[Resolved] slow PC, with hard drive going -- malware?

Computer forums for help with removing malicious software (malware) and improving computer security

grin Welcome to What the Tech! ( Log In | Register ) What tech support ought to be... Fast, friendly and free! Once registered - you'll have the ability to post your question in the appropriate forum below. Additionally, if you can assist another member by sharing your tech knowledge, please post a reply! Best of all - Registration and all assistance is FREE! Once you've completed registration, simply choose the appropriate forum below, click on the "new topic" button, and post your question! What are you waiting for? Register today! *Registered users see NO ADVERTISING.

What the Tech > Spyware / Malware / Virus Removal > Infections Removal

2 Pages

1 2 >

[Resolved] slow PC, with hard drive going -- malware?

Options

kjstroubledpc View Member Profile	Jul 4 2009, 09:16 AM Post #1
New Member Group: Authentic Member Posts: 8 Joined: 4-July 09 Member No.: 86,538 Operating System: Windows XP	My computer is very slow now days, despite many programs removed and running registry, cookie cleanup software and scans from McAfee, AGV and Spybot. With very few programs up, the hard drive will be spinning away, and big swings in processes using CPU in task manager. Have heard I might have malware. Help would be greatly appreciated. Thanks. Here is my Hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:56:24 AM, on 7/4/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\DSentry.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\palmOne\Palm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: HP7982E9 HP0017A47982E9 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user') O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - c:\program files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing) O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - c:\program files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1150580722040 O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://activex.webcam.nl/AxisCamControl.cab O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} - http://activex.microgaming.com/DLhelper/ve...n7/dlhelper.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://register3.valueactive.com/mpp_398/w...OCX/FlashAX.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: McAfee Application Installer Cleanup (0198721245711755) (0198721245711755mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\019872~1.EXE (file missing) O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 12370 bytes

extremeboy View Member Profile	Jul 4 2009, 06:07 PM Post #2
Advanced Member Group: Malware Team Posts: 546 Joined: 10-October 08 Member No.: 81,919 Operating System: Windows Xp Pro Windows Vista Premium	Hello. Let's see what we can do for you. First, please run DDS. Download and run DDS We need to see some information about what is happening in your machine. Please perform the following scan: Download DDS by sUBs from one of the following links. Save it to your desktop. DDS.scr DDS.pif Double click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results soon. Follow the instructions that pop up for posting the results and then click Ok. The black and message box window shall then disappear. Please save both log files on your desktop and post the DDS.txt and zip up and attach Attach.txt as instructed. Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE With Regards, Extremeboy

kjstroubledpc View Member Profile	Jul 5 2009, 04:07 PM Post #3
New Member Group: Authentic Member Posts: 8 Joined: 4-July 09 Member No.: 86,538 Operating System: Windows XP	Extremeboy, Thanks much for your help. OK, I've uploaded the attach.zip file and below is the output from the DDS.txt file. Regards, kjstroubledpc DDS (Ver_09-06-26.01) - NTFSx86 Run by Kurt at 14:51:44.69 on Sun 07/05/2009 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.444 [GMT -7:00] AV: AVG Anti-Virus Free On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: McAfee VirusScan On-access scanning disabled (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\system32\svchost.exe -k netsvcs C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\WINDOWS\system32\Ati2evxx.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\DSentry.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\palmOne\HOTSYNC.EXE C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Kurt\Desktop\dds.scr ============== Pseudo HJT Report =============== uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = .local BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [DVDSentry] c:\windows\system32\DSentry.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [BCMSMMSG] BCMSMMSG.exe mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 4.0\apdproxy.exe" mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe" mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash dRun: [Symantec NetDriver Warning] c:\progra~1\symnet~1\SNDWarn.exe StartupFolder: c:\docume~1\kurt\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe IE: {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - c:\program files\empirepokermaster\empirepoker\RunEPoker.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150580722040 DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://activex.webcam.nl/AxisCamControl.cab DPF: {AED98630-0251-4E83-917D-43A23D66D507} - hxxp://activex.microgaming.com/DLhelper/version7/dlhelper.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://register3.valueactive.com/mpp_398/webolr/OCX/FlashAX.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: avgrsstarter - avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-4 327688] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-4 27784] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-4 108552] R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2006-7-30 214024] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-4 298776] R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-11-1 359952] R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2006-7-30 144704] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2006-7-30 79880] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2006-7-30 35272] S2 0198721245711755mcinstcleanup;McAfee Application Installer Cleanup (0198721245711755);c:\windows\temp\019872~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\019872~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?] S2 TZAFQRZZ;TZAFQRZZ;\??\c:\windows\system32\tzafqrzz.qxe --> c:\windows\system32\tzafqrzz.qxe [?] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2006-7-30 34216] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2006-7-30 40552] S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2006-7-30 606736] =============== Created Last 30 ================ 2009-06-28 22:12 <DIR> --d----- c:\program files\Pure Networks 2009-06-28 22:07 23,984 a------- c:\windows\system32\drivers\pnarp.sys 2009-06-28 22:07 25,264 a------- c:\windows\system32\drivers\purendis.sys 2009-06-28 22:07 <DIR> --d----- c:\program files\common files\Pure Networks Shared 2009-06-28 21:31 <DIR> --d----- c:\program files\Linksys 2009-06-28 21:16 <DIR> --d----- c:\program files\WebEx 2009-06-28 21:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Pure Networks 2009-06-28 12:27 107,368 a------- c:\windows\system32\GEARAspi.dll 2009-06-28 12:27 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-06-28 12:26 <DIR> --d----- c:\program files\iPod 2009-06-28 12:25 <DIR> --d----- c:\program files\iTunes 2009-06-28 12:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-06-28 12:24 <DIR> --d----- c:\program files\Bonjour 2009-06-22 23:16 <DIR> --d----- c:\docume~1\kurt\applic~1\IObit 2009-06-22 23:16 <DIR> --d----- c:\program files\IObit 2009-06-22 23:06 <DIR> --d----- c:\program files\Yahoo! 2009-06-22 22:45 <DIR> --d----- c:\docume~1\kurt\applic~1\uniblue 2009-06-14 08:29 <DIR> --d----- c:\program files\Trend Micro 2009-06-13 21:15 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat 2009-06-13 03:33 <DIR> --d----- c:\windows\system32\XPSViewer 2009-06-13 03:31 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-06-13 03:31 117,760 -------- c:\windows\system32\prntvpt.dll 2009-06-13 03:31 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-06-13 03:31 <DIR> --d----- C:\dff3708406d592d4f98951a80eaa9e5d 2009-06-13 03:31 1,676,288 -------- c:\windows\system32\xpssvcs.dll 2009-06-13 03:31 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll 2009-06-13 03:31 575,488 -------- c:\windows\system32\xpsshhdr.dll 2009-06-13 03:31 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll 2009-06-13 03:31 <DIR> --d----- c:\windows\SxsCaPendDel 2009-06-13 03:15 <DIR> --d-hr-- C:\AHCache ==================== Find3M ==================== 2009-06-27 09:03 327,688 a------- c:\windows\system32\drivers\avgldx86.sys 2009-06-27 09:03 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-05-09 10:11 108,552 a------- c:\windows\system32\drivers\avgtdix.sys 2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll 2009-05-07 08:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll 2009-04-28 21:56 827,392 a------- c:\windows\system32\wininet.dll 2009-04-28 21:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll 2009-04-28 21:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll 2009-04-28 21:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll 2009-04-28 21:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll 2009-04-28 21:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll 2009-04-28 21:56 105,984 -------- c:\windows\system32\dllcache\url.dll 2009-04-28 21:56 102,912 -------- c:\windows\system32\dllcache\occache.dll 2009-04-28 21:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll 2009-04-28 21:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll 2009-04-28 21:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll 2009-04-28 02:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe 2009-04-28 02:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe 2009-04-24 22:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe 2009-04-24 22:26 161,792 -------- c:\windows\system32\dllcache\ieakui.dll 2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys 2009-04-17 05:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys 2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll 2009-04-15 07:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll 2007-08-08 14:49 60,968 a------- c:\documents and settings\kurt\GoToAssistDownloadHelper.exe 2008-09-20 13:53 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092020080921\index.dat ============= FINISH: 14:52:42.34 =============== Attached File(s)* Attach.zip ( 4.5K ) Number of downloads: 54

