Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problem started with XP smart security


  • This topic is locked This topic is locked
3 replies to this topic

#1 ncbuckeye

ncbuckeye

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:48 AM

Posted 17 April 2010 - 11:05 PM

The first problem noticed was XP smart security, with continual pop-ups. I was eventually able to shut this process down. Since my previous malware program had failed to catch it, I downloaded Adaware to try an different product. I could never get this to load a run. I was able to quarantine a couple of other items with Secutiry Task Manager. My antivirus software also showed nothing on scans, so I tried a number of on-line scans, which also showed nothing.

At this point I cannot open any program from a desktop icon/shortcut unless I right click and then click start or open. For some applications I have to go to the folder on the C: drive to the actual program before I can get something to run. Whenever I do get something to open, Microsoft Money starts trying to install and will bog the system down until I cancel the install. I cannot run a system restore, and I cannot restart in safe mode (I get a blue screen with an error message inlcuding "Stop: 0x0000007B (0xF894E528 0xC0000034 0x00000000 0x00000000).

DDS txt log follows, other logs are attached.

Thanks for your help.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Dan at 8:10:17.79 on Sat 04/17/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.168 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\WINDOWS\system32\wuauclt.exe
svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Dan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dellnet.com/
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: CCHelper Class: {0cf0b8ee-6596-11d5-a98e-0003470bb48e} - c:\program files\panicware\pop-up stopper\CCHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - c:\program files\microsoft money\system\mnyviewer.dll
TB: Pa&nicware Pop-Up Stopper: {7e82235c-f31e-46cb-af9f-1add94c585ff} - c:\program files\panicware\pop-up stopper\pstopper.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {6A048BB7-E017-4326-B207-AA996C77BBCB} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: MoneySide: {9404901d-06da-4b23-a0ee-3ea4f64ec9b3} - c:\program files\microsoft money\system\mnyviewer.dll
mRun: [EXSHOW95.EXE] "EXSHOW95.EXE"
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [TMRUBottedTray] "c:\program files\trend micro\rubotted\TMRUBottedTray.exe"
dRunOnce: [RunNarrator] Narrator.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} - hxxps://flnotes1.jdsu.com/iNotes.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {427273CC-764E-11D3-823D-006097F90453} - hxxp://www.photoworks.com/pixami/BPImageEditor.cab
DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - hxxp://www.napster.com/client/setup.exe
DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} - hxxp://usfulfillment.puretracks.com/onager.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} - hxxp://216.249.24.143/code/PWActiveXImgCtl.CAB
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147242130078
DPF: {6F750200-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yuplapp.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - hxxp://www.napster.com/client/isetup.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://kevinandnadja.kicks-ass.net:3331/activex/AxisCamControl.ocx
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} - hxxp://www.photoworks.com/pixami/DragDropUploader.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5950/mcfscan.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: c:\windows\system32\hereporu.dll c:\windows\system32\rohebiyi.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: jinidireg - {98a9f432-e498-4922-b54c-82ed4bc9731b} - No File
SSODL: zudeveraw - {1a9d0654-d63a-45d1-930d-eac7d380db56} - No File
STS: {98a9f432-e498-4922-b54c-82ed4bc9731b} - No File
STS: {1a9d0654-d63a-45d1-930d-eac7d380db56} - No File
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
LSA: Notification Packages = scecli kiligefu.dll

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-4-11 28552]
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [2002-8-4 6097]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-4-12 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-4-12 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-4-12 242696]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-4-12 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-4-12 308064]
R2 FlashNT;FlashNT;c:\windows\system32\drivers\FLASHNT.SYS [2003-12-5 72784]
R2 RUBotted;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\TMRUBotted.exe [2010-4-13 582992]
R2 Sdselect;Sdselect;c:\windows\system32\drivers\sdselect.sys [2003-12-5 73296]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2010-4-13 206608]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 DCamUSBVeo532;Veo Web Camera;c:\windows\system32\drivers\ubveo532.sys --> c:\windows\system32\drivers\ubVeo532.sys [?]
S3 naecd;naecd;\??\c:\docume~1\dan\locals~1\temp\naecd.sys --> c:\docume~1\dan\locals~1\temp\naecd.sys [?]
S3 PTHSBUS;Curitel USB Composite Device Driver (UDP);c:\windows\system32\drivers\PTHSBUS.sys [2009-3-14 27008]
S3 PTHSMDM;Curitel Packet Service Drivers (UDP);c:\windows\system32\drivers\PTHSMDM.sys [2009-3-14 41344]
S3 PTHSVSP;Curitel Packet Service Diagnostic Serial Port (UDP);c:\windows\system32\drivers\PTHSVSP.sys [2009-3-14 39680]
S3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys [2010-4-13 17544]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [2002-8-4 299923]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [2010-4-13 206608]

