The main PC on my work network (only 3 pcs) started acting up last week- slow internet and email access, random pop-ups, internet explorer opening even when not connected. Unfortnately my receptionist kept this to herself until our internet usage limit was exceeded and we could no longer access the internet! (limit is 5GB/month, but we only use internet for emails and occasional surfing). Looks like something bad had been running in the background as the IE history list was massive!
I ran Avast, Malawarebytes, and S+D- these came up with a few viruses and trojans which were all removed. However, whenever I try to open a google search result, several windows open to different websites. I've run the antivirus and anti-spyware again- they are coming up clean!
Any help would be appreciated!
I will post DDS logs etc shortly!
Ok at work now- here are the logs:
DDS (Ver_09-10-26.01) - NTFSx86
Run by Owner at 12:04:18.62 on 14/11/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.502.202 [GMT 0:00]
AV: avast! antivirus 4.8.1335 [VPS 091112-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\symantec\ghost 14\Agent\VProSvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Iomega\REV System Software\imiconxp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe
D:\symantec\ghost 14\Agent\VProTray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Iomega\REV System Software\RevUDF.exe
C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\3\3Connect\AutoUpdateSrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\dllhost.exe
D:\symantec\ghost 14\Shared\Drivers\SymSnapService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\AntiSpyware Tools\BleepingComputerLogs\dds.scr
============== Pseudo HJT Report ===============
uInternet Connection Wizard,ShellNext = hxxp://www.codecguide.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Iomega Automatic Backup Pro] "c:\program files\iomega\automatic backup pro\LiveSystem.exe" -s
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Iomega ImIconXP] c:\program files\iomega\rev system software\imiconxp.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [DellNSCST] "c:\program files\dell\dell laser mfp 1600n\networkscan\DNSCST.exe" /HIDEUI
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Norton Ghost 14.0] "d:\symantec\ghost 14\agent\VProTray.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\3\3connect\AutoUpdateSrv.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: {203B1434-4019-4708-8989-5586A3E7B420} = 192.168.0.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R0 imdrvfsf;Iomega File System Filter Driver;c:\windows\system32\drivers\imdrvfsf.sys [2004-3-5 15942]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-4-4 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-4 20560]
R2 mdvrmng;Mobile IP Route Manager;c:\windows\system32\drivers\mdvrmng.sys [2009-7-31 10240]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2008-4-14 5120]
R3 Slnt7554;USB Soft Modem Driver;c:\windows\system32\drivers\slnt7554.sys [2009-4-5 129535]
R3 SymSnapService;SymSnapService;d:\symantec\ghost 14\shared\drivers\SymSnapService.exe [2007-12-20 1553896]
=============== Created Last 30 ================
2009-11-05 11:05:03 2362 --sh--r- c:\documents and settings\owner\weoaje.exe
2009-10-27 16:03:26 0 d-----w- c:\program files\Microsoft
==================== Find3M ====================
2009-11-14 12:04:21 16437280 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-13 18:13:52 196664 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-04-05 17:27:50 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
============= FINISH: 12:06:32.59 ===============
Attached Files
Edited by happy geordie, 14 November 2009 - 07:26 AM.