Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trouble accessing sites such as Google, Yahoo Mail, Gmail, etc


  • This topic is locked This topic is locked
3 replies to this topic

#1 parasyte

parasyte

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 11 March 2010 - 10:28 PM

This computer had been infected badly enough that something on the system would die and auto-shutdown after 1 minute.
After cleaning many things off with Malwarebytes and the F-Secure Rescue CD, everything but the internet is back to normal.
Requests to load google.com or gmail.com among others hang forever in both IE8 and Firefox 3.6.

I was unable to get a GMER log, as the entire system locked up and was unresponsive save for the mouse cursor when I went to save it.



DDS (Ver_09-12-01.01) - NTFSx86
Run by HP_Owner at 17:33:13.57 on Thu 03/11/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.376 [GMT -8:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\HP_Owner.YOUR-D0F670B45A\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
BHO: AutorunsDisabled - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_05\bin\npjpi150_05.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\progra~1\qualcomm\eudora\EuShlExt.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_own~1.you\applic~1\mozilla\firefox\profiles\1lvitg7n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-sem&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJPI150_05.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-2-24 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-24 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-24 29512]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-24 242696]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-10-23 308064]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2010-3-9 20160]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-9-3 30192]
S3 rt70x86;%WUSB54Gv4.Service.DispName%;c:\windows\system32\drivers\netr70.sys [2006-12-29 243200]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2010-2-18 194304]
S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [2010-2-18 627072]