=============== Created Last 30 ================

2010-04-17 06:07:16 0 ----a-w- c:\documents and settings\dan\defogger_reenable
2010-04-14 01:10:34 0 d-----w- c:\windows\McAfee.com
2010-04-14 00:49:14 0 d-----w- c:\program files\TrendMicro
2010-04-14 00:45:56 206608 ----a-w- c:\windows\system32\drivers\TMPassthru.sys
2010-04-14 00:45:49 0 d-----w- c:\program files\Trend Micro
2010-04-14 00:38:34 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-04-13 11:09:24 17544 ----a-w- c:\windows\system32\drivers\RkPavproc1.sys
2010-04-12 19:34:18 112 ----a-w- c:\docume~1\alluse~1\applic~1\1a2377.dat
2010-04-12 11:44:11 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-12 11:44:04 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-12 11:43:52 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-12 11:42:59 0 d-----w- c:\windows\system32\drivers\Avg
2010-04-11 22:22:46 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-04-11 04:40:50 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-21 14:23:20 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-03-21 14:22:13 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-21 03:27:36 0 d-----w- c:\docume~1\dan\applic~1\Malwarebytes
2010-03-21 03:27:22 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-21 03:27:21 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-04-17 12:05:03 7304 ----a-w- c:\windows\TMP0001.TMP
2010-03-10 13:18:21 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-03-10 13:18:20 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-24 14:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 05:20:02 634648 ------w- c:\windows\system32\dllcache\iexplore.exe
2010-02-23 05:18:28 161792 ------w- c:\windows\system32\dllcache\ieakui.dll
2010-02-09 20:38:40 70984 ----a-w- c:\documents and settings\dan\g2mdlhlpx.exe
2008-10-26 04:07:35 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102620081027\index.dat
2009-10-28 23:00:06 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009102820091029\index.dat

============= FINISH: 8:12:46.50 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 ncbuckeye

ncbuckeye
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:48 AM

Posted 22 April 2010 - 10:35 PM

This problem started with XP Smart Security which got past my anti-virus software. It took some work to get the continuing pop-ups shut down. After that, I tried a number of scans using different programs to try and remove the infection. Spybot and Malwarebtyes have found and removed some, as well as Security Task Manager. My antivirus was not picking anything up, so I ran several of the online scans, which also picked up one or two items. Other times the system would bog down and be unable to finish a scan.

I still have problems. I can't open some programs unless I go to the file and right click to open or start. Whenever I do try to open something, Microsoft Money starts attempting to install andI have to cancel that before anything will proceed. I can't restart in safe mode. I get a blue screen and error message. I posted logs last week but got no response. The DDS log follows, the other files are attached.

