1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Computer is running slow, mouse pointer sporatitcly acts up

Discussion in 'Malware and Virus Removal Archive' started by chas berlin, 2010/08/24.

  1. 2010/08/24
    chas berlin

    chas berlin Inactive Thread Starter

    Joined:
    2008/06/03
    Messages:
    1,578
    Likes Received:
    2
    [Inactive] Computer is running slow, mouse pointer sporatitcly acts up

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume6
    Install Date: 8/10/2010 10:42:17 PM
    System Uptime: 8/24/2010 8:23:43 PM (1 hours ago)

    Motherboard: Gigabyte Technology Co., Ltd. | | GA-K8NF-9 / K8NF-9-RH
    Processor: AMD Athlon(tm) 64 Processor 3200+ | Socket 939 | 2010/200mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 146 GiB total, 84.106 GiB free.
    D: is FIXED (NTFS) - 684 GiB total, 615.838 GiB free.
    E: is FIXED (NTFS) - 459 GiB total, 434.867 GiB free.
    F: is FIXED (NTFS) - 59 GiB total, 58.529 GiB free.
    G: is FIXED (NTFS) - 50 GiB total, 49.536 GiB free.
    H: is FIXED (NTFS) - 33 GiB total, 0.097 GiB free.
    I: is CDROM ()
    K: is FIXED (NTFS) - 144 GiB total, 59.191 GiB free.
    L: is FIXED (NTFS) - 15 GiB total, 8.172 GiB free.
    M: is FIXED (NTFS) - 74 GiB total, 5.778 GiB free.
    N: is FIXED (NTFS) - 434 GiB total, 223.239 GiB free.

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1: 8/10/2010 10:47:21 PM - System Checkpoint
    RP2: 8/10/2010 10:58:37 PM - Installed Athlon 64 Processor Driver
    RP3: 8/11/2010 4:57:12 AM - Installed Acer eDisplay Management
    RP4: 8/11/2010 4:57:13 AM - Installed Acer eDisplay Management
    RP5: 8/11/2010 4:57:55 AM - Installed Pivot Software
    RP6: 8/11/2010 4:57:58 AM - Installed Pivot Software
    RP7: 8/11/2010 4:58:12 AM - Installed SDK
    RP8: 8/11/2010 5:28:19 AM - Installed WinFast(R) Display Driver
    RP9: 8/11/2010 6:33:26 AM - Installed iTunes
    RP10: 8/11/2010 6:51:16 AM - Revo Uninstaller's restore point - iTunes
    RP11: 8/11/2010 6:51:40 AM - Removed iTunes
    RP12: 8/11/2010 7:19:31 AM - Installed Nero7 Ultra Edition
    RP13: 8/11/2010 7:49:38 AM - Revo Uninstaller's restore point - Acer eDisplay Management
    RP14: 8/11/2010 7:49:48 AM - Removed Acer eDisplay Management
    RP15: 8/11/2010 7:49:50 AM - Removed Acer eDisplay Management
    RP16: 8/11/2010 7:49:54 AM - Removed SDK
    RP17: 8/11/2010 7:50:16 AM - Removed Pivot Software
    RP18: 8/11/2010 7:50:19 AM - Removed Pivot Software
    RP19: 8/11/2010 8:08:07 AM - Installed Adobe Reader 9.3.3.
    RP20: 8/11/2010 8:31:04 AM - Installed Microsoft Office 2000 Standard
    RP21: 8/11/2010 8:39:42 AM - Installed DirectX
    RP22: 8/11/2010 8:47:12 AM - Installed COMODO Internet Security
    RP23: 8/11/2010 9:24:54 AM - Revo Uninstaller's restore point - Vuze Remote Toolbar
    RP24: 8/11/2010 1:49:49 PM - Installed StartupMonitor
    RP25: 8/11/2010 3:14:52 PM - Installed iTunes
    RP26: 8/11/2010 3:31:41 PM - Revo Uninstaller's restore point - iTunes
    RP27: 8/11/2010 3:32:11 PM - Removed iTunes
    RP28: 8/11/2010 3:54:45 PM - Installed iTunes
    RP29: 8/11/2010 4:03:10 PM - Removed iTunes
    RP30: 8/11/2010 4:56:43 PM - Installed iTunes
    RP31: 8/11/2010 5:01:07 PM - Revo Uninstaller's restore point - iTunes
    RP32: 8/11/2010 5:01:31 PM - Removed iTunes
    RP33: 8/11/2010 8:39:44 PM - Installed iTunes
    RP34: 8/11/2010 8:42:19 PM - Revo Uninstaller's restore point - iTunes
    RP35: 8/11/2010 8:42:37 PM - Removed iTunes
    RP36: 8/11/2010 11:01:45 PM - Installed Windows XP -- Software Updates KB952011.
    RP37: 8/12/2010 2:26:58 AM - Installed iTunes
    RP38: 8/13/2010 2:27:52 AM - System Checkpoint
    RP39: 8/13/2010 1:53:13 PM - Installed Adobe Photoshop Lightroom 3.
    RP40: 8/13/2010 2:06:02 PM - Software Distribution Service 3.0
    RP41: 8/14/2010 11:43:53 AM - Software Distribution Service 3.0
    RP42: 8/14/2010 6:03:18 PM - Software Distribution Service 3.0
    RP43: 8/15/2010 8:50:06 PM - System Checkpoint
    RP44: 8/17/2010 12:39:10 AM - System Checkpoint
    RP45: 8/18/2010 1:48:20 PM - System Checkpoint
    RP46: 8/20/2010 2:21:56 AM - System Checkpoint
    RP47: 8/20/2010 8:53:26 PM - Revo Uninstaller's restore point - Yahoo! Messenger
    RP48: 8/20/2010 8:56:17 PM - Revo Uninstaller's restore point - Yahoo! Software Update
    RP49: 8/20/2010 8:57:11 PM - Revo Uninstaller's restore point - Yahoo! Toolbar
    RP50: 8/22/2010 8:35:04 AM - System Checkpoint
    RP51: 8/23/2010 1:58:38 PM - System Checkpoint