extremeboy View Member Profile	Jul 6 2009, 09:52 AM Post #4
Advanced Member Group: Malware Team Posts: 546 Joined: 10-October 08 Member No.: 81,919 Operating System: Windows Xp Pro Windows Vista Premium	Hello. I don't see any infections, but there are a few things we can do to improve some performance. Slowness is not always caused by infections. Please, uninstall McAfee or AVG using add/remove. You should only have ONE Anti-Virus software installed at once. I suggest uninstalling McAfee because it's a more "resource hog" then AVG. I do not recommend that you have more than one anti virus or firewall product installed and running on your computer at a time. In addition to wasting resources, if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause: 1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't. 2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time. Reboot your computer, and take a new DDS run. Post back with both logs. Let me know how your computer is running now, is it a bit better now? With Regards, Extremeboy

kjstroubledpc View Member Profile	Jul 6 2009, 11:28 AM Post #5
New Member Group: Authentic Member Posts: 8 Joined: 4-July 09 Member No.: 86,538 Operating System: Windows XP	Extremeboy, Thanks -- took out McAfee (they seem to be the least effective also) and kept AVG. The conputer is running faster -- still sluggish, but not nearly as bad. I'd say ~ 50% of the way it used to be -- which is a lot better. I am very grateful. I've attached the "Attach.zip" and the DDS.txt log is below. Thanks, kjstroubledpc DDS (Ver_09-06-26.01) - NTFSx86 Run by Kurt at 10:20:07.64 on Mon 07/06/2009 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.455 [GMT -7:00] AV: AVG Anti-Virus Free On-access scanning enabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\system32\svchost.exe -k netsvcs C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\DSentry.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\palmOne\HOTSYNC.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Kurt\Desktop\dds.scr ============== Pseudo HJT Report =============== uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = .local BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [DVDSentry] c:\windows\system32\DSentry.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [BCMSMMSG] BCMSMMSG.exe mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 4.0\apdproxy.exe" mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe" dRun: [Symantec NetDriver Warning] c:\progra~1\symnet~1\SNDWarn.exe StartupFolder: c:\docume~1\kurt\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe IE: {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - c:\program files\empirepokermaster\empirepoker\RunEPoker.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150580722040 DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://activex.webcam.nl/AxisCamControl.cab DPF: {AED98630-0251-4E83-917D-43A23D66D507} - hxxp://activex.microgaming.com/DLhelper/version7/dlhelper.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://register3.valueactive.com/mpp_398/webolr/OCX/FlashAX.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: avgrsstarter - avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-4 327688] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-4 27784] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-4 108552] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-4 298776] S2 TZAFQRZZ;TZAFQRZZ;\??\c:\windows\system32\tzafqrzz.qxe --> c:\windows\system32\tzafqrzz.qxe [?] =============== Created Last 30 ================ 2009-06-28 22:12 <DIR> --d----- c:\program files\Pure Networks 2009-06-28 22:07 23,984 a------- c:\windows\system32\drivers\pnarp.sys 2009-06-28 22:07 25,264 a------- c:\windows\system32\drivers\purendis.sys 2009-06-28 22:07 <DIR> --d----- c:\program files\common files\Pure Networks Shared 2009-06-28 21:31 <DIR> --d----- c:\program files\Linksys 2009-06-28 21:16 <DIR> --d----- c:\program files\WebEx 2009-06-28 21:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Pure Networks 2009-06-28 12:27 107,368 a------- c:\windows\system32\GEARAspi.dll 2009-06-28 12:27 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-06-28 12:26 <DIR> --d----- c:\program files\iPod 2009-06-28 12:25 <DIR> --d----- c:\program files\iTunes 2009-06-28 12:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-06-28 12:24 <DIR> --d----- c:\program files\Bonjour 2009-06-22 23:16 <DIR> --d----- c:\docume~1\kurt\applic~1\IObit 2009-06-22 23:16 <DIR> --d----- c:\program files\IObit 2009-06-22 23:06 <DIR> --d----- c:\program files\Yahoo! 2009-06-22 22:45 <DIR> --d----- c:\docume~1\kurt\applic~1\uniblue 2009-06-14 08:29 <DIR> --d----- c:\program files\Trend Micro 2009-06-13 21:15 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat 2009-06-13 03:33 <DIR> --d----- c:\windows\system32\XPSViewer 2009-06-13 03:31 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-06-13 03:31 117,760 -------- c:\windows\system32\prntvpt.dll 2009-06-13 03:31 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-06-13 03:31 <DIR> --d----- C:\dff3708406d592d4f98951a80eaa9e5d 2009-06-13 03:31 1,676,288 -------- c:\windows\system32\xpssvcs.dll 2009-06-13 03:31 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll 2009-06-13 03:31 575,488 -------- c:\windows\system32\xpsshhdr.dll 2009-06-13 03:31 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll 2009-06-13 03:31 <DIR> --d----- c:\windows\SxsCaPendDel 2009-06-13 03:15 <DIR> --d-hr-- C:\AHCache ==================== Find3M ==================== 2009-06-27 09:03 327,688 a------- c:\windows\system32\drivers\avgldx86.sys 2009-06-27 09:03 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-05-09 10:11 108,552 a------- c:\windows\system32\drivers\avgtdix.sys 2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll 2009-05-07 08:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll 2009-04-28 21:56 827,392 a------- c:\windows\system32\wininet.dll 2009-04-28 21:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll 2009-04-28 21:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll 2009-04-28 21:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll 2009-04-28 21:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll 2009-04-28 21:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll 2009-04-28 21:56 105,984 -------- c:\windows\system32\dllcache\url.dll 2009-04-28 21:56 102,912 -------- c:\windows\system32\dllcache\occache.dll 2009-04-28 21:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll 2009-04-28 21:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll 2009-04-28 21:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll 2009-04-28 02:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe 2009-04-28 02:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe 2009-04-24 22:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe 2009-04-24 22:26 161,792 -------- c:\windows\system32\dllcache\ieakui.dll 2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys 2009-04-17 05:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys 2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll 2009-04-15 07:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll 2007-08-08 14:49 60,968 a------- c:\documents and settings\kurt\GoToAssistDownloadHelper.exe 2008-09-20 13:53 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092020080921\index.dat ============= FINISH: 10:21:02.50 =============== Attached File(s)* Attach.zip ( 4.08K ) Number of downloads: 74

