windows\system32\drvstore.dll
2009-07-09 18:27 1,221,512 a------- c:\windows\system32\zpeng25.dll
2009-07-09 18:27 <DIR> --d----- c:\program files\Zone Labs
2009-07-09 18:25 350,192 a---h--- c:\windows\system32\drivers\vsconfig.xml
2009-07-09 18:25 293,528 a------- c:\windows\system32\drivers\vsdatant.sys
2009-07-09 18:25 <DIR> --d----- c:\windows\system32\ZoneLabs
2009-07-09 18:24 <DIR> --d----- c:\programdata\CheckPoint
2009-07-09 18:24 <DIR> --d----- c:\progra~2\CheckPoint
2009-07-09 18:24 <DIR> --d----- c:\windows\Internet Logs
2009-07-09 14:13 <DIR> --d----- c:\program files\Microsoft WSE
2009-07-09 12:58 <DIR> --d----- c:\programdata\DAEMON Tools Lite
2009-07-09 12:58 <DIR> --d----- c:\progra~2\DAEMON Tools Lite
2009-07-09 12:58 <DIR> --d----- c:\program files\DAEMON Tools Toolbar
2009-07-09 12:58 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-07-09 12:58 <DIR> --d----- c:\users\connie\appdata\roaming\DAEMON Tools Lite
2009-07-09 12:45 <DIR> --d----- c:\programdata\DAEMON Tools Pro
2009-07-09 12:45 <DIR> --d----- c:\progra~2\DAEMON Tools Pro
2009-07-09 12:37 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-07-09 12:36 <DIR> --d----- c:\users\connie\appdata\roaming\DAEMON Tools Pro
2009-07-09 03:05 <DIR> --dsh--- c:\windows\system32\%APPDATA%
2009-06-24 22:42 <DIR> --d----- c:\program files\Wise Disk Cleaner
2009-06-23 21:56 120 a------- c:\windows\wininit.ini
2009-06-23 17:47 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-06-23 17:47 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-06-23 17:47 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-06-20 21:46 <DIR> --d----- c:\programdata\WindowsSearch
2009-06-17 21:37 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-06-17 21:37 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-17 21:36 <DIR> --d----- c:\program files\iPod
2009-06-17 21:36 <DIR> --d----- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-17 21:36 <DIR> --d----- c:\program files\iTunes
2009-06-17 21:36 <DIR> --d----- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-17 21:25 <DIR> --d----- c:\program files\Bonjour
2009-06-15 19:01 <DIR> --d----- c:\program files\common files\DivX Shared
2009-06-11 12:48 2,034,688 a------- c:\windows\system32\win32k.sys
2009-06-11 12:48 623,616 a------- c:\windows\system32\localspl.dll
2009-06-11 12:48 1,469,440 a------- c:\windows\system32\inetcpl.cpl
2009-06-11 12:48 915,456 a------- c:\windows\system32\wininet.dll
2009-06-11 12:47 1,638,912 a------- c:\windows\system32\mshtml.tlb
2009-06-11 12:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-06-11 12:47 784,896 a------- c:\windows\system32\rpcrt4.dll

==================== Find3M ====================

2009-07-10 05:38 143,360 a------- c:\windows\inf\infstrng.dat
2009-07-10 05:38 143,360 a------- c:\windows\inf\infstor.dat
2009-07-10 05:38 51,200 a------- c:\windows\inf\infpub.dat
2009-07-10 05:31 665,600 a------- c:\windows\inf\drvindex.dat
2009-06-10 21:02 139,251 a------- c:\windows\hpoins15.dat
2009-06-06 22:01 492 a------- c:\users\connie\appdata\roaming\wklnhst.dat
2009-05-01 16:02 90,112 a------- c:\windows\system32\dpl100.dll
2009-05-01 16:02 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-05-01 16:02 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-05-01 16:02 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-05-01 16:02 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-05-01 16:02 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-05-01 16:02 685,056 a------- c:\windows\system32\DivX.dll
2009-03-28 01:01 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-11-30 02:30 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 2:36:03.75 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Krybaby

Krybaby
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 16 July 2009 - 03:11 PM

Instead of posting a new topic I figured I would add a reply to my initial post... it has been about 5 days since my first post so I fear I may have been lost in the madness that is the forums. My issues have changed since my last post as well.

