Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Quick Defragmenter


  • This topic is locked This topic is locked
3 replies to this topic

#1 Dadarules

Dadarules

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 09 November 2010 - 01:14 PM

Hello,

First off thanks for the help!! This is my 5th+ time trying to post - this time from another computer. I had written detailed overview and pressed POST NEW TOPIC and it came up with an Explorere Pag Not Found page - if any of them posted and I am reposting then Sorry. I have tried mutliple resources to correct\protect but have ended up with a buffet of programs on my computer and am looking to just listen and do what I am told by you to try to fix\protect going forward - I will delete or use what I am told regardless if I bought it or it was a free download. If you tell me to throw this laptop out the window then watchout below!! I know enough to know I don't know enough. I have done the HDD Defrag tutorial on this site along with the tdskiller and that laptop still cannot post here.

At this point I think the biggest issue is Quick Defragmenter but I also think there is a bigger issue bringing nasty things like HDD & Quick Defrag into my computer somehow. I also have downloaded the program that looks at seeing if you are out of date in programs - I need to unistall and reinstall Java still.

I have had infection issues recurring for a while on this laptop and home computer and have tried to correct them using mulitple programs\solutions even buying both A-Squared (Emsisoft) and STOPZilla to clean\protect them (did not get STOPZilla for the home computer). From what I understand two protection programs like I have should not be run at the same time - I do not or at least try not to do this.

An infection ended up disabling A-Squared whenever I would startup so I looked for another option to see if I could get something that would beat that infection and STOPZilla found things not found by A-Squared and it would startup most of the time. I will run one then turn it off and run another lately trying to blanket the coverage but that bandaid isn't solving the core issues because the same infections resurface immediately at times.

SYMPTONS\ISSUES

I have PopUps (Quick Deframentation HDD Defragmenter), Redirects (to Google Business - I think the site is fake, PC Maximizer and sometimes multiple blank pages)and Processes running on Startup and disabling functionality of STOPZilla (PopUp Protection, Spyware Protection and Site Protection all are "Disabled" when I startup along with Explorer PopUp blocker turned OFF). Sometimes I do not have program icons even show up on bottom toolbar and I need to reboot a couple time to get functionality back along with the other programs I do not want being there like Quick Defragmenter or HDD Defragmenter. Also PopUps with a red circle and white X noting "Windows- No Disc" or "Critical Error - No Space on Drive C" show up. I have also had issues with updating to the current JAVA in the recent months but have been done it successfully (I think). I note this because multiple infections found in the recent month include JAVA in the name.

Here are the infections I have had occur\reoccur in the past month that are noted in the A-Squared log (I can access my STOPZilla logs for some reason - recently the infection has "unregistered" and I needed to put the registration code in again and it shows no logs):

  • VIRUS.WIN32.VBInject!IK
  • Expoit.JAVA.CVE-2008!IK
  • JAVA.Trojan-Downloader.JAVA.OpenConnection!IK
  • TROJAN-Downloader.JAVA.OpenStream!IK
  • Trojan.Win32.Meredrop!IK
  • Trojan.HTML.FRAUD!IK

Here are the updated from after doing the HDD and TDDS tutorials DDS & Attach and ARK (not updated - computer crashed while running) files.

Thanks again in advance:


DDS (Ver_10-11-08.01) - NTFSx86 NETWORK
Run by boylej1 at 22:51:39.78 on Mon 11/08/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3536.3218 [GMT -5:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Emsisoft Anti-Malware *On-access scanning disabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\boylej1\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.syracuse.com/
uInternet Settings,ProxyServer = corpgate.labcorp.com:8080
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [JTLgdHcECl.exe] c:\docume~1\boylej1\locals~1\temp\JTLgdHcECl.exe
uRun: [619656] c:\docume~1\boylej1\locals~1\temp\619656.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [lxdrmon.exe] "c:\program files\lexmark 4900 series\lxdrmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 4900 series\ezprint.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\boylej1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{ccbaa1f7-e5e1-48b2-9ed9-a79c6a37ce78}\Icon3E5562ED7.ico
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232561663078
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1260298305781
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} - hxxps://www1.gotomeeting.com/default/applets/g2mdlax.cab
DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://portal.labcorp.com/InternalSite/WhlCompMgr.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} - hxxps://webaccess.labcorp.com/owa/MWScripts/AttachView/1.5/DAX.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://72.236.138.36/activex/AMC.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://orbitz.webex.com/client/wbs27-vzbprodcn/event/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-2-15 207280]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-12-7 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2010-5-12 59280]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-7-8 244368]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-7 61328]
S1 a2injectiondriver;a2injectiondriver;c:\program files\a-squared anti-malware\a2dix86.sys [2010-5-12 41928]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files\a-squared anti-malware\a2util32.sys [2010-5-12 11776]
S1 ltmfepk32;ltmfepk32;c:\windows\system32\drivers\ltmfepk32.sys [2008-4-14 303904]
S2 a2AntiMalware;a-squared Anti-Malware Service;c:\program files\a-squared anti-malware\a2service.exe [2010-2-15 2806000]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-2-15 198608]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-10 136176]
S2 lxdr_device;lxdr_device;c:\windows\system32\lxdrcoms.exe -service --> c:\windows\system32\lxdrcoms.exe -service [?]
S2 lxdrCATSCustConnectService;lxdrCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdrserv.exe [2010-4-13 98984]
S2 MAXPCDO_SRV;MAXPCDO_SRV;c:\program files\maxpc\MAXPCDefragSrv.exe [2010-10-2 248072]
S2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2009-3-10 103744]
S2 mstbsvc;MSN Toolbar Setup;c:\program files\msn\toolbar\4.0.0412.0\mstbsvc.exe [2010-4-6 102752]
S3 a2acc;a2acc;c:\program files\a-squared anti-malware\a2accx86.sys [2010-5-12 72808]
S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2008-12-1 112128]
S3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2008-7-22 32808]
S3 DMService;Whale Component Manager;c:\windows\downlo~1\DMService.exe [2010-11-2 423576]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-9-16 110080]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\b.tmp --> c:\windows\system32\B.tmp [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 14904]

=============== Created Last 30 ================

2010-11-09 00:01:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-08 23:08:57 -------- d-----w- c:\program files\Secunia
2010-11-04 16:01:04 -------- d-----w- c:\program files\Citrix
2010-10-22 01:06:01 -------- d-----w- C:\Microsoft
2010-10-21 17:09:43 -------- d-----w- c:\program files\STOPzilla!
2010-10-20 21:41:14 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2010-10-20 21:41:14 546256 ----a-r- c:\windows\system32\SZComp5.dll
2010-10-20 21:41:14 452048 ----a-r- c:\windows\system32\SZBase5.dll
2010-10-20 21:41:14 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2010-10-20 21:41:14 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2010-10-20 21:41:14 22992 ----a-r- c:\windows\system32\SZIO5.dll
2010-10-20 21:41:14 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2010-10-20 21:41:12 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2010-10-20 21:41:12 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2010-10-20 21:41:12 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2010-10-20 21:41:12 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2010-10-20 21:41:12 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2010-10-20 13:46:02 -------- d-----w- c:\docume~1\boylej1\locals~1\applic~1\Temp
2010-10-10 23:41:47 -------- d-----w- c:\docume~1\boylej1\locals~1\applic~1\Google

==================== Find3M ====================

2010-11-09 00:01:05 472808 ----a-w- c:\windows\system32\deployJava1.dll

============= FINISH: 22:52:22.23 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:27 AM

Posted 16 November 2010 - 12:51 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply



Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".


information and logs:

In your next post I need the following

1.logs from DDS
2.log from RKUnHooker
3.let me know of any problems you may have had
[/list]
Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:27 AM

Posted 18 November 2010 - 11:30 PM

Hello

three day bump

It has been Three days since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:27 AM

Posted 22 November 2010 - 12:02 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.


With Regards,
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users