Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows explorer keeps crashing..


  • This topic is locked This topic is locked
2 replies to this topic

#1 FoxGi

FoxGi

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 02 July 2010 - 12:15 PM

EDIT:Moved to proper forum,Virus, Trojan, Spyware, and Malware Removal Logs~~boopme

Hi, I have windows Vista Home premium 32 bit OS installed on my computer. For the past week or so, my computer has been acting really weird and running extremely slow. Firefox won't load some pages. Most sites that equire secure sign-ins take ages. Like ebay, and online bankings, HSBC etc. and then for some reason my browser goes offline out of the blue, tells me that I can't browse because the browser is working offline (happens a lot more on IE than Fiefox though, but it does happen on both).

Also sometimes firefox shuts down on its own, without any warning or an error message, when I download something, clicking on the recently downloaded programme doesn't open it, when I right click and then open the folder containing the downloaded item, even the folder doesn't open and when I try to manually open the "download" folder or sometimes even when I try to open control panel, I get a message windows explorer has stopped working and is restarting, sometimes not even the message and windows explorer just crashes on it's own without any error.

I've tried using google chome, but sometimes it just won't load pages. I click on the plus tab, and type the adress some it would load, but some it won't no matter what. the page stays blank which is weid because I've used Chrome before and when you open a new tab the page is never blank, instead it shows your previously opened pages or the history (unless you specifically tell chrome to not show frequently visted pages/sites which I haven't done). Chrome does show frequently visited sites sometimes, and when it does sites do load when I type the address on the address bar but sometimes it's just blank and when I type an address when it's blank it doesn't load anything. Also, windows explorer shuts down and restarts on it's own at least every hour or so.

yesterday, I installed avast virus scanner and scanned my computer it showed some .exe infected files, I got avast to delete them. They were win32:MalOb-AL and JS:Downloader-EH. And then ran spybot, but S&D keeps crashing, or takes ages to check for infected files, a lot more than it used to. Most programmes on my computer either crash themselves, or they crash windows explorer and restarts explorer after a few minutes and I have to re-open the programme, like for example when I try to open MS word or Photoshop, etc.

What can I do? please help me!

I'm posting Hijackthis and DDS logs.

Hijackthis log

QUOTE
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:58:29, on 02/07/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16851)
Boot mode: Normal

