Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with unknown virus/ malware


  • This topic is locked This topic is locked
3 replies to this topic

#1 mark.hems

mark.hems

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:05 AM

Posted 04 August 2009 - 08:18 AM

Attached File  Attach.txt   10.2KB   6 downloadsThe problem started about 10 days ago. I don't know if its related, but I had the Personal antivius virus which I removed with Malwarebytes after which I found it would no longer start, neither will spybot search and destroy. I have tried reinstalling both in safe mode with no effect.
When using Google I click on what I want but regularly get sent to a completely unrelated page. It seems to happen with Yahoo search engine too. Music also stats to play from out of nowhere and it is not music stored on my machine. This can happen when I'm not even using the internet when the computer is idle.
My computer is very slow and often freezes completly leaving me no alternative but to cut the power.
I cannot use disk defrag as I click on it and get the error Cannot Start. I have also noticed my optical drive is playing up. When a disk is inserted it spins then nothing, however, it is recognised when I check in my computer. I would very much appreiatce any help.

DDS (Ver_09-07-30.01) - NTFSx86
Run by mark hems at 13:31:39.56 on 04/08/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.502.125 [GMT 1:00]

AV: avast! antivirus 4.8.1335 [VPS 090804-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\WgaTray.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\mark hems.MARK-1D2F6B4C6F\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://uk.search.yahoo.com
uSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
uStart Page = hxxp://uk.yahoo.com/
mDefault_Page_URL = hxxp://uk.yahoo.com
mDefault_Search_URL = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
mSearch Page = hxxp://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://uk.search.yahoo.com
mStart Page = hxxp://uk.yahoo.com
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
BHO: PPSƵģ: {0000e615-928f-4ee3-892a-8bac4931db4f} - c:\documents and settings\mark hems.mark-1d2f6b4c6f\application data\ppstream\ppsva\1.0.0.30\ppsva.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: {35BE37A2-ED96-7A0E-91F7-7264D5AF5C67} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {547395D9-934A-CED6-B851-F238C86079E5} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
EB: {A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter3.exe
dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
dPolicies-explorer: EditLevel = 0 (0x0)
dPolicies-explorer: NoCommonGroups = 0 (0x0)
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-8-1 114768]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-8-2 719392]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-1 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-8-1 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-8-1 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-8-1 352920]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-8-3 38160]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-7-8 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-7-8 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-7-8 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-7-8 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-7-8 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-7-8 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-7-8 115752]

