1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active Computer running slow. Not sure if i have a virus

Discussion in 'Malware and Virus Removal Archive' started by jayman34, 2009/11/01.

  1. 2009/11/01
    jayman34

    jayman34 Inactive Thread Starter

    Joined:
    2009/02/25
    Messages:
    65
    Likes Received:
    0
    [Active] Computer running slow. Not sure if i have a virus

    I'm running windows 7 rc with windows defender and Kaspersky anti virus 8.

    I have run a full scan with kaspersky and it picked up some trojan and stuff in a couple of emails which i deleted but it then never finshes the scan and crashes causing a reboot! i'm not sure that kaspersky is up to the job!

    I have run Activescan2.0 an online programme and that picks up a few trojans in zip files that have not been accessed on this computer, keep meaning to get rid of them! Also some cookies but i don't see these as major threats?

    Also why hasn't kaspersky or windows defender picked them up?

    I used to be a big norton fan until i relised how much memory and drag factor it was causing so i got rid.

    Any advice on whats best to have running as virus, firewall adware etc... Not sure if im using appropiate software?



    DDS (Ver_09-10-26.01) - NTFSx86
    Run by Sean at 15:45:10.43 on Sun 01/11/2009
    Internet Explorer: 8.0.7100.0
    Microsoft Windows 7 Ultimate 6.1.7100.0.1252.61.1033.18.3326.1548 [GMT 10:00]


    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\AskBarDis\bar\bin\AskService.exe
    C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
    C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 8.0 for Windows Workstations\avp.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\UltraMon\UltraMon.exe
    C:\Program Files\FSL\SuperFinder\SuperFinder.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\GIGABYTE\ET6\GUI.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Winnydows\XviD4PSP5\XviD4PSP.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Winnydows\XviD4PSP5\apps\xvid_encraw\xvid_encraw.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\UltraMon\UltraMonUiAcc.exe
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Sean\Desktop\dds.scr
    C:\Windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
    mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe "
    mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 8.0 for windows workstations\avp.exe "
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
    mRun: [EasyTuneVI] c:\program files\gigabyte\et6\ETcall.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    StartupFolder: c:\users\sean\appdata\roaming\micros~1\windows\startm~1\programs\startup\panaso~1.lnk - c:\users\sean\appdata\roaming\realtime soft\ultramon\3.0.7\profiles\Panasonic HDTV.umprofile
    StartupFolder: c:\users\sean\appdata\roaming\micros~1\windows\startm~1\programs\startup\remote~1.lnk - c:\program files\avlabs multimedia\afa_usb device utilities\AFRCtl.exe
    StartupFolder: c:\users\sean\appdata\roaming\micros~1\windows\startm~1\programs\startup\superf~1.lnk - c:\program files\fsl\superfinder\SuperFinder.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ultramon.lnk - c:\windows\installer\{20a36691-b09b-4ef2-a371-64a5bd265e20}\IcoUltraMon.ico
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky anti-virus 8.0 for windows workstations\ie_banner_deny.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 8.0 for windows workstations\scieplgn.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} - hxxp://www.nero.com/doc/NeroVersionCheckerControl.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: {0BACD007-3673-4C12-8664-38FC78ADDA82} = 192.168.1.254
    Notify: klogon - c:\windows\system32\klogon.dll

    ============= SERVICES / DRIVERS ===============

    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-10-27 28552]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-1-27 20496]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-4-29 176128]
    R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-5-30 464264]
    R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-5-30 234888]
    R2 GEST Service;GEST Service for program management.;c:\program files\gigabyte\energysaver\GSvr.exe [2009-5-26 68136]
    R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-11-14 17184]
    R3 AODDriver;AODDriver;c:\program files\gigabyte\et6\i386\AODDriver.sys [2009-2-23 7168]
    R3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [2009-5-26 24944]
    R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-12-23 26640]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-9 133104]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-4-22 229888]
    S3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM);c:\windows\system32\drivers\webc3vid.sys [2001-11-7 166504]
    S3 etdrv;etdrv;c:\windows\etdrv.sys [2009-5-26 17488]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-21 139776]