    ==== Installed Programs ======================

    Adobe Acrobat 5.0
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Photoshop Lightroom 3
    Adobe Reader 9.3.3
    Adobe Shockwave Player 11.5
    AMD AGP Driver
    Apple Mobile Device Support
    Apple Software Update
    Athlon 64 Processor Driver
    Avira AntiVir Personal - Free Antivirus
    Bonjour
    BroadJump Client Foundation
    COMODO Internet Security
    iTunes
    Microsoft LifeCam
    Microsoft Office 2000 Standard
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox (3.6.8)
    Nero7 Ultra Edition
    Picasa 3
    QuickTime
    Revo Uninstaller 1.89
    StartupMonitor
    Tweak Manager 2.1
    Vuze
    WebFldrs XP
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Installer 3.1 (KB893803)
    Windows Media Format 11 runtime
    WinFast(R) Display Driver

    ==== Event Viewer Messages From Past Week ========

    8/24/2010 11:32:18 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
    8/24/2010 11:32:18 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
    8/24/2010 11:32:18 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    ==== End Of File ===========================








    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Chas at 21:39:41.90 on Tue 08/24/2010
    Internet Explorer: 6.0.2900.2180
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2188 [GMT -7:00]

    AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Vuze\Azureus.exe
    C:\Documents and Settings\Chas\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://mail.yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NWEReboot]
    mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [CTxfiHlp] CTXFIHLP.EXE
    mRun: [CTHelper] CTHELPER.EXE
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
    mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    Trusted Zone: att.net
    Trusted Zone: sbcglobal.net
    Trusted Zone: yahoo.com
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1281543549000
    AppInit_DLLs: c:\windows\system32\guard32.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\chas\applic~1\mozilla\firefox\profiles\fx55masf.default\
    FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com/
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

    ============= SERVICES / DRIVERS ===============

    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-8-11 11608]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-6-4 229312]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-6-1 25240]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-8-11 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-11 267432]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-11 60936]
    R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-6-1 1778480]