=============== Created Last 30 ================

2009-08-03 22:06 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 22:06 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-03 22:06 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-03 18:14 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\PCPitstop
2009-08-03 16:56 <DIR> --d----- c:\program files\Veetle
2009-08-03 16:30 <DIR> --d----- c:\program files\Defraggler
2009-08-02 17:06 <DIR> --d----- c:\program files\a-squared Free
2009-08-01 16:29 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-08-01 16:08 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-08-01 16:08 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy
2009-08-01 15:05 552 a------- c:\windows\system32\d3d8caps.dat
2009-08-01 01:43 <DIR> --d----- c:\windows\pss
2009-07-31 22:38 <DIR> --d----- c:\program files\Zattoo
2009-07-31 19:20 0 a------- c:\documents and settings\mark hems.mark-1d2f6b4c6f\settings.dat
2009-07-30 17:38 1,073,741,824 a------- C:\ppsds.pgf
2009-07-30 17:38 45 a------- c:\windows\PCDNSetting.ini
2009-07-30 17:28 113 a------- c:\windows\PPSMediaList.ini
2009-07-30 17:28 63 a------- c:\windows\powerlist.ini
2009-07-30 17:27 1,321 a------- c:\windows\powerplayer.ini
2009-07-30 17:27 869 a------- c:\windows\psnetwork.ini
2009-07-30 17:26 <DIR> --d----- c:\docume~1\markhe~1.mar\applic~1\PPStream
2009-07-30 17:26 <DIR> --d----- c:\program files\PPStream
2009-07-30 16:45 <DIR> --d----- c:\program files\TVAnts
2009-07-30 16:40 <DIR> --d----- c:\docume~1\markhe~1.mar\applic~1\ShoppingReport
2009-07-30 16:40 <DIR> --d----- c:\program files\ShoppingReport
2009-07-30 16:25 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\TVU Networks
2009-07-30 16:25 <DIR> --d----- c:\documents and settings\mark hems.mark-1d2f6b4c6f\LocalLow
2009-07-30 16:25 <DIR> --d----- c:\program files\TVUPlayer
2009-07-14 10:51 <DIR> --d----- c:\program files\common files\Uninstall
2009-07-14 10:00 148,736 a------- c:\docume~1\alluse~1.win\applic~1\hpeBB.dll
2009-07-13 19:22 <DIR> --d----- c:\program files\ffdshow
2009-07-13 19:22 212,240 a------- c:\windows\system32\Richtx32.ocx
2009-07-13 15:34 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Registry Helper
2009-07-11 20:56 <DIR> --dsh--- c:\documents and settings\mark hems.mark-1d2f6b4c6f\IECompatCache
2009-07-11 11:13 221,184 a------- c:\windows\system32\wmpns.dll
2009-07-10 22:56 <DIR> --d----- c:\windows\system32\Logs
2009-07-10 22:50 <DIR> --d----- c:\docume~1\markhe~1.mar\applic~1\DriverCure
2009-07-10 22:49 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\ParetoLogic
2009-07-10 22:49 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\DriverCure
2009-07-09 19:03 <DIR> --d-h--- c:\windows\PIF
2009-07-09 19:03 <DIR> --d----- c:\program files\IndisputablyBetterBrowsingExperienceTool
2009-07-09 18:27 <DIR> --d----- c:\docume~1\markhe~1.mar\applic~1\Save
2009-07-08 22:37 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Tencent
2009-07-08 22:33 21 a------- c:\windows\atid.ini
2009-07-08 22:31 <DIR> --d----- c:\program files\common files\AOL
2009-07-08 22:30 1,743 a---h--- C:\IPH.PH
2009-07-08 21:46 <DIR> --d----- c:\docume~1\markhe~1.mar\applic~1\LimeWire
2009-07-08 21:43 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-08 21:43 73,728 a------- c:\windows\system32\javacpl.cpl
