Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow XP Pro (SP3) Start up


  • This topic is locked This topic is locked
4 replies to this topic

#1 Dogspods

Dogspods

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 13 December 2010 - 12:00 PM

PC has become more than a little sluggish of late, thought I'd post a HiJackThis log just to make sure there isn't anything nasty hidden away.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:58:44, on 13/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\System32\ATMsrvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Registry Clean Expert\RCHelper.exe
C:\Program Files\Extensis\Extensis Suitcase 11\Suitcase.exe
C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe
C:\Documents and Settings\xfactor\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\BUFFALO\NASNAVI\nassche.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\Crusty.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCHelper.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: BUFFALO NAS Navigator.lnk = C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\xfactor\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: NAS Scheduler.lnk = C:\Program Files\BUFFALO\NASNAVI\nassche.exe
O4 - Global Startup: Suitcase 11.0.lnk = ?
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ImageUploader4 - http://photos.next.co.uk/apps/ipc/downloads//ImageUploader4.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ATM Service (ATMsrvc) - Adobe Systems Incorporated - C:\WINDOWS\System32\ATMsrvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NAS PM Service (NasPmService) - BUFFALO INC. - C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 8253 bytes

BC AdBot (Login to Remove)

 


#2 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:12:58 PM

Posted 22 December 2010 - 07:31 AM

Hello and welcome to Bleeping Computer

I'm judicandus and I'll be helping you out.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

Please post a DDS log and Gmer log. For instructions please read this post:
http://www.bleepingcomputer.com/forums/topic34773.html

#3 Dogspods

Dogspods
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 23 December 2010 - 08:20 AM

DDS Log:


DDS (Ver_10-12-12.02) - NTFSx86
Run by S-Bird at 9:53:51.18 on 23/12/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2329 [GMT 0:00]

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\System32\ATMsrvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Registry Clean Expert\RCHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Extensis\Extensis Suitcase 11\Suitcase.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe
C:\Documents and Settings\xfactor\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\BUFFALO\NASNAVI\nassche.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\xfactor\Desktop\Defogger.exe
C:\Documents and Settings\xfactor\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [RegClean Expert Scheduler] "c:\program files\registry clean expert\RCHelper.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\xfactor\startm~1\programs\startup\buffal~1.lnk - c:\program files\buffalo\nasnavi\NasNavi.exe
StartupFolder: c:\docume~1\xfactor\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\xfactor\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\xfactor\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\xfactor\startm~1\programs\startup\nassch~1.lnk - c:\program files\buffalo\nasnavi\nassche.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\suitcase 11.0.lnk - c:\windows\installer\{7451c9b5-3e10-4e59-ad37-ab7438d84288}\_01D57C9244869186542E24.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
DPF: ImageUploader4 - hxxp://photos.next.co.uk/apps/ipc/downloads//ImageUploader4.cab
DPF: {00000161-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaudio.cab
DPF: {00000161-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaud.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {32564D57-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv8ax.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R0 42264512;42264512 Boot Guard Driver;c:\windows\system32\drivers\42264512.sys [2010-7-14 37392]
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2010-5-5 40560]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\VCdRom.sys [2009-11-26 8576]
S0 bipkppp;bipkppp;c:\windows\system32\drivers\pygmjg.sys --> c:\windows\system32\drivers\pygmjg.sys [?]
S0 cerc6;cerc6; [x]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys --> c:\windows\system32\drivers\ntcdrdrv.sys [?]
S1 42264511;42264511;c:\windows\system32\drivers\42264511.sys --> c:\windows\system32\drivers\42264511.sys [?]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\superadblocker.com\super ad blocker\sabkutil.sys --> c:\program files\superadblocker.com\super ad blocker\SABKUTIL.sys [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-26 136176]
S2 MSSQL$MYMOVIES;SQL Server (MYMOVIES);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S2 NasPmService;NAS PM Service;c:\program files\buffalo\nasnavi\nassvc.exe -service_execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 --> c:\program files\buffalo\nasnavi\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 [?]
S3 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\drivers\rcblan.sys [2008-12-27 39704]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-12-17 27064]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-13 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== File Associations ===============

.txt=

=============== Created Last 30 ================

2010-12-23 09:25:09 -------- d-----w- C:\Adobe.Creative.Suite.5.Master.Collection
2010-12-21 10:15:05 -------- d-----w- c:\program files\Bulk Rename Utility
2010-12-17 12:31:30 -------- d-----w- c:\documents and settings\xfactor\comtypes_cache
2010-12-17 11:49:01 -------- d-----w- c:\docume~1\xfactor\locals~1\applic~1\VS Revo Group
2010-12-17 11:48:46 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-12-17 11:48:44 -------- d-----w- c:\program files\VS Revo Group
2010-12-15 11:37:17 -------- d-----w- c:\docume~1\xfactor\applic~1\Windows Desktop Search
2010-12-15 11:35:00 -------- d-----w- c:\program files\Windows Desktop Search
2010-12-15 11:23:28 -------- d-----w- C:\WINSSLog
2010-12-07 10:41:24 -------- d-----w- c:\docume~1\xfactor\applic~1\NASNaviator2
2010-12-07 10:40:53 -------- d-----w- c:\program files\BUFFALO
2010-12-06 10:01:20 -------- d-----w- c:\docume~1\xfactor\locals~1\applic~1\Conduit
2010-12-06 10:01:18 -------- d-----w- c:\docume~1\xfactor\locals~1\applic~1\BitTorrentBar
2010-12-06 10:01:03 -------- d-----w- c:\docume~1\xfactor\locals~1\applic~1\ConduitEngine
2010-12-02 12:10:02 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-12-02 12:10:02 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-02 11:31:05 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-12-02 11:30:46 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-12-02 11:30:46 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-12-02 11:29:20 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-12-02 11:29:20 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-12-02 11:29:20 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-12-02 11:29:20 4882432 ----a-w- c:\windows\system32\nvcuda.dll
2010-12-02 11:29:20 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
2010-12-02 11:29:20 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-12-02 11:29:20 2293194 ----a-w- c:\windows\system32\nvdata.bin
2010-12-02 11:29:20 1462272 ----a-w- c:\windows\system32\nvapi.dll
2010-12-02 11:29:20 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
2010-12-02 11:29:20 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
2010-12-02 09:05:35 -------- d-sha-r- C:\cmdcons
2010-11-29 16:17:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\Mr Retro
2010-11-29 16:07:44 -------- d-----w- c:\docume~1\xfactor\applic~1\Mr Retro
2010-11-29 16:03:33 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2010-11-29 16:03:27 -------- d-----w- c:\program files\MagicDisc

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-08 01:20:24 89088 -c--a-w- c:\windows\MBR.exe
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-22 06:23:22 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
2005-07-14 18:31:20 27648 -csha-w- c:\windows\system32\AVSredirect.dll

============= FINISH: 9:55:02.10 ===============


The GMER scan is STILL running 3hrs later :( Will post the log when it's complete.

#4 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:12:58 PM

Posted 23 December 2010 - 10:27 AM

Hi dogspods,

If the gmer log isn't finished yet cancel it and run the following:


We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

#5 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:12:58 PM

Posted 12 January 2011 - 02:47 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users