    =============== Created Last 30 ================

    2010-08-21 04:01:29 0 d-----w- c:\windows\pss
    2010-08-20 19:58:50 0 d-----w- c:\program files\Yahoo!
    2010-08-15 06:41:28 0 d-----w- c:\windows\system32\CatRoot_bak
    2010-08-15 01:05:56 0 d-----w- c:\windows\ServicePackFiles
    2010-08-15 01:04:26 68608 ----a-w- c:\windows\system32\plugin.ocx
    2010-08-15 01:04:25 68608 ----a-w- c:\windows\system32\dllcache\plugin.ocx
    2010-08-15 01:03:24 92032 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2010-08-15 01:03:24 721920 ----a-w- c:\windows\system32\lsasrv.dll
    2010-08-14 21:36:13 0 d-----w- c:\windows\system32\NtmsData
    2010-08-14 19:00:06 0 d-----w- c:\docume~1\chas\applic~1\Avira
    2010-08-14 18:37:27 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
    2010-08-14 18:37:27 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
    2010-08-14 18:37:11 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
    2010-08-14 18:37:11 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
    2010-08-14 18:37:04 16384 -c--a-w- c:\windows\system32\dllcache\ipsink.ax
    2010-08-14 18:37:04 16384 ----a-w- c:\windows\system32\ipsink.ax
    2010-08-14 18:37:04 15360 -c--a-w- c:\windows\system32\dllcache\streamip.sys
    2010-08-14 18:37:04 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys
    2010-08-14 18:37:01 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
    2010-08-14 18:37:01 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
    2010-08-14 18:36:57 19328 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
    2010-08-14 18:36:57 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
    2010-08-14 18:36:55 85376 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
    2010-08-14 18:36:55 85376 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
    2010-08-14 18:36:52 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
    2010-08-14 18:36:52 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
    2010-08-14 18:36:41 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
    2010-08-14 18:36:41 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
    2010-08-14 18:35:53 90624 -c--a-w- c:\windows\system32\dllcache\kswdmcap.ax
    2010-08-14 18:35:53 90624 ----a-w- c:\windows\system32\kswdmcap.ax
    2010-08-14 18:35:53 61952 -c--a-w- c:\windows\system32\dllcache\kstvtune.ax
    2010-08-14 18:35:53 61952 ----a-w- c:\windows\system32\kstvtune.ax
    2010-08-14 18:35:53 28672 -c--a-w- c:\windows\system32\dllcache\vidcap.ax
    2010-08-14 18:35:53 28672 ----a-w- c:\windows\system32\vidcap.ax
    2010-08-14 18:35:52 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
    2010-08-14 18:35:52 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
    2010-08-14 18:35:52 43008 -c--a-w- c:\windows\system32\dllcache\ksxbar.ax
    2010-08-14 18:35:52 43008 ----a-w- c:\windows\system32\ksxbar.ax
    2010-08-14 18:35:45 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
    2010-08-14 18:35:45 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2010-08-13 21:06:06 0 d-----w- c:\windows\system32\PreInstall
    2010-08-13 21:06:04 0 d--h--w- c:\windows\$hf_mig$
    2010-08-13 07:01:18 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