2009-07-08 13:00 115,752 a------- c:\windows\system32\drivers\s0016unic.sys
2009-07-08 13:00 10,792 a------- c:\windows\system32\drivers\s0016cr.sys
2009-07-08 13:00 114,216 a------- c:\windows\system32\drivers\s0016mgmt.sys
2009-07-08 13:00 110,632 a------- c:\windows\system32\drivers\s0016obex.sys
2009-07-08 13:00 25,512 a------- c:\windows\system32\drivers\s0016nd5.sys
2009-07-08 13:00 12,200 a------- c:\windows\system32\drivers\s0016cmnt.sys
2009-07-08 13:00 12,200 a------- c:\windows\system32\drivers\s0016cm.sys
2009-07-08 13:00 120,744 a------- c:\windows\system32\drivers\s0016mdm.sys
2009-07-08 13:00 89,256 a------- c:\windows\system32\drivers\s0016bus.sys
2009-07-08 13:00 15,016 a------- c:\windows\system32\drivers\s0016mdfl.sys
2009-07-08 13:00 12,200 a------- c:\windows\system32\drivers\s0016whnt.sys
2009-07-08 13:00 12,200 a------- c:\windows\system32\drivers\s0016wh.sys
2009-07-08 13:00 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Sony Ericsson
2009-07-08 12:34 <DIR> --dsh--- c:\documents and settings\mark hems.mark-1d2f6b4c6f\PrivacIE
2009-07-08 12:28 <DIR> --dsh--- c:\documents and settings\mark hems.mark-1d2f6b4c6f\IETldCache
2009-07-07 21:08 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys
2009-07-07 21:08 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2009-07-07 19:11 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-07-07 19:11 2,189,056 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-07-07 19:11 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-07-07 19:09 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-07-07 19:08 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-07-07 19:07 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-07-07 17:57 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-07-07 17:57 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-07-07 17:09 155,648 a------- c:\windows\system32\igfxres.dll
2009-07-07 16:54 2,732,032 a------- c:\windows\system32\Netw2r32.dll
2009-07-07 16:54 2,216,064 a------- c:\windows\system32\drivers\w29n51.sys
2009-07-07 16:54 557,056 a------- c:\windows\system32\Netw2c32.dll
2009-07-07 16:20 5,376 ac------ c:\windows\system32\dllcache\mspclock.sys
2009-07-07 16:20 5,376 a------- c:\windows\system32\drivers\MSPCLOCK.sys
2009-07-07 16:20 207,488 a----r-- c:\windows\system32\drivers\vinyl97.sys
2009-07-07 16:20 146,048 ac------ c:\windows\system32\dllcache\portcls.sys
2009-07-07 16:20 129,536 ac------ c:\windows\system32\dllcache\ksproxy.ax
2009-07-07 16:20 60,160 ac------ c:\windows\system32\dllcache\drmk.sys
2009-07-07 16:20 4,096 ac------ c:\windows\system32\dllcache\ksuser.dll
2009-07-07 16:20 146,048 a------- c:\windows\system32\drivers\portcls.sys
2009-07-07 16:20 129,536 a------- c:\windows\system32\ksproxy.ax
2009-07-07 16:20 60,160 a------- c:\windows\system32\drivers\drmk.sys
2009-07-07 16:20 4,096 a------- c:\windows\system32\ksuser.dll
2009-07-07 16:17 <DIR> --dsh--- c:\documents and settings\mark hems.mark-1d2f6b4c6f\UserData
2009-07-07 16:13 74,496 a------- c:\windows\system32\drivers\Rtlnicxp.sys
2009-07-07 16:11 53,248 a------- c:\windows\system32\CSVer.dll
2009-07-07 16:07 15,781 a------- c:\windows\system32\drivers\mdc8021x.sys
2009-07-07 16:07 1,232,999 -------- c:\windows\system32\BCMWLCPL.CPL