extremeboy View Member Profile	Jul 7 2009, 09:55 AM Post #6
Advanced Member Group: Malware Team Posts: 546 Joined: 10-October 08 Member No.: 81,919 Operating System: Windows Xp Pro Windows Vista Premium	Hello. Actually a few things we still need to complete. Please download and run Malwarebytes. Download and run MalwareBytes Anti-Malware Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 Make sure you are connected to the Internet. Double-click on Download_mbam-setup.exe to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware Then click Finish. MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. On the Scanner tab: Make sure the "Perform Quick Scan" option is selected. Then click on the Scan button. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". Click OK to close the message box and continue with the removal process. Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found. Make sure that *everything is checked, and click Remove Selected. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)* The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. Copy and paste the contents of that report in your next reply and exit MBAM. Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link Increassing Performance Tips/Tools You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance. If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware. Let me know how it goes. Take a new DDS run afterwards as well and post back with both logs. With Regards, Extremeboy

kjstroubledpc View Member Profile	Jul 7 2009, 04:38 PM Post #7
New Member Group: Authentic Member Posts: 8 Joined: 4-July 09 Member No.: 86,538 Operating System: Windows XP	Hey extremeboy, Good news -- no infections. I also followed your suggestions on StartUpLite and the computer is significantly faster. Below I have the follwing: 1) mbam-log 2) DDS log 3) Attach.zip -- attached Thank you very much for your help. Really helped me out. Greatly appreciated. Regards, kjstroubledpc Here is the mbamlog results: Malwarebytes' Anti-Malware 1.38 Database version: 2388 Windows 5.1.2600 Service Pack 3 7/7/2009 3:04:42 PM mbam-log-2009-07-07 (15-04-42).txt Scan type: Quick Scan Objects scanned: 108192 Time elapsed: 10 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Here is the DDS log: DDS (Ver_09-06-26.01) - NTFSx86 Run by Kurt at 15:23:05.34 on Tue 07/07/2009 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.417 [GMT -7:00] AV: AVG Anti-Virus Free On-access scanning enabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\system32\svchost.exe -k netsvcs C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\WINDOWS\System32\DSentry.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Apoint\Apntex.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\palmOne\HOTSYNC.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Kurt\Desktop\dds.scr ============== Pseudo HJT Report =============== uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = .local BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [DVDSentry] c:\windows\system32\DSentry.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [BCMSMMSG] BCMSMMSG.exe mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 4.0\apdproxy.exe" mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe" dRun: [Symantec NetDriver Warning] c:\progra~1\symnet~1\SNDWarn.exe StartupFolder: c:\docume~1\kurt\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe IE: {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - c:\program files\empirepokermaster\empirepoker\RunEPoker.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150580722040 DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://activex.webcam.nl/AxisCamControl.cab DPF: {AED98630-0251-4E83-917D-43A23D66D507} - hxxp://activex.microgaming.com/DLhelper/version7/dlhelper.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://register3.valueactive.com/mpp_398/webolr/OCX/FlashAX.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: avgrsstarter - avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-4 327688] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-4 27784] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-4 108552] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-4 298776] S2 TZAFQRZZ;TZAFQRZZ;\??\c:\windows\system32\tzafqrzz.qxe --> c:\windows\system32\tzafqrzz.qxe [?] =============== Created Last 30 ================ 2009-07-07 11:29 <DIR> --d----- c:\docume~1\kurt\applic~1\Malwarebytes 2009-07-07 11:29 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-07 11:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-07-07 11:29 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-07-07 11:29 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-06-28 22:12 <DIR> --d----- c:\program files\Pure Networks 2009-06-28 22:07 23,984 a------- c:\windows\system32\drivers\pnarp.sys 2009-06-28 22:07 25,264 a------- c:\windows\system32\drivers\purendis.sys 2009-06-28 22:07 <DIR> --d----- c:\program files\common files\Pure Networks Shared 2009-06-28 21:31 <DIR> --d----- c:\program files\Linksys 2009-06-28 21:16 <DIR> --d----- c:\program files\WebEx 2009-06-28 21:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Pure Networks 2009-06-28 12:27 107,368 a------- c:\windows\system32\GEARAspi.dll 2009-06-28 12:27 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-06-28 12:26 <DIR> --d----- c:\program files\iPod 2009-06-28 12:25 <DIR> --d----- c:\program files\iTunes 2009-06-28 12:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-06-28 12:24 <DIR> --d----- c:\program files\Bonjour 2009-06-22 23:16 <DIR> --d----- c:\docume~1\kurt\applic~1\IObit 2009-06-22 23:16 <DIR> --d----- c:\program files\IObit 2009-06-22 23:06 <DIR> --d----- c:\program files\Yahoo! 