    =============== Created Last 30 ================

    2009-10-27 11:57:53 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
    2009-10-27 11:57:30 0 d-----w- c:\program files\Panda Security
    2009-10-25 08:32:50 65536 --sha-w- c:\users\sean\ntuser.dat{c34907bd-c12f-11de-b942-00241d238624}.TM.blf
    2009-10-25 08:32:50 524288 --sha-w- c:\users\sean\ntuser.dat{c34907bd-c12f-11de-b942-00241d238624}.TMContainer00000000000000000002.regtrans-ms
    2009-10-25 08:32:50 524288 --sha-w- c:\users\sean\ntuser.dat{c34907bd-c12f-11de-b942-00241d238624}.TMContainer00000000000000000001.regtrans-ms
    2009-10-23 02:12:46 0 d-----w- c:\program files\FSL
    2009-10-21 07:38:34 397659340 ----a-w- c:\windows\MEMORY.DMP
    2009-10-15 17:06:18 306688 ----a-w- c:\windows\system32\drivers\srv2.sys
    2009-10-06 08:30:02 0 d-----w- c:\users\sean\appdata\roaming\GetRightToGo
    2009-10-04 04:21:54 0 d-----w- c:\users\sean\appdata\roaming\avidemux
    2009-10-04 04:21:41 0 d-----w- c:\program files\Avidemux 2.5
    2009-10-03 05:48:12 0 d-----w- c:\users\sean\appdata\roaming\NeroDigital(TM)
    2009-10-02 22:39:53 0 d-----w- c:\program files\Winnydows
    2009-10-02 22:39:03 84480 ----a-w- c:\windows\system32\ff_vfw.dll
    2009-10-02 22:39:03 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
    2009-10-02 22:39:03 50688 ----a-w- c:\windows\system32\ff_acm.acm
    2009-10-02 22:39:02 0 d-----w- c:\program files\ffdshow
    2009-10-02 22:37:28 0 d-----w- c:\program files\AviSynth 2.5
    2009-10-02 17:42:21 195440 ------w- c:\windows\system32\MpSigStub.exe

    ==================== Find3M ====================

    2009-11-01 04:34:16 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
    2009-11-01 04:34:01 17488 ----a-w- c:\windows\gdrv.sys
    2009-10-28 12:13:34 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
    2009-10-28 12:13:34 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat
    2009-10-28 12:13:33 9744928 --sha-w- c:\windows\system32\drivers\fidbox.dat
    2009-10-28 12:13:33 80356 --sha-w- c:\windows\system32\drivers\fidbox.idx
    2009-10-14 12:47:02 108059 ----a-w- c:\windows\system32\drivers\klin.dat
    2009-10-14 12:47:01 95259 ----a-w- c:\windows\system32\drivers\klick.dat
    2009-09-29 20:30:06 17488 ----a-w- c:\windows\etdrv.sys
    2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
    2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx07.dll
    2009-09-25 16:41:26 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
    2009-09-25 16:41:26 843776 ----a-w- c:\windows\system32\divx_xx16.dll
    2009-09-25 16:41:26 839680 ----a-w- c:\windows\system32\divx_xx11.dll
    2009-09-25 16:41:26 696320 ----a-w- c:\windows\system32\DivX.dll
    2009-08-17 16:37:02 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2009-08-17 16:36:36 348160 ----a-w- c:\windows\system32\atieclxx.exe
    2009-08-17 16:36:08 176128 ----a-w- c:\windows\system32\atiesrxx.exe
    2009-08-17 16:35:02 159744 ----a-w- c:\windows\system32\atitmmxx.dll
    2009-08-17 16:34:46 356352 ----a-w- c:\windows\system32\atipdlxx.dll
    2009-08-17 16:34:32 274432 ----a-w- c:\windows\system32\Oemdspif.dll
    2009-08-17 16:34:22 11776 ----a-w- c:\windows\system32\atimuixx.dll
    2009-08-17 16:34:16 43520 ----a-w- c:\windows\system32\ati2edxx.dll
    2009-08-17 16:31:32 2469888 ----a-w- c:\windows\system32\atidxx32.dll
    2009-08-17 16:20:38 3105280 ----a-w- c:\windows\system32\atiumdag.dll
    2009-08-17 16:11:52 11650560 ----a-w- c:\windows\system32\atioglxx.dll
    2009-08-17 16:05:32 2868736 ----a-w- c:\windows\system32\atiumdva.dll
    2009-08-17 15:52:44 51712 ----a-w- c:\windows\system32\atimpc32.dll
    2009-08-17 15:52:44 51712 ----a-w- c:\windows\system32\amdpcom32.dll
    2009-08-17 15:52:08 184320 ----a-w- c:\windows\system32\atiadlxx.dll
    2009-08-17 15:49:44 53248 ----a-w- c:\windows\system32\aticalrt.dll
    2009-08-17 15:49:32 53248 ----a-w- c:\windows\system32\aticalcl.dll
    2009-08-17 15:48:28 3264512 ----a-w- c:\windows\system32\aticaldd.dll
    2009-08-17 13:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
    2009-04-22 09:01:08 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2009-04-22 09:01:08 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2009-04-22 09:01:08 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2009-04-22 09:01:08 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2009-04-22 08:14:13 174 --sha-w- c:\program files\desktop.ini
    2009-04-22 04:38:41 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2009-04-22 04:38:41 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2009-04-22 04:38:39 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2009-04-22 04:38:39 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2009-03-27 04:24:20 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
    2009-05-26 09:48:01 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2009-04-22 05:19:40 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7100.0_none_624b25e9a4cb0444\WinMail.exe