2009-07-07 16:07 913,408 -------- c:\windows\system32\AegisE5.dll
2009-07-07 16:07 667,750 -------- c:\windows\system32\BCMWLTRY.EXE
2009-07-07 16:07 110,592 -------- c:\windows\system32\AegisI5.exe
2009-07-07 16:07 81,920 -------- c:\windows\system32\wltrynt.dll
2009-07-07 16:07 69,632 -------- c:\windows\system32\BCMLogon.dll
2009-07-07 16:07 45,056 -------- c:\windows\system32\WLTRYSVC.EXE
2009-07-07 16:07 341,760 -------- c:\windows\system32\drivers\BCMWL5.SYS
2009-07-07 16:07 143,360 -------- c:\windows\system32\BCMWLU00.EXE
2009-07-07 16:07 69,632 -------- c:\windows\system32\BCMWLD2K.EXE
2009-07-07 16:03 26,368 ac------ c:\windows\system32\dllcache\usbstor.sys
2009-07-06 17:13 3,072 a------- c:\windows\system32\drivers\audstub.sys
2009-07-06 17:12 57,600 a------- c:\windows\system32\drivers\redbook.sys
2009-07-06 17:12 28,672 a------- c:\windows\system32\drivers\nscirda.sys
2009-07-06 17:11 6,400 a------- c:\windows\system32\drivers\enum1394.sys
2009-07-06 17:11 5,504 a------- c:\windows\system32\drivers\intelide.sys
2009-07-06 17:10 74,240 a------- c:\windows\system32\usbui.dll
2009-07-06 17:10 10,240 a------- c:\windows\system32\drivers\compbatt.sys
2009-07-06 17:10 14,208 a------- c:\windows\system32\drivers\battc.sys
2009-07-06 17:10 13,952 a------- c:\windows\system32\drivers\CmBatt.sys
2009-07-06 17:07 <DIR> --d--r-- c:\documents and settings\all users.windows\Documents
2009-07-06 17:06 16,535 a----r-- c:\windows\SET8.tmp
2009-07-06 17:06 1,088,840 a----r-- c:\windows\SET4.tmp
2009-07-06 17:06 1,296,669 a----r-- c:\windows\SET3.tmp
2009-07-06 17:04 589 a------- c:\windows\system32\$winnt$.inf
2009-07-06 16:39 <DIR> --d----- c:\documents and settings\mark hems.MARK-1D2F6B4C6F
2009-07-06 16:38 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-07-06 16:38 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-07-06 16:36 8,192 a------- c:\windows\REGLOCS.OLD
2009-07-06 16:34 28,288 ac------ c:\windows\system32\dllcache\xjis.nls
2009-07-06 16:34 156,672 ac------ c:\windows\system32\dllcache\winzm.ime
2009-07-06 16:32 79,360 ac------ c:\windows\system32\dllcache\phon.ime
2009-07-06 16:31 315,455 ac------ c:\windows\system32\dllcache\imskf.dll
2009-07-06 16:30 24,064 ac------ c:\windows\system32\dllcache\compfilt.dll
2009-07-06 16:29 2,626 a------- c:\windows\system32\CONFIG.NT
2009-07-06 16:29 0 a------- c:\windows\control.ini
2009-07-06 16:29 23,392 a------- c:\windows\system32\nscompat.tlb
2009-07-06 16:29 16,832 a------- c:\windows\system32\amcompat.tlb
2009-07-06 16:29 316,640 a------- c:\windows\WMSysPr9.prx
2009-07-06 16:27 <DIR> --dsh--- c:\documents and settings\all users.windows\DRM
2009-07-06 16:27 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-07-06 16:25 47,104 ac------ c:\windows\system32\dllcache\srdiag.exe
2009-07-06 16:24 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-07-06 16:24 37 a------- c:\windows\vbaddin.ini
2009-07-06 16:24 36 a------- c:\windows\vb.ini
2009-07-06 16:22 1,267,200 ac------ c:\windows\system32\dllcache\comsvcs.dll
2009-07-05 14:33 85,504 a------- c:\windows\system32\ff_vfw.dll
2009-07-05 14:33 60,273 a------- c:\windows\system32\pthreadGC2.dll
2009-07-05 14:33 50,688 a------- c:\windows\system32\ff_acm.acm
2009-07-05 14:33 547 a------- c:\windows\system32\ff_vfw.dll.manifest