2009-06-22 22:45 <DIR> --d----- c:\docume~1\kurt\applic~1\uniblue 2009-06-14 08:29 <DIR> --d----- c:\program files\Trend Micro 2009-06-13 21:15 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat 2009-06-13 03:33 <DIR> --d----- c:\windows\system32\XPSViewer 2009-06-13 03:31 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-06-13 03:31 117,760 -------- c:\windows\system32\prntvpt.dll 2009-06-13 03:31 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-06-13 03:31 <DIR> --d----- C:\dff3708406d592d4f98951a80eaa9e5d 2009-06-13 03:31 1,676,288 -------- c:\windows\system32\xpssvcs.dll 2009-06-13 03:31 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll 2009-06-13 03:31 575,488 -------- c:\windows\system32\xpsshhdr.dll 2009-06-13 03:31 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll 2009-06-13 03:31 <DIR> --d----- c:\windows\SxsCaPendDel 2009-06-13 03:15 <DIR> --d-hr-- C:\AHCache ==================== Find3M ==================== 2009-06-27 09:03 327,688 a------- c:\windows\system32\drivers\avgldx86.sys 2009-06-27 09:03 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-05-09 10:11 108,552 a------- c:\windows\system32\drivers\avgtdix.sys 2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll 2009-05-07 08:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll 2009-04-28 21:56 827,392 a------- c:\windows\system32\wininet.dll 2009-04-28 21:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll 2009-04-28 21:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll 2009-04-28 21:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll 2009-04-28 21:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll 2009-04-28 21:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll 2009-04-28 21:56 105,984 -------- c:\windows\system32\dllcache\url.dll 2009-04-28 21:56 102,912 -------- c:\windows\system32\dllcache\occache.dll 2009-04-28 21:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll 2009-04-28 21:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll 2009-04-28 21:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll 2009-04-28 02:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe 2009-04-28 02:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe 2009-04-24 22:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe 2009-04-24 22:26 161,792 -------- c:\windows\system32\dllcache\ieakui.dll 2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys 2009-04-17 05:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys 2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll 2009-04-15 07:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll 2007-08-08 14:49 60,968 a------- c:\documents and settings\kurt\GoToAssistDownloadHelper.exe 2008-09-20 13:53 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092020080921\index.dat ============= FINISH: 15:24:02.78 =============== Attached File(s)* Attach.zip ( 4.13K ) Number of downloads: 16

extremeboy View Member Profile	Jul 8 2009, 09:56 AM Post #8
Advanced Member Group: Malware Team Posts: 546 Joined: 10-October 08 Member No.: 81,919 Operating System: Windows Xp Pro Windows Vista Premium	Hello. Let's update Java and run an online scan. Take a new DDS run afterwards as well and post back with both logs. Update Java to Version 6 Update 14 Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update: Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop. Look for Java Runtime Environment (JRE) JRE 6 Update 14. Click the Download button to the right. Select your Platform: "Windows". Select your Language: "Multi-language". Read the License Agreement, and then check the box that says: "Accept License Agreement". Click Continue and the page will refresh. Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version. -- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator. -- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it. -- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually. Run Scan with Kaspersky Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.) If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan. Open the Kaspersky WebScanner page. Click on the button on the main page. The program will launch and fill in the Information section on the left. Read the "Requirements and Limitations" then press the button. The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish. Once the files have been downloaded, click on the ...button. In the scan settings make sure the following are selected: Detect malicious programs of the following categories: Viruses, Worms, Trojan Horses, Rootkits Spyware, Adware, Dialers and other potentially dangerous programs Scan compound files (doesn't apply to the File scan area): Archives Mail databases By default the above items should already be checked. Click the button, if you made any changes. Now under the Scan section on the left: Select My Computer The program will now start and scan your system. This will run for a while, be patient and let it finish. Once the scan is complete, click on View scan report Now, click on the Save Report as button. Save the file to your desktop. Copy and paste that information in your next post. You can refer to this animation by sundavis if needed. ~EB