    2010-08-12 09:27:41 0 d-----w- c:\program files\iPod
    2010-08-12 09:27:11 0 d-----w- c:\program files\iTunes
    2010-08-11 23:03:41 0 d-----w- c:\windows\system32\appmgmt
    2010-08-11 22:29:11 0 d-----w- c:\program files\Flac
    2010-08-11 22:21:12 0 d-----w- c:\program files\Audacity
    2010-08-11 22:21:03 0 d-----w- c:\program files\Alarm Clock
    2010-08-11 22:00:32 4958588 ----a-w- c:\windows\{00000001-00000000-00000008-00001102-00000004-00581102}.BAK
    2010-08-11 22:00:30 4958588 ----a-w- c:\windows\{00000001-00000000-00000008-00001102-00000004-00581102}.CDF
    2010-08-11 21:59:24 30096 ----a-w- c:\windows\system32\BMXStateBkp-{00000001-00000000-00000008-00001102-00000004-00581102}.rfx
    2010-08-11 21:59:24 30096 ----a-w- c:\windows\system32\BMXState-{00000001-00000000-00000008-00001102-00000004-00581102}.rfx
    2010-08-11 21:59:24 27240 ----a-w- c:\windows\system32\BMXCtrlState-{00000001-00000000-00000008-00001102-00000004-00581102}.rfx
    2010-08-11 21:59:24 27240 ----a-w- c:\windows\system32\BMXBkpCtrlState-{00000001-00000000-00000008-00001102-00000004-00581102}.rfx
    2010-08-11 21:59:24 11564 ----a-w- c:\windows\system32\DVCState-{00000001-00000000-00000008-00001102-00000004-00581102}.rfx
    2010-08-11 21:14:55 0 d-----w- c:\program files\Tweak Manager
    2010-08-11 21:03:04 409600 ----a-w- c:\windows\system32\wrap_oal.dll
    2010-08-11 21:03:04 114688 ----a-w- c:\windows\system32\OpenAL32.dll
    2010-08-11 21:02:25 0 d-----w- c:\windows\system32\data
    2010-08-11 21:02:19 145792 -c--a-w- c:\windows\system32\dllcache\portcls.sys
    2010-08-11 21:02:19 145792 ----a-w- c:\windows\system32\drivers\portcls.sys
    2010-08-11 21:02:18 4096 -c--a-w- c:\windows\system32\dllcache\ksuser.dll
    2010-08-11 21:02:18 4096 ----a-w- c:\windows\system32\ksuser.dll
    2010-08-11 21:02:17 60288 -c--a-w- c:\windows\system32\dllcache\drmk.sys
    2010-08-11 21:02:17 60288 ----a-w- c:\windows\system32\drivers\drmk.sys
    2010-08-11 21:02:17 130048 -c--a-w- c:\windows\system32\dllcache\ksproxy.ax
    2010-08-11 21:02:17 130048 ----a-w- c:\windows\system32\ksproxy.ax
    2010-08-11 20:09:15 0 d-----w- c:\docume~1\alluse~1\applic~1\COMODO
    2010-08-11 16:21:30 13646 ----a-w- c:\windows\system32\wpa.bak
    2010-08-11 16:19:36 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
    2010-08-11 16:19:36 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2010-08-11 16:19:36 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2010-08-11 16:19:36 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
    2010-08-11 16:19:36 0 d-----w- c:\windows\system32\SoftwareDistribution
    2010-08-11 15:52:30 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-08-11 15:52:29 0 d-----w- c:\program files\Avira
    2010-08-11 15:52:29 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
    2010-08-11 15:47:22 0 d-----w- c:\program files\COMODO
    2010-08-11 15:45:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Comodo Downloader
    2010-08-11 15:43:51 709992 ----a-w- c:\windows\vVX3000.exe
    2010-08-11 15:43:51 476520 ----a-w- c:\windows\vVX3000.dll
    2010-08-11 15:43:51 202088 ----a-w- c:\windows\system32\LCCoin14.dll
    2010-08-11 15:43:51 1966696 ----a-w- c:\windows\system32\drivers\VX3000.sys