=============== Created Last 30 ================

2010-03-12 01:12:45 0 d-----w- c:\program files\trend micro
2010-03-11 00:40:34 0 d-----w- c:\program files\ESET
2010-03-10 23:14:38 0 dc----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-03-10 23:03:57 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2010-03-10 23:02:57 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys
2010-03-10 23:01:58 11520 ----a-w- c:\windows\system32\dllcache\twotrack.sys
2010-03-10 23:00:58 17129 ----a-w- c:\windows\system32\dllcache\tdkcd31.sys
2010-03-10 22:59:59 285760 ----a-w- c:\windows\system32\dllcache\stlnata.sys
2010-03-10 22:58:57 24576 ----a-w- c:\windows\system32\dllcache\smc8000n.sys
2010-03-10 22:57:58 18400 ----a-w- c:\windows\system32\dllcache\sgsmld.sys
2010-03-10 22:56:57 210496 ----a-w- c:\windows\system32\dllcache\s3mvirge.dll
2010-03-10 22:55:58 41472 ----a-w- c:\windows\system32\dllcache\qvusd.dll
2010-03-10 22:54:59 92416 ----a-w- c:\windows\system32\dllcache\phildec.sys
2010-03-10 22:53:59 31872 ----a-w- c:\windows\system32\dllcache\ovce.sys
2010-03-10 22:52:58 15872 ----a-w- c:\windows\system32\dllcache\ne2000.sys
2010-03-10 22:51:58 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2010-03-10 22:50:58 727786 ----a-w- c:\windows\system32\dllcache\ltck000c.sys
2010-03-10 22:49:58 23552 ----a-w- c:\windows\system32\dllcache\irmk7.sys
2010-03-10 22:48:58 353184 ----a-w- c:\windows\system32\dllcache\i740dnt5.dll
2010-03-10 22:47:59 48128 ----a-w- c:\windows\system32\dllcache\hpgt33tk.dll
2010-03-10 22:46:58 16074 ----a-w- c:\windows\system32\dllcache\fa312nd5.sys
2010-03-10 22:45:59 634134 ----a-w- c:\windows\system32\dllcache\el656ct5.sys
2010-03-10 22:44:59 31305 ----a-w- c:\windows\system32\dllcache\disrvpp.dll
2010-03-10 22:43:59 175104 ----a-w- c:\windows\system32\dllcache\csamsp.dll
2010-03-10 22:42:59 5120 ----a-w- c:\windows\system32\dllcache\brscnrsm.dll
2010-03-10 22:41:51 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-03-09 21:41:31 0 dc----w- c:\docume~1\hp_own~1.you\applic~1\Malwarebytes
2010-03-09 21:41:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-09 21:41:24 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-09 21:41:24 0 dc----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-09 21:41:24 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-09 18:25:03 98816 ----a-w- c:\windows\sed.exe
2010-03-09 18:25:03 77312 ----a-w- c:\windows\MBR.exe
2010-03-09 18:25:03 261632 ----a-w- c:\windows\PEV.exe
2010-03-09 18:25:03 161792 ----a-w- c:\windows\SWREG.exe
2010-03-09 18:14:14 20160 ----a-w- c:\windows\system32\drivers\ADM8511.SYS
2010-03-09 18:14:14 20160 ----a-w- c:\windows\system32\dllcache\adm8511.sys
2010-03-08 17:07:45 33182464 -c--a-w- C:\p6395344.exe
2010-03-02 17:00:34 0 dcsh--w- c:\documents and settings\hp_owner.your-d0f670b45a\IECompatCache
2010-03-01 00:48:02 0 d-----w- c:\program files\EmailStripper
2010-02-28 00:13:03 0 dc----w- C:\SystemRoot
2010-02-27 19:53:29 0 d-----w- c:\windows\system32\scripting
2010-02-27 19:53:27 0 d-----w- c:\windows\system32\en
2010-02-27 19:53:27 0 d-----w- c:\windows\system32\bits
2010-02-27 19:44:48 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2010-02-27 19:44:48 81920 ------w- c:\windows\system32\ieencode.dll
2010-02-27 00:57:25 0 dcsh--w- c:\documents and settings\hp_owner.your-d0f670b45a\PrivacIE
2010-02-26 23:45:59 230808 ----a-r- c:\windows\system32\cpnprt2.cid
2010-02-26 23:45:53 0 d-----w- c:\windows\Cache
2010-02-26 21:37:12 0 dcsh--w- c:\documents and settings\hp_owner.your-d0f670b45a\IETldCache
2010-02-26 01:16:43 0 d--h--w- c:\windows\msdownld.tmp
2010-02-25 21:03:55 42 ----a-w- c:\windows\system32\APCT.lie
2010-02-25 20:48:56 173568 ----a-w- c:\windows\system32\dllcache\sysmoda.dll
2010-02-25 20:47:56 412160 ------w- c:\windows\system32\photometadatahandler.dll
2010-02-25 20:46:59 36352 ----a-w- c:\windows\system32\dllcache\intelppm.sys
2010-02-25 02:12:03 50864 -c--a-w- c:\docume~1\hp_own~1.you\applic~1\GDIPFONTCACHEV1.DAT
2010-02-24 08:25:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll.old-d62e2c57
2010-02-24 08:25:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-24 08:25:15 0 d-----w- c:\windows\system32\drivers\Avg
2010-02-24 08:25:00 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-02-24 08:24:59 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-24 08:24:59 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-23 22:39:37 900 -c--a-w- c:\documents and settings\hp_owner.your-d0f670b45a\Eudora.lnk
2010-02-23 22:39:37 0 dc----w- c:\docume~1\hp_own~1.you\applic~1\Qualcomm
2010-02-23 18:13:44 272128 ----a-w- c:\windows\system32\dllcache\bthport.sys
2010-02-23 18:13:44 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-02-23 18:08:17 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-02-23 03:08:12 0 d-----w- c:\windows\system32\PreInstall
2010-02-22 23:57:47 0 d-----w- c:\windows\system32\NtmsData
2010-02-22 23:22:37 647872 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2010-02-22 21:22:08 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-02-22 21:18:24 0 ----a-w- c:\windows\EEventManager.INI