kjstroubledpc View Member Profile	Jul 8 2009, 08:41 PM Post #9
New Member Group: Authentic Member Posts: 8 Joined: 4-July 09 Member No.: 86,538 Operating System: Windows XP	EB, Below I've pasted the Here is the Kaspersky scan report, and the DDS text; also attached the Attach.txt Looks like I did have an infection, though not sure if the files were already quarantined by another program. Should I change passwords, etc.on my accounts? Thanks, K -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0 REPORT Wednesday, July 8, 2009 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Wednesday, July 08, 2009 21:40:31 Records in database: 2445441 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Files scanned: 123117 Threat name: 2 Infected objects: 4 Suspicious objects: 0 Duration of the scan: 03:00:58 File name / Threat name / Threats count C:\Documents and Settings\Kurt\.housecall\Quarantine\A0036996.exe.bac_a00448 Infected: not-a-virus:AdWare.Win32.Thumper.a 1 C:\Documents and Settings\Kurt\.housecall\Quarantine\DLHelperEXE.exe.bac_a03452 Infected: not-a-virus:AdWare.Win32.Thumper.a 1 C:\Documents and Settings\Kurt\.housecall\Quarantine\scane[1].exe.bac_a02304 Infected: Trojan-Mailfinder.Win32.Agent.g 1 C:\Documents and Settings\Kurt\.housecall\Quarantine\taskdir~.exe.bac_a02304 Infected: Trojan-Mailfinder.Win32.Agent.g 1 The selected area was scanned. DDS (Ver_09-06-26.01) - NTFSx86 Run by Kurt at 19:34:01.63 on Wed 07/08/2009 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.422 [GMT -7:00] AV: AVG Anti-Virus Free On-access scanning enabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\system32\svchost.exe -k netsvcs C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\WINDOWS\System32\DSentry.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\palmOne\HOTSYNC.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Java\jre6\bin\java.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Kurt\Desktop\dds.scr ============== Pseudo HJT Report =============== uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = .local BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe" mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [DVDSentry] c:\windows\system32\DSentry.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [BCMSMMSG] BCMSMMSG.exe mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 4.0\apdproxy.exe" mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe" dRun: [Symantec NetDriver Warning] c:\progra~1\symnet~1\SNDWarn.exe StartupFolder: c:\docume~1\kurt\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe IE: {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - c:\program files\empirepokermaster\empirepoker\RunEPoker.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150580722040 DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://activex.webcam.nl/AxisCamControl.cab DPF: {AED98630-0251-4E83-917D-43A23D66D507} - hxxp://activex.microgaming.com/DLhelper/version7/dlhelper.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://register3.valueactive.com/mpp_398/webolr/OCX/FlashAX.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: avgrsstarter - avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-4 327688] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-4 27784] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-4 108552] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-4 298776] S2 TZAFQRZZ;TZAFQRZZ;\??\c:\windows\system32\tzafqrzz.qxe --> c:\windows\system32\tzafqrzz.qxe [?] =============== Created Last 30 ================ 2009-07-08 12:26 73,728 a------- c:\windows\system32\javacpl.cpl 2009-07-07 11:29 <DIR> --d----- c:\docume~1\kurt\applic~1\Malwarebytes 2009-07-07 11:29 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-07 11:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-07-07 11:29 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-07-07 11:29 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-06-28 22:12 <DIR> --d----- c:\program files\Pure Networks 2009-06-28 22:07 23,984 a------- c:\windows\system32\drivers\pnarp.sys 2009-06-28 22:07 25,264 a------- c:\windows\system32\drivers\purendis.sys 2009-06-28 22:07 <DIR> --d----- c:\program files\common files\Pure Networks Shared 2009-06-28 21:31 <DIR> --d----- c:\program files\Linksys 2009-06-28 21:16 <DIR> --d----- c:\program files\WebEx 2009-06-28 21:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Pure Networks 2009-06-28 12:27 107,368 a------- c:\windows\system32\GEARAspi.dll 2009-06-28 12:27 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-06-28 12:26 <DIR> --d----- c:\program files\iPod 2009-06-28 12:25 <DIR> --d----- c:\program files\iTunes 2009-06-28 12:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-06-28 12:24 <DIR> --d----- c:\program files\Bonjour 2009-06-22 23:16 <DIR> --d----- c:\docume~1\kurt\applic~1\IObit 2009-06-22 23:16 <DIR> --d----- c:\program files\IObit 2009-06-22 23:06 <DIR> --d----- c:\program files\Yahoo! 2009-06-22 22:45 <DIR> --d----- c:\docume~1\kurt\applic~1\uniblue 2009-06-14 08:29 <DIR> --d----- c:\program files\Trend Micro 2009-06-13 21:15 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat 2009-06-13 03:33 <DIR> --d----- c:\windows\system32\XPSViewer 2009-06-13 03:31 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-06-13 03:31 117,760 -------- c:\windows\system32\prntvpt.dll 2009-06-13 03:31 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-06-13 03:31 <DIR> --d----- C:\dff3708406d592d4f98951a80eaa9e5d 2009-06-13 03:31 1,676,288 -------- c:\windows\system32\xpssvcs.dll 2009-06-13 03:31 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll 2009-06-13 03:31 575,488 -------- c:\windows\system32\xpsshhdr.dll 2009-06-13 03:31 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll 2009-06-13 03:31 <DIR> --d----- c:\windows\SxsCaPendDel 2009-06-13 03:15 <DIR> --d-hr-- C:\AHCache ==================== Find3M ==================== 2009-07-08 12:26 410,984 a------- c:\windows\system32\deploytk.dll 2009-06-27 09:03 327,688 a------- c:\windows\system32\drivers\avgldx86.sys 2009-06-27 09:03 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll 2009-05-07 08:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll 2009-04-28 21:56 827,392 a------- c:\windows\system32\wininet.dll 2009-04-28 21:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll 2009-04-28 21:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll 2009-04-28 21:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll 2009-04-28 21:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll 2009-04-28 21:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll 2009-04-28 21:56 105,984 -------- c:\windows\system32\dllcache\url.dll 2009-04-28 21:56 102,912 -------- c:\windows\system32\dllcache\occache.dll 2009-04-28 21:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll 2009-04-28 21:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll 2009-04-28 21:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll 2009-04-28 02:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe 2009-04-28 02:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe 2009-04-24 22:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe 2009-04-24 22:26 161,792 -------- c:\windows\system32\dllcache\ieakui.dll 2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys 2009-04-17 05:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys 2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll 2009-04-15 07:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll 2007-08-08 14:49 60,968 a------- c:\documents and settings\kurt\GoToAssistDownloadHelper.exe 2008-09-20 13:53 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092020080921\index.dat ============= FINISH: 19:35:01.22 =============== Attached File(s)* Attach.zip ( 4.18K ) Number of downloads: 9