    ============= FINISH: 15:46:36.77 ===============

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-10-26.01)

    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 26/05/2009 7:38:16 PM
    System Uptime: 11/01/2009 2:31:07 PM (7057 hours ago)

    Motherboard: Gigabyte Technology Co., Ltd. | | EP45-UD3R
    Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz | Socket 775 | 2333/333mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 153 GiB total, 43.686 GiB free.
    D: is FIXED (NTFS) - 190 GiB total, 161.346 GiB free.
    E: is CDROM ()
    X: is FIXED (NTFS) - 932 GiB total, 52.193 GiB free.

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP120: 28/10/2009 6:19:49 AM - Removed Microsoft Office Professional 2007
    RP121: 28/10/2009 5:43:12 PM - B4 prof iso
    RP123: 28/10/2009 5:52:45 PM - Installed Microsoft Office Professional 2007
    RP124: 29/10/2009 3:50:19 PM - Windows Update
    RP125: 30/10/2009 6:43:20 PM - Windows Update

    ==== Installed Programs ======================

    "Nero SoundTrax Help
    AAC Decoder
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.1.3
    Advertising Center
    AutoUpdate
    Avidemux 2.5
    AviSynth 2.5
    AVL680HD Driver
    AVLABS Multimedia -- Afa_USB Device Utilities
    Canon MP Navigator EX 1.0
    Canon MP610 series
    Canon My Printer
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities Solution Menu
    CD-LabelPrint
    Choice Guard
    Creative Video Blaster WebCam 3 USB/WebCam Plus Driver
    DivX Codec
    DivX Converter
    DivX Player
    DivX Plus DirectShow Filters
    DivX Version Checker
    DivX Web Player
    DolbyFiles
    DVD Shrink 3.2
    DVDx 2
    e-tax 2009
    Easy Tune 6 B09.0417.1
    Energy Saver Advance B8.1015.1
    ffdshow [rev 2925] [2009-04-29]
    Gigabyte Raid Configurer
    Google Earth
    Google Update Helper
    H.264 Decoder
    Image Grabber II
    ImagXpress
    ImgBurn
    Junk Mail filter update
    Kaspersky Anti-Virus 8.0 for Windows Workstations Beta
    Menu Templates - Starter Kit
    Microsoft Application Error Reporting
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Live Add-in 1.4
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    MKV Splitter
    Movie Templates - Starter Kit
    MSVCRT
    Nero 9 Trial
    Nero BurningROM
    Nero BurnRights
    Nero ControlCenter
    Nero CoverDesigner
    Nero CoverDesigner Help
    Nero Disc Copy Gadget
    Nero Disc Copy Gadget Help
    Nero DiscSpeed
    Nero DriveSpeed
    Nero Express
    Nero InfoTool
    Nero Installer
    Nero Live
    Nero Live Help
    Nero PhotoSnap
    Nero PhotoSnap Help
    Nero Recode
    Nero Recode Help
    Nero Rescue Agent
    Nero RescueAgent Help
    Nero ShowTime
    Nero StartSmart
    Nero StartSmart Help
    Nero Vision
    Nero WaveEditor
    Nero WaveEditor Help
    NeroBurningROM
    NeroExpress
    neroxml
    Nokia Connectivity Cable Driver
    Panda ActiveScan 2.0
    PC Inspector File Recovery
    PIXMA Extended Survey Program
    PlayReady PC Runtime x86
    Realtek High Definition Audio Driver
    Recuva (remove only)
    ScanSoft OmniPage SE 4
    Security Update for 2007 Microsoft Office System (KB951944)
    Security Update for CAPICOM (KB931906)
    SoundTrax
    Super Finder XT 1.6.2.1
    UltraMon
    UndeletePlusâ„¢ 3.0.0.602
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB974810)
    Update Manager B08.1027.1
    VC80CRTRedist - 8.0.50727.4053
    Vuze
    Vuze Toolbar
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Mail
    Windows Live Messenger
    Windows Live Toolbar
    Windows Live Upload Tool
    WinRAR archiver
    WinZip 11.1
    XviD4PSP 5.0