    2010-08-11 15:43:51 185704 ----a-w- c:\windows\system32\cVX3000.dll
    2010-08-11 15:43:51 15498 ----a-w- c:\windows\VX3000.ini
    2010-08-11 15:43:51 13023 ----a-w- c:\windows\VX3000.src
    2010-08-11 15:43:51 111976 ----a-w- c:\windows\VX3000.dll
    2010-08-11 15:41:50 0 d-----w- c:\program files\Microsoft LifeCam
    2010-08-11 15:40:40 26488 ----a-w- c:\windows\system32\spupdsvc.exe
    2010-08-11 15:34:10 376 ----a-w- c:\windows\ODBC.INI
    2010-08-11 15:32:25 0 d-----w- c:\windows\ShellNew
    2010-08-11 15:29:25 45056 ---ha-w- C:\ffastun.ffo
    2010-08-11 15:29:25 4491 ---ha-w- C:\ffastun.ffa
    2010-08-11 15:29:24 393216 ---ha-w- C:\ffastun0.ffx
    2010-08-11 15:29:16 35262 ----a-w- c:\windows\Chas.acl
    2010-08-11 15:28:18 81920 ---ha-w- C:\ffastun.ffl
    2010-08-11 14:59:02 0 d-----w- c:\windows\system32\Adobe
    2010-08-11 14:19:37 0 d-----w- c:\program files\Nero
    2010-08-11 13:50:54 0 d-----w- c:\program files\VS Revo Group
    2010-08-11 13:32:30 0 d-----w- c:\program files\Bonjour
    2010-08-11 13:26:33 0 d-----w- c:\docume~1\chas\applic~1\Azureus
    2010-08-11 13:24:10 0 d-----w- c:\program files\Vuze
    2010-08-11 13:23:59 0 d-----w- c:\program files\Vuze_Remote
    2010-08-11 13:23:59 0 d-----w- c:\program files\Conduit
    2010-08-11 12:56:56 5524 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-08-11 12:36:03 0 d-s---w- c:\documents and settings\chas\UserData
    2010-08-11 12:30:31 0 d-----w- c:\program files\AMDAGP
    2010-08-11 12:27:39 9469 ----a-w- c:\windows\system32\drivers\WINFOXIO.sys
    2010-08-11 12:27:39 0 d-----w- c:\windows\system32\WinFox
    2010-08-11 12:26:57 7680 --sha-w- c:\windows\Thumbs.db
    2010-08-11 12:05:16 0 d-----w- c:\program files\BroadJump
    2010-08-11 12:04:37 0 d-----w- c:\docume~1\chas\applic~1\DisplayTune
    2010-08-11 12:01:40 6345 ----a-r- c:\windows\system32\DevMngr.vxd
    2010-08-11 12:01:16 266240 ------w- c:\windows\SBCDSL.exe
    2010-08-11 12:01:09 600 ------w- c:\windows\system32\GetFlash.man
    2010-08-11 12:01:09 487462 ------w- c:\windows\system32\swflash.cab
    2010-08-11 12:01:08 99544 ------w- c:\windows\system32\GetFlash.exe
    2010-08-11 11:59:45 0 d-----w- c:\windows\Profiles
    2010-08-11 11:59:27 306688 ----a-w- c:\windows\IsUninst.exe
    2010-08-11 11:57:21 487424 ----a-w- c:\windows\msvcp70.dll
    2010-08-11 11:57:21 344064 ----a-w- c:\windows\msvcr70.dll
    2010-08-11 11:57:21 1392671 ----a-w- c:\windows\msvbvm60.dll
    2010-08-11 05:58:38 0 d-----w- c:\program files\AMD
    2010-08-11 05:34:16 0 d-sh--w- c:\documents and settings\all users\DRM
    2010-08-11 05:33:24 0 d--h--w- c:\program files\WindowsUpdate
    2010-08-11 05:31:36 0 d-----w- c:\program files\common files\MSSoap
    2010-08-11 05:27:40 0 d-----w- c:\program files\Online Services
    2010-08-11 05:27:14 0 d-----w- c:\program files\Messenger
    2010-08-11 05:27:10 0 d-----w- c:\program files\MSN Gaming Zone
    2010-08-11 05:26:20 0 d-----w- c:\program files\Windows NT
    2010-08-10 21:54:27 0 d-----w- c:\program files\common files\ODBC
    2010-08-10 21:54:24 0 d-----w- c:\program files\common files\SpeechEngines
    2010-08-10 21:53:25 0 d-----r- c:\documents and settings\all users\Documents