extremeboy View Member Profile	Jul 9 2009, 11:11 AM Post #10
Advanced Member Group: Malware Team Posts: 546 Joined: 10-October 08 Member No.: 81,919 Operating System: Windows Xp Pro Windows Vista Premium	Hello. Please delete/empty out everything in the following folder: C:\Documents and Settings\Kurt\.housecall\Quarantine <- Delete everything in this folder. Regarding the slowness see if the below tool and tips help. Let me know in your next reply and what problems/issues you may still have. Take a new DDs run afterwards and post back with a new set of logs. I'll do one final check and we'll remove some leftovers and then if all is good, we will cleanup. Download StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance. If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware. With Regards, Extremeboy

kjstroubledpc View Member Profile	Jul 9 2009, 01:31 PM Post #11
New Member Group: Authentic Member Posts: 8 Joined: 4-July 09 Member No.: 86,538 Operating System: Windows XP	EB, OK. Did as you suggested. No problems. Here is the updated DDS.txt as well as the attached "attach.zip" Computer is much faster than it was, even after the ~50% improvement i noticed soon after we began. Thanks, K DDS (Ver_09-06-26.01) - NTFSx86 Run by Kurt at 12:22:18.43 on Thu 07/09/2009 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.356 [GMT -7:00] AV: AVG Anti-Virus Free On-access scanning enabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\system32\svchost.exe -k netsvcs C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\WINDOWS\System32\DSentry.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\palmOne\HOTSYNC.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Java\jre6\bin\java.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Kurt\Desktop\dds.scr ============== Pseudo HJT Report =============== uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = .local BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe" mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [DVDSentry] c:\windows\system32\DSentry.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [BCMSMMSG] BCMSMMSG.exe mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 4.0\apdproxy.exe" mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe" dRun: [Symantec NetDriver Warning] c:\progra~1\symnet~1\SNDWarn.exe StartupFolder: c:\docume~1\kurt\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe IE: {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - c:\program files\empirepokermaster\empirepoker\RunEPoker.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150580722040 DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://activex.webcam.nl/AxisCamControl.cab DPF: {AED98630-0251-4E83-917D-43A23D66D507} - hxxp://activex.microgaming.com/DLhelper/version7/dlhelper.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://register3.valueactive.com/mpp_398/webolr/OCX/FlashAX.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: avgrsstarter - avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-4 327688] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-4 27784] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-4 108552] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-4 298776] S2 TZAFQRZZ;TZAFQRZZ;\??\c:\windows\system32\tzafqrzz.qxe --> c:\windows\system32\tzafqrzz.qxe [?] =============== Created Last 30 ================ 2009-07-08 12:26 73,728 a------- c:\windows\system32\javacpl.cpl 2009-07-07 11:29 <DIR> --d----- c:\docume~1\kurt\applic~1\Malwarebytes 2009-07-07 11:29 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-07 11:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-07-07 11:29 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-07-07 11:29 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-06-28 22:12 <DIR> --d----- c:\program files\Pure Networks 2009-06-28 22:07 23,984 a------- c:\windows\system32\drivers\pnarp.sys 2009-06-28 22:07 25,264 a------- c:\windows\system32\drivers\purendis.sys 2009-06-28 22:07 <DIR> --d----- c:\program files\common files\Pure Networks Shared 2009-06-28 21:31 <DIR> --d----- c:\program files\Linksys 2009-06-28 21:16 <DIR> --d----- c:\program files\WebEx 2009-06-28 21:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Pure Networks 2009-06-28 12:27 107,368 a------- c:\windows\system32\GEARAspi.dll 2009-06-28 12:27 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-06-28 12:26 <DIR> --d----- c:\program files\iPod 2009-06-28 12:25 <DIR> --d----- c:\program files\iTunes 2009-06-28 12:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-06-28 12:24 <DIR> --d----- c:\program files\Bonjour 2009-06-22 23:16 <DIR> --d----- c:\docume~1\kurt\applic~1\IObit 2009-06-22 23:16 <DIR> --d----- c:\program files\IObit 2009-06-22 23:06 <DIR> --d----- c:\program files\Yahoo! 2009-06-22 22:45 <DIR> --d----- c:\docume~1\kurt\applic~1\uniblue 2009-06-14 08:29 <DIR> --d----- c:\program files\Trend Micro 2009-06-13 21:15 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat 2009-06-13 03:33 <DIR> --d----- c:\windows\system32\XPSViewer 2009-06-13 03:31 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-06-13 03:31 117,760 -------- c:\windows\system32\prntvpt.dll 2009-06-13 03:31 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-06-13 03:31 <DIR> --d----- C:\dff3708406d592d4f98951a80eaa9e5d 2009-06-13 03:31 1,676,288 -------- c:\windows\system32\xpssvcs.dll 2009-06-13 03:31 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll 2009-06-13 03:31 575,488 -------- c:\windows\system32\xpsshhdr.dll 2009-06-13 03:31 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll 2009-06-13 03:31 <DIR> --d----- c:\windows\SxsCaPendDel 2009-06-13 03:15 <DIR> --d-hr-- C:\AHCache ==================== Find3M ==================== 2009-07-08 12:26 410,984 a------- c:\windows\system32\deploytk.dll 2009-06-27 09:03 327,688 a------- c:\windows\system32\drivers\avgldx86.sys 2009-06-27 09:03 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll 2009-05-07 08:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll 2009-04-28 21:56 827,392 a------- c:\windows\system32\wininet.dll 2009-04-28 21:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll 2009-04-28 21:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll 2009-04-28 21:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll 2009-04-28 21:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll 2009-04-28 21:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll 2009-04-28 21:56 105,984 -------- c:\windows\system32\dllcache\url.dll 2009-04-28 21:56 102,912 -------- c:\windows\system32\dllcache\occache.dll 2009-04-28 21:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll 2009-04-28 21:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll 2009-04-28 21:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll 2009-04-28 02:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe 2009-04-28 02:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe 2009-04-24 22:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe 2009-04-24 22:26 161,792 -------- c:\windows\system32\dllcache\ieakui.dll 2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys 2009-04-17 05:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys 2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll 2009-04-15 07:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll 2007-08-08 14:49 60,968 a------- c:\documents and settings\kurt\GoToAssistDownloadHelper.exe 2008-09-20 13:53 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092020080921\index.dat ============= FINISH: 12:23:12.70 =============== Attached File(s)* Attach.zip ( 4.17K ) Number of downloads: 22