Any help getting my system back to normal would be appreciated.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Dan at 18:10:22.60 on Thu 04/22/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.185 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe -k WudfServiceGroup
C:Program FilesAVGAVG9avgchsvx.exe
C:Program FilesAVGAVG9avgrsx.exe
C:Program FilesAVGAVG9avgcsrvx.exe
C:WINDOWSsystem32spoolsv.exe
svchost.exe
C:Program FilesAVGAVG9avgwdsvc.exe
C:Program FilesCommon FilesIntuitUpdate ServiceIntuitUpdateService.exe
C:Program FilesAVGAVG9avgnsx.exe
C:WINDOWSExplorer.EXE
C:Program FilesJavajre6binjqs.exe
C:Program FilesTrend MicroRUBottedTMRUBotted.exe
C:Program FilesAVGAVG9avgemc.exe
C:Program FilesAVGAVG9avgcsrvx.exe
C:WINDOWSsystem32ezSP_Px.exe
C:Program FilesTrend MicroRUBottedTMRUBottedTray.exe
C:WINDOWSsystem32ctfmon.exe
svchost.exe
C:Documents and SettingsDanDesktopdds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dellnet.com/
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: CCHelper Class: {0cf0b8ee-6596-11d5-a98e-0003470bb48e} - c:program filespanicwarepop-up stopperCCHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:program filesavgavg9avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:progra~1spybot~1SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll
BHO: {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - c:program filesmicrosoft moneysystemmnyviewer.dll
TB: Pa&nicware Pop-Up Stopper: {7e82235c-f31e-46cb-af9f-1add94c585ff} - c:program filespanicwarepop-up stopperpstopper.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {6A048BB7-E017-4326-B207-AA996C77BBCB} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:windowssystem32Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: MoneySide: {9404901d-06da-4b23-a0ee-3ea4f64ec9b3} - c:program filesmicrosoft moneysystemmnyviewer.dll
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
mRun: [EXSHOW95.EXE] "EXSHOW95.EXE"
mRun: [ezShieldProtector for Px] c:windowssystem32ezSP_Px.exe
mRun: [TMRUBottedTray] "c:program filestrend microrubottedTMRUBottedTray.exe"
dRunOnce: [RunNarrator] Narrator.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:progra~1spybot~1SDHelper.dll
Trusted Zone: intuit.comttlc
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:windowsjavaclassesxmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} - hxxps://flnotes1.jdsu.com/iNotes.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:program filesyahoo!commonyinsthelper.dll
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {427273CC-764E-11D3-823D-006097F90453} - hxxp://www.photoworks.com/pixami/BPImageEditor.cab
DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - hxxp://www.napster.com/client/setup.exe
DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} - hxxp://usfulfillment.puretracks.com/onager.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} - hxxp://216.249.24.143/code/PWActiveXImgCtl.CAB
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147242130078
DPF: {6F750200-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yuplapp.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - hxxp://www.napster.com/client/isetup.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://kevinandnadja.kicks-ass.net:3331/activex/AxisCamControl.ocx
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} - hxxp://www.photoworks.com/pixami/DragDropUploader.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5950/mcfscan.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:program filesavgavg9avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: c:windowssystem32hereporu.dll c:windowssystem32rohebiyi.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll
SSODL: jinidireg - {98a9f432-e498-4922-b54c-82ed4bc9731b} - No File
SSODL: zudeveraw - {1a9d0654-d63a-45d1-930d-eac7d380db56} - No File
STS: {98a9f432-e498-4922-b54c-82ed4bc9731b} - No File
STS: {1a9d0654-d63a-45d1-930d-eac7d380db56} - No File
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:progra~1window~4MpShHook.dll
LSA: Notification Packages = scecli kiligefu.dll

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:windowssystem32driverspavboot.sys [2010-4-11 28552]
R0 sonyhcb;Sony Digital Imaging Base;c:windowssystem32driverssonyhcb.sys [2002-8-4 6097]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:windowssystem32driversavgldx86.sys [2010-4-12 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:windowssystem32driversavgmfx86.sys [2010-4-12 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:windowssystem32driversavgtdix.sys [2010-4-12 242896]
R2 avg9emc;AVG Free E-mail Scanner;c:program filesavgavg9avgemc.exe [2010-4-12 916760]
R2 avg9wd;AVG Free WatchDog;c:program filesavgavg9avgwdsvc.exe [2010-4-12 308064]
R2 FlashNT;FlashNT;c:windowssystem32driversFLASHNT.SYS [2003-12-5 72784]
R2 RUBotted;Trend Micro RUBotted Service;c:program filestrend microrubottedTMRUBotted.exe [2010-4-13 582992]
R2 Sdselect;Sdselect;c:windowssystem32driverssdselect.sys [2003-12-5 73296]
R3 TMPassthruMP;TMPassthruMP;c:windowssystem32driversTMPassthru.sys [2010-4-13 206608]
S2 WinDefend;Windows Defender;c:program fileswindows defenderMsMpEng.exe [2006-11-3 13592]
S3 DCamUSBVeo532;Veo Web Camera;c:windowssystem32driversubveo532.sys --> c:windowssystem32driversubVeo532.sys [?]
S3 naecd;naecd;??c:docume~1danlocals~1tempnaecd.sys --> c:docume~1danlocals~1tempnaecd.sys [?]
S3 PTHSBUS;Curitel USB Composite Device Driver (UDP);c:windowssystem32driversPTHSBUS.sys [2009-3-14 27008]
S3 PTHSMDM;Curitel Packet Service Drivers (UDP);c:windowssystem32driversPTHSMDM.sys [2009-3-14 41344]
S3 PTHSVSP;Curitel Packet Service Diagnostic Serial Port (UDP);c:windowssystem32driversPTHSVSP.sys [2009-3-14 39680]
S3 RkPavproc1;RkPavproc1;c:windowssystem32driversRkPavproc1.sys [2010-4-13 17544]
S3 sonyhcs;Sony Digital Imaging Video;c:windowssystem32driverssonyhcs.sys [2002-8-4 299923]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:windowssystem32driversTMPassthru.sys [2010-4-13 206608]