    ==================== Find3M ====================

    2010-08-11 05:29:56 21640 ----a-w- c:\windows\system32\emptyregdb.dat
    2010-06-02 02:00:52 278288 ----a-w- c:\windows\system32\guard32.dll

    ============= FINISH: 21:40:40.46 ===============
     
  2. 2010/08/25
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

    References for the risk of these programs are here, and here.

    I would strongly recommend that you uninstall them, and read the links above for educational value!

    Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

    A Malware expert will have a look at your log in due course.
     

  3. to hide this advert.

  4. 2010/08/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt


    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.


    STEP 3. Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.



    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. 2010/08/25
    chas berlin

    chas berlin Inactive Thread Starter

    Joined:
    2008/06/03
    Messages:
    1,578
    Likes Received:
    2
    Broni,
    When it finished the scan I wasn't given the option to show results. This log popped up and that was it.



    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4478

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    8/25/2010 1:16:40 PM
    mbam-log-2010-08-25 (13-16-40).txt

    Scan type: Quick scan
    Objects scanned: 137485
    Time elapsed: 9 minute(s), 0 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  6. 2010/08/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Go on...
     
  7. 2010/08/26
    chas berlin

    chas berlin Inactive Thread Starter

    Joined:
    2008/06/03
    Messages:
    1,578
    Likes Received:
    2
    Broni,
    I thought I posted the remaining logs - before the thing shut down. Appears to have crashed. Message said a windows file was missing, do a repair. Repair wouldn't work. Now the thing just shuts down, and goes to a blue screen. Conflicting messages. Says Windows CD is damaged, another says it just shut down to protect computer. Either way goes to a blue screen.
    FRUSTRATING!

    Not sure if it's the CD or the drive failed. Ordered replacemnet drive from Amazon. Would prefer not to lose the days I've spent transfering files. - music is mostly edited, so the titles revert to orig form. Must be redone manually.

    Your thoughts?
     
  8. 2010/08/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Well, it's hard to say what's going on without more info with EXACT error messages and running some tests.

    Let's see, if we can look at your computer booting from an external source.

    Please download OTLPE (filesize 120,9 MB)

    • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
    • Reboot your system using the boot CD you just created.
      • Note : If you do not know how to set your computer to boot from CD follow the steps here
    • Your system should now display a REATOGO-X-PE desktop.
    • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
    • Double-click on the OTLPE icon.
    • When asked Do you wish to load the remote registry, select Yes
    • When asked Do you wish to load remote user profile(s) for scanning, select Yes
    • Ensure the box Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start.
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.
     
  9. 2010/08/26
    chas berlin

    chas berlin Inactive Thread Starter

    Joined:
    2008/06/03
    Messages:
    1,578
    Likes Received:
    2
    Silly me, I have a bootable disc and didn't think of it. Will do, but may not be able to report back until tomorrow if this doesn't work.
    Thx Broni :)
     
  10. 2010/08/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    No problem :)
     
  11. 2010/08/27
    chas berlin

    chas berlin Inactive Thread Starter

    Joined:
    2008/06/03
    Messages:
    1,578
    Likes Received:
    2
    Bootable disc was from Seagate, possibly does not work w/ WD drive?
    In any event I set up a new drive today only to get a missing or corrupted file message (Don't have the paper w/ the file name w/ me. Having to go elsewhere to use a computer. From memory, it was a windows system 32 file.
    Now wondering if the mainboard is shot.
     
  12. 2010/08/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    That, we won't bale to check online :(
     
  13. 2010/09/03
    chas berlin

    chas berlin Inactive Thread Starter

    Joined:
    2008/06/03
    Messages:
    1,578
    Likes Received:
    2
    Broni,
    So sorry for the huge delay. Motherboard went out, then I ruined the CPU :eek: , so I decided to start over. Got a whole new box w/ Win 7 Pro 64. (See My System Specs.) Thought it was time to come out of the stone age. :D
    I'll mark this as resolved - sorry to waste your time, buddy.
    Will be changing out the drive (750 GB) that came w/ this machine for one of the 1.5 TB drives I now have (the 2nd will be the backup). So I may want to talk about speeding up the startup/shutdown for Win 7.
    As always, thx a ton Broni,
    Chas :)
     
  14. 2010/09/03
    chas berlin

    chas berlin Inactive Thread Starter

    Joined:
    2008/06/03
    Messages:
    1,578
    Likes Received:
    2
    Ooops, didn't realise you had to mark it "resolved ".
     
  15. 2010/09/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Well, congratulation and good luck with your new machine :)
     
  16. 2010/09/03
    chas berlin

    chas berlin Inactive Thread Starter

    Joined:
    2008/06/03
    Messages:
    1,578
    Likes Received:
    2
    Thx Broni.
    I'm sure I'll be in touch once I get the new drive loaded.
     
  17. 2010/09/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Don't mess it up.....hahaha
     
  18. 2010/09/05
    chas berlin

    chas berlin Inactive Thread Starter

    Joined:
    2008/06/03
    Messages:
    1,578
    Likes Received:
    2
    Who me???? :D
     
  19. 2010/09/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Lol...
     
  20. 2010/09/05
    chas berlin

    chas berlin Inactive Thread Starter

    Joined:
    2008/06/03
    Messages:
    1,578
    Likes Received:
    2
    Your honour, I'm innocent!!! ;)
     
  21. 2010/09/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    We'll see. Talk to you 30 days from now....hehehe
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.