extremeboy View Member Profile	Jul 10 2009, 09:48 AM Post #12
Advanced Member Group: Malware Team Posts: 546 Joined: 10-October 08 Member No.: 81,919 Operating System: Windows Xp Pro Windows Vista Premium	Hello. Let's remove one things and tell you about a program you have installed. Download and Run OTM Please download OTM by OldTimer and save it to your desktop. Double click the icon on your desktop If you are running on Vista, right click on the file and choose Run As Administrator. Paste the following code under the area. Do not include the word "Code". CODE :services TZAFQRZZ :files c:\windows\system32\tzafqrzz.qxe :commands [EmptyTemp] [Reboot] Click the large button. If OTM requires are reboot, please allow it to do so. Copy/Paste the contents under the line here in your next reply. Note: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter .log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles* folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. Poker Related Programs Warning I see you have installed some Poker related programs on your machine. The ones I am referring to are: PokerStars <- This one is bundled with Malware Not all poker games are considered "bad", but most are. With that said many of them are bundled with spyware and other nasties that can steal passwords and etc... Even if it is considered "good" you are going to websites that you might not necessarily trust and hosted by someone else for you to join. I do not know how those programs work so I will not criticize what they do and if they are bad or not. I know that you may use these (this) game(s) on a regular basis but I think it's important to note that often these kind of programmes are installed with other unwanted software, namely spyware or adware. Some of them are fine to have, but if you didn't intensionally installed it or to play it, it is best to remove them. Poker related programs usually are bundled with malware and other nasties as described above. The best option would to remove them via Add/Remove if it is still there. Take a new DDS run and post back with the logs. Do you stil have any problems/issues left? With Regards, Extremeboy

kjstroubledpc View Member Profile	Jul 15 2009, 09:14 PM Post #13
New Member Group: Authentic Member Posts: 8 Joined: 4-July 09 Member No.: 86,538 Operating System: Windows XP	Hey Extremeboy, I removed pokerstars, ran OTM. and reran DDS. Below are the logs and the Attach.zip. Thanks for all the help. Regards, KJ OTM log: All processes killed ========== SERVICES/DRIVERS ========== Service\Driver TZAFQRZZ deleted successfully. ========== FILES ========== File/Folder c:\windows\system32\tzafqrzz.qxe not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 32768 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: Kurt ->Temp folder emptied: 86646905 bytes ->Temporary Internet Files folder emptied: 121475849 bytes ->Java cache emptied: 28007645 bytes User: LocalService ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 749560 bytes User: NetworkService ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 721818 bytes User: Owner %systemdrive% .tmp files removed: 0 bytes C:\WINDOWS\msdownld.tmp folder deleted successfully. %systemroot% .tmp files removed: 39097 bytes %systemroot%\System32 .tmp files removed: 88593 bytes Windows Temp folder emptied: 4056612 bytes RecycleBin emptied: 53807388 bytes Total Files Cleaned = 281.99 mb OTM by OldTimer - Version 3.0.0.5 log created on 07152009_193314 Files moved on Reboot... Registry entries deleted on Reboot... -------------------------------------------------------------------------------------------------------------------------------------------- DDS (Ver_09-06-26.01) - NTFSx86 Run by Kurt at 19:55:26.10 on Wed 07/15/2009 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.478 [GMT -7:00] AV: AVG Anti-Virus Free On-access scanning enabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\system32\svchost.exe -k netsvcs C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\WINDOWS\notepad.exe C:\WINDOWS\System32\DSentry.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Kurt\Desktop\dds.scr ============== Pseudo HJT Report =============== uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = .local BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [DVDSentry] c:\windows\system32\DSentry.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [BCMSMMSG] BCMSMMSG.exe mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 4.0\apdproxy.exe" mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe" dRun: [Symantec NetDriver Warning] c:\progra~1\symnet~1\SNDWarn.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - c:\program files\empirepokermaster\empirepoker\RunEPoker.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150580722040 DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://activex.webcam.nl/AxisCamControl.cab DPF: {AED98630-0251-4E83-917D-43A23D66D507} - hxxp://activex.microgaming.com/DLhelper/version7/dlhelper.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://register3.valueactive.com/mpp_398/webolr/OCX/FlashAX.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: avgrsstarter - avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-4 327688] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-4 27784] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-4 108552] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-4 298776] =============== Created Last 30 ================ 2009-07-15 19:33 <DIR> --d----- C:\_OTM 2009-07-09 22:47 3,245 a------- c:\windows\system32\wbem\Outlook_01ca0121dac6bd40.mof 2009-07-08 12:26 73,728 a------- c:\windows\system32\javacpl.cpl 2009-07-07 11:29 <DIR> --d----- c:\docume~1\kurt\applic~1\Malwarebytes 2009-07-07 11:29 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-07 11:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-07-07 11:29 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-07-07 11:29 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-06-28 22:12 <DIR> --d----- c:\program files\Pure Networks 2009-06-28 22:07 23,984 a------- c:\windows\system32\drivers\pnarp.sys 2009-06-28 22:07 25,264 a------- c:\windows\system32\drivers\purendis.sys 2009-06-28 22:07 <DIR> --d----- c:\program files\common files\Pure Networks Shared 2009-06-28 21:31 <DIR> --d----- c:\program files\Linksys 2009-06-28 21:16 <DIR> --d----- c:\program files\WebEx 2009-06-28 21:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Pure Networks 2009-06-28 12:27 107,368 a------- c:\windows\system32\GEARAspi.dll 2009-06-28 12:27 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-06-28 12:26 <DIR> --d----- c:\program files\iPod 2009-06-28 12:25 <DIR> --d----- c:\program files\iTunes 2009-06-28 12:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-06-28 12:24 <DIR> --d----- c:\program files\Bonjour 2009-06-28 12:12 2,060,288 a------- c:\windows\system32\usbaaplrc.dll 2009-06-28 12:12 39,424 a------- c:\windows\system32\drivers\usbaapl.sys 2009-06-22 23:16 <DIR> --d----- c:\docume~1\kurt\applic~1\IObit 2009-06-22 23:16 <DIR> --d----- c:\program files\IObit 2009-06-22 23:06 <DIR> --d----- c:\program files\Yahoo! 2009-06-22 22:45 <DIR> --d----- c:\docume~1\kurt\applic~1\uniblue 2009-06-16 07:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll 2009-06-16 07:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll ==================== Find3M ==================== 2009-07-08 12:26 410,984 a------- c:\windows\system32\deploytk.dll 2009-06-27 09:03 327,688 a------- c:\windows\system32\drivers\avgldx86.sys 2009-06-27 09:03 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll 2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll 2009-06-03 12:09 1,291,264 a------- c:\windows\system32\quartz.dll 2009-06-03 12:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll 2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll 2009-05-07 08:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll 2009-04-28 21:56 827,392 a------- c:\windows\system32\wininet.dll 2009-04-28 21:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll 2009-04-28 21:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll 2009-04-28 21:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll 2009-04-28 21:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll 2009-04-28 21:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll 2009-04-28 21:56 105,984 -------- c:\windows\system32\dllcache\url.dll 2009-04-28 21:56 102,912 -------- c:\windows\system32\dllcache\occache.dll 2009-04-28 21:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll 2009-04-28 21:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll 2009-04-28 21:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll 2009-04-28 02:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe 2009-04-28 02:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe 2009-04-24 22:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe 2009-04-24 22:26 161,792 -------- c:\windows\system32\dllcache\ieakui.dll 2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys 2009-04-17 05:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys 2007-08-08 14:49 60,968 a------- c:\documents and settings\kurt\GoToAssistDownloadHelper.exe 2008-09-20 13:53 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092020080921\index.dat ============= FINISH: 19:56:21.11 =============== Attached File(s)* Attach.zip ( 4.34K ) Number of downloads: 59