=============== Created Last 30 ================

2010-04-22 03:54:16 161296 ----a-w- c:windowssystem32driverstmcomm.sys
2010-04-22 00:26:23 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2010-04-22 00:26:19 20824 ----a-w- c:windowssystem32driversmbam.sys
2010-04-17 06:07:16 0 ----a-w- c:documents and settingsdandefogger_reenable
2010-04-14 01:10:34 0 d-----w- c:windowsMcAfee.com
2010-04-14 00:49:14 0 d-----w- c:program filesTrendMicro
2010-04-14 00:45:56 206608 ----a-w- c:windowssystem32driversTMPassthru.sys
2010-04-14 00:45:49 0 d-----w- c:program filesTrend Micro
2010-04-13 11:09:24 17544 ----a-w- c:windowssystem32driversRkPavproc1.sys
2010-04-12 19:34:18 112 ----a-w- c:docume~1alluse~1applic~11a2377.dat
2010-04-12 11:44:11 12464 ----a-w- c:windowssystem32avgrsstx.dll
2010-04-12 11:44:04 242896 ----a-w- c:windowssystem32driversavgtdix.sys
2010-04-12 11:43:52 216200 ----a-w- c:windowssystem32driversavgldx86.sys
2010-04-12 11:42:59 0 d-----w- c:windowssystem32driversAvg
2010-04-11 22:22:46 28552 ----a-w- c:windowssystem32driverspavboot.sys
2010-04-11 04:40:50 95024 ----a-w- c:windowssystem32driversSBREDrv.sys

==================== Find3M ====================

2010-04-22 21:56:04 7304 ----a-w- c:windowsTMP0001.TMP
2010-03-10 13:18:21 13824 ------w- c:windowssystem32dllcacheieudinit.exe
2010-03-10 13:18:20 70656 ------w- c:windowssystem32dllcacheie4uinit.exe
2010-02-24 14:16:06 181632 ------w- c:windowssystem32MpSigStub.exe
2010-02-23 05:20:02 634648 ------w- c:windowssystem32dllcacheiexplore.exe
2010-02-23 05:18:28 161792 ------w- c:windowssystem32dllcacheieakui.dll
2010-02-09 20:38:40 70984 ----a-w- c:documents and settingsdang2mdlhlpx.exe
2008-10-26 04:07:35 32768 --sha-w- c:windowssystem32configsystemprofilelocal settingshistoryhistory.ie5mshist012008102620081027index.dat
2009-10-28 23:00:06 32768 --sha-w- c:windowssystem32configsystemprofilelocal settingshistoryhistory.ie5mshist012009102820091029index.dat

============= FINISH: 18:12:46.42 ===============

I forgot to mention that I have checked the Windows Task Manager to see what processes are running. When the computer has really slowed down I have noticed that I have multiple svchost.exe running, one of which is taking up huge amounts of CPU and memory.

Thanks!

Attached Files


Edited by Orange Blossom, 22 April 2010 - 11:58 PM.
Posts merged ~BP Merged topics. ~ OB


#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:48 AM

Posted 23 April 2010 - 02:28 PM

Hello ncbuckeye,

Welcome to Bleeping Computer, and sorry for the delay. sad.gif

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

If it will not run the first time, then rename it to ncbuckeye.exe and try again. smile.gif

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:48 AM

Posted 16 May 2010 - 02:21 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users