I have managed to get firefox mostly off of my computer, however.... my IE and Safari are still only good for a few pages before they fail...... I am not sure exactly what is happening. I will be going along, slowly yet still able to use the browsers and view web pages as I am this one right now. After several different pages however, they stop loading up, I have to reboot the computer and then I can search the web for a short time again...... rinse wash repeat. I have done some cleaning, I have found at least one suspect file by doing a google of the files name ((( C:\Windows\system32\jusched.exe ))) and it brought me back here the the file database where it said it was a bad file and that I don't want it. I followed the instructions to remove it. This was to run autoruns.exe in safe mode.... Well...... that doesn't work, as neither autoruns OR Hijackthis found the file while running in safe mode. I don't even think Hijackthis found it untill I opened IE..... I think something is going on where whatever this problem is... it only starts up once I open an internet browser. Also...... I noticed the other day, when I was having this issue..... that my CPU usage was at 100% :thumbup2: ..... I have never seen that ..... EVER.... And as per my previous post... whatever this is... it is creating lots and lots of log files..... (((( C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS001F6.log )))) That is one of them... there are a BUNCH of them, and more and more are made the longer the browser stays open.... I find them via Wise Disk Cleaner 4 .... and it deletes them for me.. but whatever it is that makes them just keeps making more and more and more ... I JUST did a scan as I was typing this .... to get a file name to give you an example... and this is what i found. There are currently AT LEAST 300 of these files... and it keeps growing... I delete them.. they stay gone... I open IE.... they start being made again.... This is my newest Hijackthis log.....

PLEASE AT LEAST LET ME KNOW THAT YOU HAVE READ THIS!!!! I will wait another 3 days and if I don't recieve ANY response at all I will try making a new topic.... if that doesn't work I guess I will start over on a different forum. My internet is going to be shut off soon but I want to get the issue resolved before that happens.... Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:03:50 PM, on 7/16/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\schtasks.exe
C:\Windows\vVX3000.exe
C:\Windows\system32\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Wise Disk Cleaner\WiseDiskCleaner.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web

Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program

Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1

\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search

Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft

Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01

\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows

Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows

Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL

SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL

SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK

SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01

\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows

Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -

C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12

\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1

\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web

Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web

Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12

\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft

Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4

\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health

Check\hphc_service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company -

c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot -

Search & Destroy\SDWinSec.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32

\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9452 bytes

#3 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:03:21 PM

Posted 21 July 2009 - 01:09 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#4 Krybaby

Krybaby
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 21 July 2009 - 11:17 PM

The main issue I am having is... my Web browsers... are good for a limited amount of time... and then they stop loading pages... they just... stall out... and try to load forever without actually loading.... this goes away after I reboot... BUT.... it just comes right back after viewing a few pages....



My new DDS log....


DDS (Ver_09-06-26.01) - NTFSx86
Run by connie at 23:08:30.06 on Tue 07/21/2009
Internet Explorer: 8.0.6001.18783
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.1034 [GMT -5:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\vVX3000.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\connie\Desktop\Spystuffs\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page =
uSearch Bar =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe" -delete
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SpybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe" /waitstart
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-3-28 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-28 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-3-28 51792]
R2 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-6-23 1153368]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
R3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-4-25 55280]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]