Running processes:
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:Program FilesJavajre6binjusched.exe
C:WindowsSystem32igfxpers.exe
C:Program FilesSonyISB UtilityISBMgr.exe
C:WindowsSystem32hkcmd.exe
C:Program FilesApointApoint.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:Program FilesHPDigital ImagingbinHpqSRmon.exe
C:Program FilesSonyNetwork UtilityLANUtil.exe
C:Program FilesOlympusibolycamdetect.exe
C:Usersabd ashAppDataLocalGoogleUpdateGoogleUpdate.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Windowssystem32svchost.exe
C:Program FilesApointApntex.exe
C:Windowssystem32wbemunsecapp.exe
C:Windowssystem32wuauclt.exe
C:Windowssystem32igfxsrvc.exe
C:Windowsexplorer.exe
C:Program FilesTrend MicroHijackThisHiJackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.club-vaio.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://uk.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.club-vaio.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.club-vaio.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://uk.yahoo.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:Program FilesHPSmart Web Printinghpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:Program FilesMicrosoftSearch Enhancement PackSearch HelperSearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:Program FilesWindows LiveToolbarwltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:Program FilesWindows LiveToolbarwltcore.dll
O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre6binjusched.exe"
O4 - HKLM..Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM..Run: [Persistence] C:Windowssystem32igfxpers.exe
O4 - HKLM..Run: [ISBMgr.exe] "C:Program FilesSonyISB UtilityISBMgr.exe"
O4 - HKLM..Run: [IgfxTray] C:Windowssystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:Windowssystem32hkcmd.exe
O4 - HKLM..Run: [Apoint] C:Program FilesApointApoint.exe
O4 - HKLM..Run: [GrooveMonitor] "C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe"
O4 - HKLM..Run: [hpqSRMon] C:Program FilesHPDigital ImagingbinhpqSRMon.exe
O4 - HKLM..Run: [MDS_Menu] "C:Program FilesOlympusibMUITransferMUIStartMenu.exe" "C:Program FilesOlympusib" UpdateWithCreateOnce "SoftwareOLYMPUSib1.0"
O4 - HKLM..Run: [NokiaMServer] C:Program FilesCommon FilesNokiaMPlatformNokiaMServer /watchfiles startup
O4 - HKLM..Run: [NokiaMusic FastStart] "C:Program FilesNokiaOvi PlayerNokiaOviPlayer.exe" /command:faststart
O4 - HKLM..Run: [NBKeyScan] "C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe"
O4 - HKLM..Run: [avast5] C:PROGRA~1ALWILS~1Avast5avastUI.exe /nogui
O4 - HKCU..Run: [NSUFloatingUI] "C:Program FilesSonyNetwork UtilityLANUtil.exe"
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKCU..Run: [Olympus ib] "C:Program FilesOlympusibolycamdetect.exe" /Startup
O4 - HKCU..Run: [Google Update] "C:Usersabd ashAppDataLocalGoogleUpdateGoogleUpdate.exe" /c
O4 - HKCU..Run: [userinit] C:Usersabd ashAppDataRoamingsdra64.exe
O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 - HKCU..Run: [ooVoo.exe] C:program filesoovoooovoo.exe /minimized
O4 - HKUSS-1-5-18..Run: [Picasa Media Detector] C:Program FilesPicasa2PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [Picasa Media Detector] C:Program FilesPicasa2PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: ntuser_mssec.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:Program FilesHPSmart Web Printinghpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:Program FilesHPSmart Web Printinghpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O17 - HKLMSystemCCSServicesTcpip..{0E255143-4BB0-480C-B14C-FA995DF85426}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:Windowssystem32browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:Program FilesCommon FilesLogiShrdLVCOMSERLVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibMSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:Program FilesSonyNetwork UtilityNSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:Program FilesCommon FilesSony SharedAVLibPACSPTISVR.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:Program FilesSpybot - Search & DestroySDWinSec.exe
O23 - Service: ServiceLayer - Nokia - C:Program FilesNokiaPC Connectivity SolutionServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibSPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:Program FilesCommon FilesSony SharedVAIO Entertainment PlatformVzCsVzHardwareResourceManagerVzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:Program FilesSonyVAIO Media Integrated ServerVMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:Program FilesSonyVAIO Media Integrated ServerPlatformSV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:Program FilesSonyVAIO Media Integrated ServerPlatformUPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:Program FilesSonyVAIO Media Integrated ServerPlatformVmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:Program FilesSonyVAIO Media Integrated ServerUCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:Program FilesSonyVAIO Media Integrated ServerPlatformSV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:Program FilesSonyVAIO Media Integrated ServerPlatformUPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:Program FilesSonyVCM Intelligent Analyzing ManagerVcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:Program FilesCommon FilesSony SharedVcmXmlVcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:Program FilesCommon FilesSony SharedVAIO Entertainment PlatformVCSWVCSW.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:Program FilesCommon FilesSony SharedVAIO Entertainment PlatformVzCdbVzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:Windowssystem32DRIVERSxaudio.exe

--
End of file - 12112 bytes



DDS log

QUOTE
DDS (Ver_10-03-17.01) - NTFSx86
Run by abd ash at 19:01:37.40 on 02/07/2010
Internet Explorer: 7.0.6000.16851 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6000.0.1252.44.1033.18.2038.682 [GMT 1:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton 360 *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: avast! Antivirus *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