    ==== Event Viewer Messages From Past Week ========

    30/10/2009 4:47:41 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    29/10/2009 3:48:34 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
    29/10/2009 3:44:41 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
    29/10/2009 3:44:11 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    29/10/2009 3:44:11 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    29/10/2009 10:58:13 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
    28/10/2009 5:26:44 PM, Error: JRAID [117] - The driver for device \Device\Scsi\JRAID1 detected a port timeout due to prolonged inactivity. All associated busses were reset in an effort to clear the condition.
    28/10/2009 1:22:51 PM, Error: Service Control Manager [7034] - The Kaspersky Anti-Virus 8.0 service terminated unexpectedly. It has done this 1 time(s).
    1/11/2009 3:25:19 PM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
    1/11/2009 2:31:28 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
    1/11/2009 2:31:28 PM, Error: atikmdag [43029] - Display is not active
    1/11/2009 2:11:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
    1/11/2009 2:10:36 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wscsvc service.

    ==== End Of File ===========================
     
    jayman34,
    #1
  2. 2009/11/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    There is no security program, which will give you 100% protection.

    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

    STEP 1. Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

    PHYSICALLY DISCONNECT FROM THE INTERNET

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Click Scan your Computer... button.
    * Click Scanning Preferences/Control Center... button.
    * Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    - Close browsers before scanning.
    - Terminate memory threats before quarantining.
    * Click the Close button to leave the control center screen.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, choose Perform Complete Scan.
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
    * Make sure everything has a checkmark next to it and click Next.
    * A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
    * If asked if you want to reboot, click Yes.
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    - Click Preferences, then click the Statistics/Logs tab.
    - Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    - If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    - Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
    Post SUPERAntiSpyware log.

    RECONNECT TO THE INTERNET

    RESTART COMPUTER!

    STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    RESTART COMPUTER

    STEP 4. Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Download HijackThis Installer
    Install, and run it.
    Post HijackThis log.
    NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #2


  3. to hide this advert.

  4. 2009/11/20
    jayman34

    jayman34 Inactive Thread Starter

    Joined:
    2009/02/25
    Messages:
    65
    Likes Received:
    0
    have run the above tasks with nothing found. I have included the hijack this information.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:28:43 PM, on 20/11/2009
    Platform: Unknown Windows (WinNT 6.01.3004)
    MSIE: Internet Explorer v8.00 (8.00.7100.0000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 8.0 for Windows Workstations\avp.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\UltraMon\UltraMon.exe
    C:\Program Files\FSL\SuperFinder\SuperFinder.exe
    C:\Program Files\GIGABYTE\ET6\GUI.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\UltraMon\UltraMonUiAcc.exe
    C:\Users\Sean\Downloads\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe "
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 8.0 for Windows Workstations\avp.exe "
    O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETcall.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: Panasonic HDTV.lnk = ?
    O4 - Startup: Remote Control.lnk = C:\Program Files\AVLABS Multimedia\Afa_USB Device Utilities\AFRCtl.exe
    O4 - Startup: Super Finder XT.lnk = C:\Program Files\FSL\SuperFinder\SuperFinder.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: UltraMon.lnk = ?
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 8.0 for Windows Workstations\ie_banner_deny.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 8.0 for Windows Workstations\scieplgn.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O13 - Gopher Prefix:
    O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) - http://www.nero.com/doc/NeroVersionCheckerControl.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0BACD007-3673-4C12-8664-38FC78ADDA82}: NameServer = 192.168.1.254
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0BACD007-3673-4C12-8664-38FC78ADDA82}: NameServer = 192.168.1.254
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0BACD007-3673-4C12-8664-38FC78ADDA82}: NameServer = 192.168.1.254
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0FO\kloehk.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
    O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
    O23 - Service: Kaspersky Anti-Virus 8.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 8.0 for Windows Workstations\avp.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe

    --
    End of file - 8685 bytes
     
    jayman34,
    #3
  5. 2009/11/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE. If Combofix asks you to install Recovery Console, please allow it.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      • Double click on combofix.exe & follow the prompts.
      • When finished, it will produce a report for you.
      • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
      **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

      Make sure, you re-enable your security programs, when you're done with Combofix.

      DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...