=============== Created Last 30 ================

2009-07-20 01:07 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-07-20 01:07 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-07-20 01:06 <DIR> --d----- c:\users\connie\appdata\roaming\SUPERAntiSpyware.com
2009-07-20 01:06 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-20 01:06 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-07-19 23:24 <DIR> --d----- c:\users\connie\appdata\roaming\Malwarebytes
2009-07-19 23:24 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-19 23:24 <DIR> --d----- c:\programdata\Malwarebytes
2009-07-19 23:24 <DIR> --d----- c:\progra~2\Malwarebytes
2009-07-19 23:24 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-19 23:24 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-19 23:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-14 21:36 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-14 21:36 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-14 21:36 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-14 21:36 23,552 a------- c:\windows\system32\lpk.dll
2009-07-14 21:36 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-12 21:38 <DIR> --d----- c:\program files\CCleaner
2009-07-11 05:17 6,309,664 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-07-11 05:17 32 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-07-11 05:17 1,886 a------- C:\rollback.ini
2009-07-11 04:22 <DIR> --d----- C:\Temp
2009-07-11 02:42 <DIR> --d----- c:\programdata\ParetoLogic
2009-07-11 02:42 <DIR> --d----- c:\program files\common files\ParetoLogic
2009-07-11 02:42 <DIR> --d----- c:\progra~2\ParetoLogic
2009-07-11 01:36 <DIR> --d----- c:\program files\Trend Micro
2009-07-10 05:31 <DIR> --d----- c:\windows\system32\eu-ES
2009-07-10 05:31 <DIR> --d----- c:\windows\system32\ca-ES
2009-07-10 05:31 <DIR> --d----- c:\windows\system32\vi-VN
2009-07-10 03:16 <DIR> --d----- c:\windows\system32\EventProviders
2009-07-10 03:16 <DIR> --d----- C:\9120e7874c10f0f9657d
2009-07-10 03:10 <DIR> --d----- c:\program files\Wise Registry Cleaner
2009-07-10 03:06 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-07-10 03:06 1,081,344 a------- c:\windows\system32\SLCExt.dll
2009-07-10 03:06 3,408,896 a------- c:\windows\system32\SLsvc.exe
2009-07-10 03:04 1,381,376 a------- c:\windows\system32\Query.dll
2009-07-10 03:03 1,533,440 a------- c:\windows\system32\wcnwiz.dll
2009-07-10 03:02 642,560 a------- c:\windows\system32\rasgcw.dll
2009-07-10 03:01 744,448 a------- c:\windows\system32\wbem\wbemcore.dll
2009-07-10 03:01 614,912 a------- c:\windows\system32\wbem\fastprox.dll
2009-07-10 03:01 265,728 a------- c:\windows\system32\wbem\repdrvfs.dll
2009-07-10 03:01 265,728 a------- c:\windows\system32\wbem\esscli.dll
2009-07-10 03:01 189,440 a------- c:\windows\system32\wbem\mofd.dll
2009-07-10 03:01 83,968 a------- c:\windows\system32\wbem\wmiutils.dll
2009-07-10 03:01 30,208 a------- c:\windows\system32\wbem\wbemprox.dll
2009-07-10 03:01 705,536 a------- c:\windows\system32\SmiEngine.dll
2009-07-10 03:01 218,624 a------- c:\windows\system32\wdscore.dll
2009-07-10 03:01 130,560 a------- c:\windows\system32\PkgMgr.exe
2009-07-10 03:01 247,808 a------- c:\windows\system32\drvstore.dll
2009-07-09 18:27 <DIR> --d----- c:\program files\Zone Labs
2009-07-09 18:25 293,528 a------- c:\windows\system32\drivers\vsdatant.sys
2009-07-09 18:24 <DIR> --d----- c:\programdata\CheckPoint
2009-07-09 18:24 <DIR> --d----- c:\progra~2\CheckPoint
2009-07-09 18:24 <DIR> --d----- c:\windows\Internet Logs
2009-07-09 14:13 <DIR> --d----- c:\program files\Microsoft WSE
2009-07-09 12:58 <DIR> --d----- c:\programdata\DAEMON Tools Lite
2009-07-09 12:58 <DIR> --d----- c:\progra~2\DAEMON Tools Lite
2009-07-09 12:45 <DIR> --d----- c:\programdata\DAEMON Tools Pro
2009-07-09 12:45 <DIR> --d----- c:\progra~2\DAEMON Tools Pro
2009-07-09 12:37 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-07-09 03:05 <DIR> --dsh--- c:\windows\system32\%APPDATA%
2009-06-24 22:42 <DIR> --d----- c:\program files\Wise Disk Cleaner
2009-06-23 21:56 120 a------- c:\windows\wininit.ini
2009-06-23 17:47 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-06-23 17:47 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-06-23 17:47 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy

==================== Find3M ====================

2009-07-21 23:04 143,360 a------- c:\windows\inf\infstrng.dat
2009-07-21 23:04 143,360 a------- c:\windows\inf\infstor.dat
2009-07-21 23:04 51,200 a------- c:\windows\inf\infpub.dat
2009-07-10 05:31 665,600 a------- c:\windows\inf\drvindex.dat
2009-06-10 21:02 139,251 a------- c:\windows\hpoins15.dat
2009-06-06 22:01 492 a------- c:\users\connie\appdata\roaming\wklnhst.dat
2009-05-09 00:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 00:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-05-01 16:02 90,112 a------- c:\windows\system32\dpl100.dll
2009-05-01 16:02 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-05-01 16:02 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-05-01 16:02 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-05-01 16:02 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-05-01 16:02 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-05-01 16:02 685,056 a------- c:\windows\system32\DivX.dll
2009-04-23 07:15 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 07:14 623,616 a------- c:\windows\system32\localspl.dll
2009-03-28 01:01 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-11-30 02:30 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 23:10:22.47 ===============

#5 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:03:21 PM

Posted 27 July 2009 - 04:54 PM

Hello Krybaby,

Welcome to Bleeping Computer.

My name is Tokek and I will be helping you with your Malware problem.

I apologize for the delay in replying to your post, the forum have been extremely busy.

There may be a delay in my response to your posts as I am still currently in training. I will be helping you with supervision of the teachers and they will approve every posts before I present them to you.

Please make no further changes or run any other tools unless instructed to. This may hinder the cleaning of your machine.

Please give me some time to look over your log, I will post the reply as soon as they are approved.
If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#6 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:03:21 PM

Posted 27 July 2009 - 07:00 PM

Hello Krybaby,

Purchasing legit copies of games is definitely the way to go since you don't know what's been packed into the ISO files that you download off the internet as well as the keygen files that come with them. Plus, you help support the developers who spent time making the game.

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode


Please reply back with GMER log and a new DDS log.
If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#7 Krybaby

Krybaby
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 31 July 2009 - 02:10 PM

Sorry for the delay ... This is the log file I got... I stopped avast protection , closed spybot S&D, but windows defender was still on I don't know if that would cause any issues but this is the log file I ended up with.

GMER 1.0.15.15011 [c3udv6cq.exe] - http://www.gmer.net
Rootkit scan 2009-07-31 14:06:32
Windows 6.0.6002 Service Pack 2


---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84D3A1F8

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

#8 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:03:21 PM

Posted 01 August 2009 - 12:57 PM

Hello Krybaby,

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Posted Image


Please reply with the Kaspersky log and a new DDS log.
If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#9 Krybaby

Krybaby
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 04 August 2009 - 05:48 PM

Well.... I am actually no longer having the issue with every browser stalling out... I dunno what happened... I was doing my normal cleaning stuff... wisedisck wise registry avast spybot yada yada yada .... but I guess something must have gotten rid of the issue... now that is not to say that is not still kinda screwy ... but my original problem is solved... If you want me to go ahead with the scan and the DDS log let me know I will gladly do both. Perhaps there is still something going on but that particular symptom has gone away.... let me know please. Thank you, Matt

#10 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:03:21 PM

Posted 04 August 2009 - 09:11 PM

Let's do the Kaspersky scan anyway just to make sure that there are no left over nasties lurking in your machine.
If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#11 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:21 PM

Posted 13 August 2009 - 06:58 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users