============== Running Processes ===============

C:Windowssystem32wininit.exe
C:Windowssystem32lsm.exe
C:Windowssystem32svchost.exe -k DcomLaunch
C:Windowssystem32svchost.exe -k rpcss
C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted
C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted
C:Windowssystem32svchost.exe -k netsvcs
C:Windowssystem32SLsvc.exe
C:Windowssystem32svchost.exe -k LocalService
C:Windowssystem32svchost.exe -k NetworkService
C:WindowsSystem32spoolsv.exe
C:Windowssystem32taskeng.exe
C:Windowssystem32svchost.exe -k LocalServiceNoNetwork
C:Windowssystem32Dwm.exe
C:Windowssystem32svchost.exe -k hpdevmgmt
C:Program FilesJavajre6binjusched.exe
C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe
C:WindowsSystem32igfxpers.exe
C:Program FilesSonyISB UtilityISBMgr.exe
C:Program FilesSonyNetwork UtilityNSUService.exe
C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted
C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe
C:Program FilesApointApoint.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:Program FilesHPDigital ImagingbinHpqSRmon.exe
C:Windowssystem32svchost.exe -k imgsvc
C:Program FilesSonyNetwork UtilityLANUtil.exe
C:Program FilesOlympusibolycamdetect.exe
C:Usersabd ashAppDataLocalGoogleUpdateGoogleUpdate.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Program FilesCommon FilesSony SharedVAIO Entertainment PlatformVCSWVCSW.exe
C:Windowssystem32DRIVERSxaudio.exe
C:Windowssystem32svchost.exe -k netsvcs
C:Program FilesSpybot - Search & DestroySDWinSec.exe
C:Program FilesWindows Media Playerwmpnetwk.exe
C:Windowssystem32SearchIndexer.exe
C:Program FilesApointApMsgFwd.exe
C:Program FilesApointApntex.exe
C:Windowssystem32wbemunsecapp.exe
C:Windowssystem32wbemwmiprvse.exe
C:Windowssystem32wuauclt.exe
C:Windowssystem32taskeng.exe
C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
C:Program FilesAlwil SoftwareAvast5avastUI.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Windowsexplorer.exe
C:WindowsservicingTrustedInstaller.exe
C:Windowssystem32wbemwmiprvse.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Usersabd ashDesktopdds.scr
C:Windowssystem32igfxsrvc.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
uStart Page = hxxp://www.club-vaio.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.club-vaio.com
mStart Page = hxxp://uk.yahoo.com
mDefault_Page_URL = hxxp://uk.yahoo.com
mDefault_Search_URL = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
mSearch Page =
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:program fileshpsmart web printinghpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filescommon filesadobeacrobatactivexAcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:program filesrealrealplayerrpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:program filesmicrosoftsearch enhancement packsearch helperSearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:program fileswindows livetoolbarwltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:program fileswindows livetoolbarwltcore.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [NSUFloatingUI] "c:program filessonynetwork utilityLANUtil.exe"
uRun: [SpybotSD TeaTimer] c:program filesspybot - search & destroyTeaTimer.exe
uRun: [Olympus ib] "c:program filesolympusibolycamdetect.exe" /Startup
uRun: [Google Update] "c:usersabd ashappdatalocalgoogleupdateGoogleUpdate.exe" /c
uRun: [userinit] c:usersabd ashappdataroamingsdra64.exe
uRun: [WMPNSCFG] c:program fileswindows media playerWMPNSCFG.exe
uRun: [ooVoo.exe] c:program filesoovoooovoo.exe /minimized
mRun: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
mRun: [SunJavaUpdateSched] "c:program filesjavajre6binjusched.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Persistence] c:windowssystem32igfxpers.exe
mRun: [ISBMgr.exe] "c:program filessonyisb utilityISBMgr.exe"
mRun: [IgfxTray] c:windowssystem32igfxtray.exe
mRun: [HotKeysCmds] c:windowssystem32hkcmd.exe
mRun: [Apoint] c:program filesapointApoint.exe
mRun: [GrooveMonitor] "c:program filesmicrosoft officeoffice12GrooveMonitor.exe"
mRun: [hpqSRMon] c:program fileshpdigital imagingbinhpqSRMon.exe
mRun: [MDS_Menu] "c:program filesolympusibmuitransfermuistartmenu.exe" "c:program filesolympusib" updatewithcreateonce "softwareolympusib1.0"
mRun: [NokiaMServer] c:program filescommon filesnokiamplatformNokiaMServer /watchfiles startup
mRun: [NokiaMusic FastStart] "c:program filesnokiaovi playerNokiaOviPlayer.exe" /command:faststart
mRun: [NBKeyScan] "c:program filesneronero8nero backitupNBKeyScan.exe"
mRun: [avast5] c:progra~1alwils~1avast5avastUI.exe /nogui
dRun: [Picasa Media Detector] c:program filespicasa2PicasaMediaDetector.exe
StartupFolder: c:usersabd ashappdataroamingmicrosoftwindowsstart menuprogramsstartupntuser_mssec.exe
IE: E&xport to Microsoft Excel - c:progra~1micros~2office12EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:program fileswindows livewriterWriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:progra~1micros~2office12ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:program fileshpsmart web printinghpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:program fileshpsmart web printinghpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~2office12REFIEBAR.DLL
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: {0E255143-4BB0-480C-B14C-FA995DF85426} = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:program filesmicrosoft officeoffice12GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:progra~1common~1skypeSKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:usersabda~1appdataroamingmozillafirefoxprofilesud44uo1q.default
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en&source=iglk
FF - plugin: c:program filesmicrosoftoffice livenpOLW.dll
FF - plugin: c:program fileswindows livephoto galleryNPWLPG.dll
FF - plugin: c:usersabd ashappdatalocalgoogleupdate1.2.183.29npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsmicrosoft.netframeworkv3.5windows presentation foundationdotnetassistantextension

