Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Optimal Settings and other problems


  • Please log in to reply
2 replies to this topic

#1 cialo_rsf

cialo_rsf

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:34 AM

Posted 21 February 2011 - 11:32 AM

Hello there... I have a notebook with some problems. When I saw the notebook the first time it was not usable due to the "Windows Optimal Settings" issue. I tried to remove this problem using:

* RKill
* Malwarebytes

following a procedure found on some forums. The notebook start againg to correctly work for some days... then other prblems appeared and it is now not usable at all.

* Google Chrome does not work at all
* In Internet Explorer searching in google.com seems to be de-activated
* It is not possible to install Avira and other antivirus

I'd like to solve the problem without formatting ;)

The DDS file follows:

DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
Run by Administrator at 15.02.54,03 on 21/02/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.503.332 [GMT 1:00]

AV: Smart Internet Protection 2011 *Enabled/Updated* {8219406E-440D-4EA2-AA3F-215D1E31A21B}
AV: AntiVir Desktop *Disabled/Outdated* {00000002-0002-0000-2C24-9E7C08000A00}
FW: Smart Internet Protection 2011 *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.hp.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programmi\file comuni\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\programmi\messenger\msmsgs.exe" /background
uRunOnce: [NeroHomeFirstStart] c:\programmi\file comuni\ahead\lib\NMFirstStart.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10l_ActiveX.exe -update activex
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SoundMAXPnP] c:\programmi\analog devices\soundmax\SMax4PNP.exe
mRun: [PTHOSTTR] c:\programmi\hpq\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [UpdateManager] "c:\programmi\file comuni\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [SynTPEnh] c:\programmi\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\programmi\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [eabconfg.cpl] c:\programmi\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Cpqset] c:\programmi\hpq\default settings\cpqset.exe
mRun: [WatchDog] c:\programmi\intervideo\dvd check\DVDCheck.exe
mRun: [PrinTray] c:\windows\system32\spool\drivers\w32x86\3\printray.exe
mRun: [\\PC03\EPSON] c:\windows\system32\spool\drivers\w32x86\3\e_fatiabe.exe /p12 "\\pc03\epson" /o12 "\\pc03\EPSON" /M "Stylus D88"
mRun: [\\PC03\EPSOND88] c:\windows\system32\spool\drivers\w32x86\3\e_fatiabe.exe /p15 "\\pc03\epsond88" /o15 "\\pc03\EPSOND88" /M "Stylus D88"
mRun: [EPSON Stylus D88 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88"
mRun: [HP Software Update] c:\programmi\hp\hp software update\HPWuSchd2.exe
mRun: [CanonSolutionMenu] c:\programmi\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\programmi\canon\myprinter\BJMyPrt.exe /logon
mRun: [NeroFilterCheck] c:\programmi\file comuni\ahead\lib\NeroCheck.exe
mRun: [Adobe Reader Speed Launcher] "c:\programmi\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\programmi\file comuni\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\programmi\malwarebytes\mbam.exe" /runcleanupscript
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\bttray.lnk - c:\programmi\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\multic~1.lnk - c:\programmi\actalis\multicertify client\MlsProxy.exe
StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\scmon.lnk - c:\windows\system32\SISCMon.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\programmi\widcomm\bluetooth software\btsendto_ie.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\programmi\java\jre1.5.0\bin\npjpi150.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {1AF2F8D1-F58F-41F3-9ECF-58AF0742F50B} = 212.216.112.112,194.243.154.62
Notify: igfxcui - igfxdev.dll
IFEO: image file execution options - svchost.exe
IFEO: OLT.exe - svchost.exe
Hosts: 204.152.194.204 www.google.com
Hosts: 204.152.194.204 google.com
Hosts: 204.152.194.204 google.com.au
Hosts: 204.152.194.204 www.google.com.au
Hosts: 204.152.194.204 google.be

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

S1 avgio;avgio;\??\c:\programmi\avira\antivir desktop\avgio.sys --> c:\programmi\avira\antivir desktop\avgio.sys [?]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-4 56816]
S2 qssdv;Time Shell;c:\windows\system32\svchost.exe -k netsvcs [2004-8-19 14336]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2004-5-3 80384]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\scr33x2k.sys --> c:\windows\system32\drivers\SCR33X2K.sys [?]
S4 AntiVirScheduler;Avira AntiVir Scheduler;"c:\programmi\avira\antivir desktop\sched.exe" --> c:\programmi\avira\antivir desktop\sched.exe [?]
S4 AntiVirService;Avira AntiVir Guard;"c:\programmi\avira\antivir desktop\avguard.exe" --> c:\programmi\avira\antivir desktop\avguard.exe [?]

=============== Created Last 30 ================

2011-02-13 17:29:11 -------- d-----w- c:\docume~1\admini~1\datiap~1\Malwarebytes
2011-02-13 17:29:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-13 17:29:02 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-13 17:29:02 -------- d-----w- c:\programmi\Malwarebytes
2011-02-13 15:46:58 -------- d-----w- c:\programmi\CCleaner
2011-02-13 15:11:25 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2011-02-13 15:11:25 -------- d-----w- c:\docume~1\alluse~1\datiap~1\Spybot - Search & Destroy
2011-02-13 15:00:54 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE
2011-02-13 14:59:06 -------- d-sh--w- c:\documents and settings\administrator\IETldCache
2011-02-11 09:22:20 -------- d-sh--w- c:\docume~1\alluse~1\datiap~1\SIHDUP
2011-02-11 09:21:48 -------- d-sh--w- c:\docume~1\alluse~1\datiap~1\48428c
2011-01-30 13:57:00 103864 ----a-w- c:\programmi\internet explorer\plugins\nppdf32.dll

==================== Find3M ====================


============= FINISH: 15.03.16,89 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 cialo_rsf

cialo_rsf
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:34 AM

Posted 25 February 2011 - 08:35 AM

...ok I solved the issue installing linux ;)

#3 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:34 PM

Posted 26 February 2011 - 08:35 AM

...ok I solved the issue installing linux ;)


Looks like your malware problems are over now... for good...the majority of malware is written for the Windows platform.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users