==================== Find3M ====================

2009-09-26 18:37 282,664 a--sh--- c:\docume~1\markhe~1.mar\applic~1\jywedsnz.dll
2009-07-10 22:24 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-16 15:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 15:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-03 20:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-27 18:38 25,740,144 a------- C:\wmp11-windowsxp-x86-enu.exe
2009-05-14 10:58 61,440 a------- c:\windows\system32\ndisapi.dll
2009-05-13 06:15 5,936,128 a------- c:\windows\system32\dllcache\mshtml.dll
2009-05-13 06:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-13 06:15 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-05-07 16:32 345,600 a------- c:\windows\system32\localspl.dll
2009-09-14 17:12 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2009-09-14 17:12 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2009-09-14 17:12 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 13:33:11.85 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 06/07/2009 16:34:33
System Uptime: 08/04/2009 12:57:00 (2833 hours ago)

Motherboard: DIXONSXP | | EF6C
Processor: Intel® Pentium® M processor 1.70GHz | On Board | 1695/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 37 GiB total, 23.961 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: Mobile Intel® 915GM/GMS,910GML Express Chipset Family
Device ID: PCI\VEN_8086&DEV_2592&SUBSYS_0746152D&REV_04\3&B1BFB68&0&10
Manufacturer: Intel Corporation
Name: Mobile Intel® 915GM/GMS,910GML Express Chipset Family
PNP Device ID: PCI\VEN_8086&DEV_2592&SUBSYS_0746152D&REV_04\3&B1BFB68&0&10
Service: ialm

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: Mobile Intel® 915GM/GMS,910GML Express Chipset Family
Device ID: PCI\VEN_8086&DEV_2792&SUBSYS_0746152D&REV_04\3&B1BFB68&0&11
Manufacturer: Intel Corporation
Name: Mobile Intel® 915GM/GMS,910GML Express Chipset Family
PNP Device ID: PCI\VEN_8086&DEV_2792&SUBSYS_0746152D&REV_04\3&B1BFB68&0&11
Service: ialm

Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_8086&DEV_266D&SUBSYS_0746152D&REV_04\3&B1BFB68&0&F3
Manufacturer: Smart Link (www.smlink.com)
Name: Smart Link 56K Voice Modem
PNP Device ID: PCI\VEN_8086&DEV_266D&SUBSYS_0746152D&REV_04\3&B1BFB68&0&F3
Service: Modem

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Infrared Port
Device ID: ROOT\MS_IRDAMINIPORT\0000
Manufacturer: Microsoft
Name: Infrared Port
PNP Device ID: ROOT\MS_IRDAMINIPORT\0000
Service: Rasirda

==== System Restore Points ===================

RP1: 26/09/2009 19:40:27 - System Checkpoint
RP2: 26/09/2009 19:40:29 - Installed REALTEK Gigabit and Fast Ethernet NIC Driver
RP3: 26/09/2009 19:40:31 - Installed Platform
RP4: 26/09/2009 19:40:34 - Installed TIxx21
RP5: 26/09/2009 19:40:35 - Update to an unsigned driver
RP6: 26/09/2009 19:40:36 - Update to an unsigned driver
RP7: 26/09/2009 19:40:38 - Software Distribution Service 3.0
RP8: 26/09/2009 19:40:39 - Software Distribution Service 3.0
RP9: 26/09/2009 19:40:39 - Software Distribution Service 3.0
RP10: 26/09/2009 19:40:40 - Installed Java™ 6 Update 14
RP11: 26/09/2009 19:40:41 - System Checkpoint
RP12: 26/09/2009 19:40:41 - Installed Windows Media Player 11
RP13: 26/09/2009 19:40:41 - Software Distribution Service 3.0
RP14: 26/09/2009 19:40:41 - Software Distribution Service 3.0
RP15: 26/09/2009 19:40:42 - Restore Operation
RP16: 26/09/2009 19:40:42 - System Checkpoint
RP17: 26/09/2009 19:40:42 - Restore Operation
RP18: 26/09/2009 19:40:42 - Installed Windows Media Format Runtime
RP19: 26/09/2009 19:40:42 - Installed Windows XP Wudf01000.
RP20: 26/09/2009 19:40:44 - Software Distribution Service 3.0
RP21: 26/09/2009 19:40:45 - Installed MalwareRemovalBot
RP22: 26/09/2009 19:40:46 - Restore Operation
RP23: 26/09/2009 19:40:47 - Installed Windows Media Player 11
RP24: 26/09/2009 19:40:47 - Software Distribution Service 3.0
RP25: 26/09/2009 19:40:48 - Restore Operation
RP26: 26/09/2009 19:40:48 - Restore Operation
RP27: 26/09/2009 19:40:49 - Restore Operation
RP28: 26/09/2009 19:40:50 - Removed MalwareRemovalBot
RP29: 26/09/2009 19:40:51 - Software Distribution Service 3.0
RP30: 26/09/2009 19:40:51 - Installed AntispywareBot
RP31: 26/09/2009 19:40:52 - Installed Error Fix
RP32: 26/09/2009 19:40:52 - Removed Error Fix
RP33: 26/09/2009 19:40:53 - System Checkpoint
RP34: 26/09/2009 19:40:53 - System Checkpoint
RP35: 26/09/2009 19:40:55 - System Checkpoint
RP36: 26/09/2009 19:40:55 - Software Distribution Service 3.0
RP37: 26/09/2009 19:40:56 - System Checkpoint
RP38: 26/09/2009 19:40:56 - Installed Adobe Reader 9.1.
RP39: 01/08/2009 01:43:07 - Advanced Registry Optimizer - Before One Click
RP40: 30/09/2009 01:23:51 - System Checkpoint
RP41: 01/08/2009 17:12:15 - Avira AntiVir Personal - 01/08/2009 17:12