---- FIREFOX POLICIES ----
c:program filesmozilla firefoxgreprefsall.js - pref("ui.use_native_colors", true);
c:program filesmozilla firefoxgreprefsall.js - pref("ui.use_native_popup_windows", false);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.enable_click_image_resizing", true);
c:program filesmozilla firefoxgreprefsall.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:program filesmozilla firefoxgreprefsall.js - pref("javascript.options.mem.high_water_mark", 32);
c:program filesmozilla firefoxgreprefsall.js - pref("javascript.options.mem.gc_frequency", 1600);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.lu", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.nu", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.nz", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.tel", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.auth.force-generic-ntlm", false);
c:program filesmozilla firefoxgreprefsall.js - pref("network.proxy.type", 5);
c:program filesmozilla firefoxgreprefsall.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:program filesmozilla firefoxgreprefsall.js - pref("svg.smil.enabled", false);
c:program filesmozilla firefoxgreprefsall.js - pref("ui.trackpoint_hack.enabled", -1);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.debug", false);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.agedWeight", 2);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.bucketSize", 1);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.maxTimeGroupings", 25);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.timeGroupingSize", 604800);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.boundaryWeight", 25);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.prefixWeight", 5);
c:program filesmozilla firefoxgreprefsall.js - pref("accelerometer.enabled", true);
c:program filesmozilla firefoxgreprefsall.js - pref("html5.enable", false);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("lightweightThemes.update.enabled", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.allTabs.previews", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("plugins.update.notifyUser", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("toolbar.customization.usesheet", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.enable", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.max", 20);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:windowssystem32driversaswSP.sys [2010-7-1 165456]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [2010-7-1 17744]
R2 aswMonFlt;aswMonFlt;c:windowssystem32driversaswMonFlt.sys [2010-7-1 50256]
R2 avast! Antivirus;avast! Antivirus;c:program filesalwil softwareavast5AvastSvc.exe [2010-7-1 40384]
R2 NSUService;NSUService;c:program filessonynetwork utilityNSUService.exe [2007-8-11 200704]
R2 SBSDWSCService;SBSD Security Center Service;c:program filesspybot - search & destroySDWinSec.exe [2008-12-15 1153368]
R3 avast! Mail Scanner;avast! Mail Scanner;c:program filesalwil softwareavast5AvastSvc.exe [2010-7-1 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:program filesalwil softwareavast5AvastSvc.exe [2010-7-1 40384]
R3 ti21sony;ti21sony;c:windowssystem32driversti21sony.sys [2007-8-1 812544]
S3 fssfltr;FssFltr;c:windowssystem32driversfssfltr.sys [2009-7-22 55280]
S3 fsssvc;Windows Live Family Safety;c:program fileswindows livefamily safetyfsssvc.exe [2009-2-6 533360]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:program filessonyvaio media integrated serverUCLS.exe [2007-8-11 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:program filessonyvaio media integrated serverplatformSV_Httpd.exe [2007-8-11 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:program filessonyvaio media integrated serverplatformUPnPFramework.exe [2007-8-11 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:program filessonyvcm intelligent analyzing managerVcmIAlzMgr.exe [2007-8-11 292152]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:program filescommon filessony sharedvcmxmlVcmXmlIfHelper.exe [2007-8-11 79736]
S4 TwonkyMedia;TwonkyMedia;c:program filesnokianokia home media servermedia servertwonkymedia.exe -serviceversion 0 --> c:program filesnokianokia home media servermedia serverTwonkyMedia.exe -serviceversion 0 [?]