2010-02-21 22:32:40 0 d-----w- c:\program files\Avanquest update
2010-02-21 22:32:22 348160 ----a-w- c:\windows\system32\MFC30.DLL
2010-02-21 02:27:29 0 d-----w- c:\program files\common files\EPSON
2010-02-21 02:13:48 0 d-----w- c:\program files\ABBYY FineReader 6.0 Sprint
2010-02-21 02:13:30 0 dc----w- c:\docume~1\alluse~1\applic~1\ArcSoft
2010-02-21 02:11:28 0 d-----w- c:\program files\EpsonNet
2010-02-21 02:11:18 97 ----a-w- c:\windows\system32\PICSDK.ini
2010-02-21 02:09:43 0 d-----w- c:\program files\Epson Software
2010-02-21 02:09:28 9216 ----a-w- c:\windows\system32\escdev.dll
2010-02-21 02:09:28 71680 ----a-w- c:\windows\system32\escwiad.dll
2010-02-21 02:08:30 44 ----a-w- c:\windows\EPART800.ini
2010-02-21 01:35:48 0 d-----w- c:\windows\system32\LogFiles
2010-02-21 00:48:53 318 -c-ha-w- C:\IPH.PH
2010-02-21 00:48:53 0 d-----w- c:\program files\common files\AOL
2010-02-21 00:39:34 0 dc----w- c:\docume~1\hp_own~1.you\applic~1\MSNInstaller
2010-02-20 01:57:33 0 dc----w- C:\Linksys Driver
2010-02-18 23:58:37 0 d-----w- c:\program files\Linksys
2010-02-18 23:57:18 15312 ----a-r- c:\windows\system32\RaCoInst.dat
2010-02-18 23:57:17 627072 ----a-r- c:\windows\system32\drivers\WUSB54GCv3.sys
2010-02-18 23:57:17 221184 ----a-w- c:\windows\system32\RaCoInst.dll
2010-02-18 23:33:43 0 dcsha-r- C:\cmdcons
2010-02-18 23:33:38 0 d-----w- c:\windows\setup.pss
2010-02-18 23:17:08 0 dc----w- c:\docume~1\hp_own~1.you\applic~1\HPQ
2010-02-18 20:49:51 0 dcs---w- c:\documents and settings\hp_owner.your-d0f670b45a\UserData
2010-02-18 19:43:47 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-02-18 19:43:34 966765 ----a-w- c:\windows\system32\acAuth.dll
2010-02-18 19:43:34 36864 ----a-w- c:\windows\system32\RtlGina2.dll
2010-02-18 19:43:34 262144 ----a-w- c:\windows\system32\WG1v2lib.dll
2010-02-18 19:43:34 194304 ----a-w- c:\windows\system32\drivers\wg111v2.sys
2010-02-18 19:43:34 1069056 ----a-w- c:\windows\system32\libeay32.dll
2010-02-18 19:43:33 356352 ----a-w- c:\windows\system32\SCMLib.dll
2010-02-18 19:43:33 143360 ----a-w- c:\windows\system32\IpLib.dll
2010-02-18 19:43:31 0 d-----w- c:\program files\NETGEAR
2010-02-18 19:42:02 0 d-----w- c:\program files\CCleaner
2010-02-18 19:38:18 1770 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_EX495AV-ABA a1550e_YC_0Pavi_QMXG631_E63NAhcBLA3_48_INODUS_SASUSTek Computer INC._V1.03_B3.07_T060802_WXH2_L409_M959_J160_7AMD_8Athlon 64 X2 Dual Core_92.2_#060822_N_Z14F12F20_G10DE0241.MRK
2010-02-18 19:36:55 0 dc----w- c:\docume~1\hp_own~1.you\applic~1\Intuit
2010-02-18 19:30:53 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-02-18 19:30:53 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2010-02-18 19:30:50 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-02-18 19:30:50 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2010-02-18 19:30:49 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-02-18 19:30:49 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-02-18 19:30:44 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-02-18 19:30:44 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2010-02-18 19:30:37 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-02-18 19:30:37 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-02-18 19:00:29 0 d-sh--r- c:\windows\system32\dllcache
2010-02-16 02:50:20 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-02-16 02:50:20 69632 ----a-w- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\dllcache\srv.sys
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\dllcache\wininet.dll
2009-12-21 19:14:05 916480 ------w- c:\windows\system32\wininet.dll
2009-12-21 19:14:05 1208832 ----a-w- c:\windows\system32\dllcache\urlmon.dll
2009-12-21 19:14:04 5942784 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2009-12-21 19:14:04 206848 ----a-w- c:\windows\system32\dllcache\occache.dll
2009-12-21 19:14:03 25600 ----a-w- c:\windows\system32\dllcache\jsproxy.dll
2009-12-21 19:14:03 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll
2009-12-21 19:14:01 387584 ----a-w- c:\windows\system32\dllcache\iedkcs32.dll
2009-12-21 13:19:18 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll

============= FINISH: 17:33:47.42 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:58 AM

Posted 13 March 2010 - 04:23 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 parasyte

parasyte
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 13 March 2010 - 11:24 PM

QUOTE(myrti @ Mar 13 2010, 01:23 PM) View Post
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.


Thanks, I have resolved the issue and the computer has been returned to its owner. I'm not entirely certain what the cause was, but the symptoms disappeared after an in-place upgrade of Windows XP.

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:58 AM

Posted 15 March 2010 - 04:20 PM

Since this topic appears to be resolved, I will now close it. Thanks for letting us know!

If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users