Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with mpeg heck log link


  • This topic is locked This topic is locked
2 replies to this topic

#1 RUBBERBULLETS

RUBBERBULLETS

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 28 May 2010 - 10:02 PM

The woman with the problem above told me that the pc was very slow and unresponsive. She couldn't tell me of any errors or pop up's that she may or may not have been having. My son very kindly offered my services (thanks son wacko.gif ) i'm sorry now thats for sure! I apologise for not being able to provide any more information. She is able to surf the 'net but it is very slow online she say's, but it seems okish offline not brilliant just needed a lil tlc.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Jade at 3:16:09.25 on 29/05/2010
Internet Explorer: 8.0.6001.18904
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.959.293 [GMT -12:00]

AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\msiexec.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Jade\Desktop\dds.scr
C:\Users\Jade\AppData\Local\temp\9F5A.tmp\evP.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jade\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.co.uk/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://en.uk.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.0\NppBho.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.0\UIBHO.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [mpeg heck log link] "c:\programdata\memo title logo.sgde4"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Acer Tour Reminder]
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [Acer Empowering Technology Monitor] c:\acer\empowering technology\SysMonitor.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [WarReg_PopUp] c:\acer\wr_popup\WarReg_PopUp.exe
mRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
mRun: [fssui] "c:\program files\windows live\family safety\fsui.exe" -autorun
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [Wireless Manager] "c:\program files\virgin broadband wireless\Wireless Manager.exe" startup
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

============= SERVICES / DRIVERS ===============

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20080314.001\IDSvix86.sys [2008-3-14 261680]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-20 135664]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-3 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-11-11 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2008-2-1 1251720]
S3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2008-3-7 37936]

=============== Created Last 30 ================

2010-05-29 15:10:01 0 ----a-w- c:\users\jade\defogger_reenable
2010-05-29 13:36:04 0 d-----w- c:\programdata\Alwil Software
2010-05-29 12:54:03 0 d-----w- c:\users\jade\appdata\roaming\Foxit
2010-05-29 12:53:55 0 d-----w- c:\program files\Foxit Software
2010-05-29 12:38:19 0 d-sh--w- C:\$RECYCLE.BIN
2010-05-29 12:23:20 98816 ----a-w- c:\windows\sed.exe
2010-05-29 12:23:20 77312 ----a-w- c:\windows\MBR.exe
2010-05-29 12:23:20 256512 ----a-w- c:\windows\PEV.exe
2010-05-29 12:23:20 161792 ----a-w- c:\windows\SWREG.exe
2010-05-29 11:13:38 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-05-29 10:58:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-29 10:58:16 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-29 10:58:16 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-29 10:53:46 0 d-----w- c:\windows\pss
2010-05-29 10:03:41 0 d-----w- c:\programdata\Grisoft
2010-05-26 08:42:58 524288 --sha-w- c:\users\jade\ntuser.dat{aeef2184-689f-11df-802e-001558bbe51d}.TMContainer00000000000000000002.regtrans-ms
2010-05-26 08:42:57 65536 --sha-w- c:\users\jade\ntuser.dat{aeef2184-689f-11df-802e-001558bbe51d}.TM.blf
2010-05-26 08:42:57 524288 --sha-w- c:\users\jade\ntuser.dat{aeef2184-689f-11df-802e-001558bbe51d}.TMContainer00000000000000000001.regtrans-ms
2010-05-21 06:52:39 0 d-----w- c:\programdata\TEMP
2010-05-21 06:51:09 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-21 02:33:51 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-05-21 02:33:30 0 d-----w- c:\program files\SUPERAntiSpyware
2010-05-20 09:42:07 0 d-----w- c:\program files\a-squared Free
2010-05-20 08:09:13 0 d-----w- c:\users\jade\appdata\roaming\Malwarebytes
2010-05-20 08:09:07 0 d-----w- c:\programdata\Malwarebytes
2010-05-20 06:22:11 0 d-----w- c:\program files\(Aida32)
2010-05-20 05:29:35 0 d-----w- c:\program files\Lavalys
2010-05-15 07:14:08 0 d-----w- c:\program files\iPod(83)
2010-05-15 07:13:45 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-15 07:09:45 0 d-----w- c:\program files\QuickTime(166)
2010-05-15 07:03:31 0 d-----w- c:\users\jade\{82493334-4301-476d-baa4-9570a188d2c4}
2010-05-15 07:02:54 0 d-----w- c:\program files\Bonjour
2010-05-12 23:30:42 738816 ----a-w- c:\windows\system32\inetcomm.dll

==================== Find3M ====================

2010-05-06 22:36:38 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-29 21:59:59 54260 ----a-w- c:\windows\fonts\upclb.ttf
2010-04-29 21:59:59 152872 ----a-w- c:\windows\fonts\verdanab.ttf
2010-04-29 21:59:59 100420 ----a-w- c:\windows\fonts\consolab.ttf
2010-04-29 21:59:59 100100 ----a-w- c:\windows\fonts\cordiaui.ttf
2010-04-29 21:59:58 71068 ----a-w- c:\windows\fonts\upcil.ttf
2010-04-29 21:59:58 209844 ----a-w- c:\windows\fonts\corbeli.ttf
2010-04-12 07:48:17 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-04-12 06:53:13 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-12 06:53:12 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-04-12 06:53:09 143360 ----a-w- c:\windows\inf\infstor.dat
2010-04-09 01:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-09 01:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-05 14:01:02 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-12-09 22:42:03 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-06-19 19:15:50 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-12-21 15:55:22 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 3:16:57.43 ===============

thanks for your time Orange Blossom

Attached Files



BC AdBot (Login to Remove)

 


#2 RUBBERBULLETS

RUBBERBULLETS
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 30 May 2010 - 04:40 PM

This thread can be closed i've re-installed using the built in recovery disk method, thanks dry.gif

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:20 PM

Posted 30 May 2010 - 05:03 PM

Topic closed at member request.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users