=============== Created Last 30 ================

2010-07-01 21:37:48 50256 ----a-w- c:windowssystem32driversaswMonFlt.sys
2010-07-01 21:36:17 38848 ----a-w- c:windowsavastSS.scr
2010-07-01 21:35:46 0 d-----w- c:programdataAlwil Software
2010-07-01 21:24:56 0 d-----w- c:program filesoovoo
2010-06-16 18:29:46 0 d-sh--w- c:usersabda~1appdataroaminglowsec
2010-06-11 22:30:35 0 d-----w- c:usersabda~1appdataroamingoovooinstaller

==================== Find3M ====================

2010-06-01 11:52:53 4 ----a-w- c:usersabda~1appdataroamingovczpx.dat
2010-06-01 11:52:40 4 ----a-w- c:usersabda~1appdataroamingavdrn.dat
2010-05-21 13:14:28 221568 ------w- c:windowssystem32MpSigStub.exe
2010-02-23 18:24:03 86016 ----a-w- c:windowsinfinfstor.dat
2010-02-23 18:24:03 51200 ----a-w- c:windowsinfinfpub.dat
2010-02-23 18:24:02 143360 ----a-w- c:windowsinfinfstrng.dat
2008-12-13 03:18:23 174 --sha-w- c:program filesdesktop.ini
2008-06-12 21:04:43 665600 ----a-w- c:windowsinfdrvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:windowsinfperflib0409perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:windowsinfperflib0409perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:windowsinfperflib0409perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:windowsinfperflib0409perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:windowsinfperflib0000perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:windowsinfperflib0000perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:windowsinfperflib0000perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:windowsinfperflib0000perfc.dat
2009-07-05 15:12:06 16384 --sha-w- c:windowsserviceprofileslocalserviceappdatalocalmicrosoftwindowshistoryhistory.ie5index.dat
2009-07-05 15:12:06 32768 --sha-w- c:windowsserviceprofileslocalserviceappdatalocalmicrosoftwindowstemporary internet filescontent.ie5index.dat
2009-07-05 15:12:06 16384 --sha-w- c:windowsserviceprofileslocalserviceappdataroamingmicrosoftwindowscookiesindex.dat
2009-07-27 05:39:30 16384 --sha-w- c:windowstempcookiesindex.dat
2009-07-27 05:39:30 16384 --sha-w- c:windowstemphistoryhistory.ie5index.dat
2009-07-27 05:39:30 32768 --sha-w- c:windowstemptemporary internet filescontent.ie5index.dat

============= FINISH: 19:03:17.95 ===============

Edited by boopme, 02 July 2010 - 02:24 PM.


BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:56 AM

Posted 06 July 2010 - 02:54 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:56 AM

Posted 10 July 2010 - 05:33 AM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users