==== Installed Programs ======================

a-squared Free 4.5
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.2
Ask Toolbar
avast! Antivirus
BCM Wireless Network Adapter
CCleaner (remove only)
Choice Guard
Defraggler (remove only)
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
IndisputablyBetterBrowsingExperienceTool
Intel® Graphics Media Accelerator Driver
Java™ 6 Update 14
Malwarebytes' Anti-Malware
Microsoft Application Error Reporting
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MSN
MSVCRT
Platform
PPStream V2.6.86.8892 Final
REALTEK Gigabit and Fast Ethernet NIC Driver
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
Segoe UI
Sony Ericsson PC Suite 5.009.00
Spybot - Search & Destroy
Texas Instruments PCIxx21/x515 drivers.
TIxx21
TVAnts 1.0
TVUPlayer 2.4.5.3
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Veetle TV 0.9.15
VIA Platform Device Manager
VLC media player 0.9.8a
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Zattoo 3.3.4 Beta

==== Event Viewer Messages From Past Week ========

30/09/2009 00:15:57, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service.
30/09/2009 00:15:29, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avg8wd service.
29/09/2009 20:52:02, error: Service Control Manager [7034] - The WebClient service terminated unexpectedly. It has done this 1 time(s).
29/09/2009 20:51:40, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).
27/09/2009 21:12:14, error: Service Control Manager [7031] - The McAfee Redirector Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.
22/09/2009 22:27:00, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
22/09/2009 15:48:03, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 0016367EF83C has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
20/09/2009 00:23:04, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 00166F5042B4 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
20/09/2009 00:23:01, error: Dhcp [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 0016367EF83C has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
18/09/2009 15:15:29, error: Dhcp [1002] - The IP address lease 192.168.0.4 for the Network Card with network address 0016367EF83C has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
18/09/2009 13:34:11, error: Dhcp [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 00166F5042B4 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
15/09/2009 13:34:10, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
14/09/2009 20:04:06, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
14/09/2009 20:03:26, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
14/09/2009 19:16:16, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
14/09/2009 13:44:57, error: Service Control Manager [7000] - The My Web Search Service service failed to start due to the following error: Access is denied.

==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:04:05 AM

Posted 14 August 2009 - 07:04 AM

Hello, mark.hems.
My name is aommaster and I will be helping you with your log.

I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Please note that I am in the process of my training so it may take a while for me to get back to you, as each of my fixes need to be checked by a coach first.

We need to run RSIT
  • Download random's system information tool (RSIT) by random/random and save it to your desktop.
  • Double click on RSIT.exe.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
In your next reply, please include the following:
  • Log.txt
  • info.txt

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#3 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:04:05 AM

Posted 17 August 2009 - 10:02 AM

Hello mark.hems
Are you still with us?

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#4 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:05 AM

Posted 19 August 2009 - 08:28 AM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users