extremeboy View Member Profile	Jul 16 2009, 04:18 PM Post #14
Advanced Member Group: Malware Team Posts: 546 Joined: 10-October 08 Member No.: 81,919 Operating System: Windows Xp Pro Windows Vista Premium	Hello. Logs are clean. Please follow/read the steps below to remove the tools we used, purge a system restore and for some more information. Cleanup! with OTM Let's remove all the tools we've used so far using OTM Double click the icon on your desktop to run it. If you are using Vista, please right-click and choose run as administrator. Now Click the at the top. You will recieve a prompt saying "Being Cleanup Process?" Please press Yes If required for a reboot click Yes Delete OTM.exe if does not get automatically deleted upon reboot. Create a New System Restore Point<- Very Important Now you should Create a New Restore Point *to prevent possible reinfection* from an old one*. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is: Go to Start* > Programs > Accessories > System Tools and click "System Restore". Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore. Then use Disk Cleanup to remove all but the most recently created Restore Point. Go to Start > Run and type: Cleanmgr Click "Ok" Disk Cleanup will scan your files for several minutes, then open. Click the "More Options" Tab. Click the "Clean up" button under System Restore. Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?" Click Yes, then click Ok. Click Yes again when prompted with "Are you sure you want to perform these actions?" Disk Cleanup will remove the files and close automatically. Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup. System A bit Slow? Try StartupLight You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance. If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware. Congratulations! You now appear clean! Now that you are clean, please follow these simple steps in order to keep your computer clean and secure: Preventing Infections in the Future Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection: So How did I get infected? Miekies' prevention suggestions Hardening Windows Security - Part 1 & Part 2. Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. Disable Autorun on Flash-Drive/Removable Drives When is AUTORUN.INF really an AUTORUN.INF? QUOTE USB worms work by creating a file called AUTORUN.INF on the root of USB drives. These INF files then use Autorun or Autoplay (not the same thing!) to execute themselves either when the stick is inserted, or more commonly, when the user double-clicks on the USB drive icon from My Computer (Windows Explorer)... Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks and Please disable Autorun asap!. If using Windows Vista, please refer to: "Disable AutoPlay in Windows Vista" "Preventing AutoPlay with Local Group Policy Editor or AutoPlay options panel" Note: When Autorun is disabled, double-clicking a drive which has autorun.inf in its root directory may still activate Autorun so be careful. Vist the WindowsUpdate Site Regularly I recommend you regularly visit the Windows Update Site! Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating. Update ALL Critical updates and any other Windows updates for services/programs that you use. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates. Note that it will download them for you, but you still have to actually click install. Update Non-Microsoft Programs It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates. Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there: Simple and easy ways to keep your computer safe and secure on the Internet If you have no more questions, comments or problems please tell us, so we can close off the topic. Thanks With Regards, Extremeboy

kjstroubledpc View Member Profile	Jul 16 2009, 07:17 PM Post #15
New Member Group: Authentic Member Posts: 8 Joined: 4-July 09 Member No.: 86,538 Operating System: Windows XP	Extremeboy, Did as you suggested. Thank you very much for your help. Everything is working much faster, and it's good to know I am now clean. I really appreciate the time you volunteered to help me out. Not sure what I would have done without your help. Best Regards, kjstroubledpc

« Next Oldest · Infections Removal · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies	Topic Starter	Views	Last Action
Notebooks Slow Computer Not enough VM	0	tlm	0	4 minutes ago Last post by: tlm
Microsoft Windows™ Computer super slow loading and anything with graphics 123	39	loubratt	1,076	Today, 12:03 PM Last post by: appleoddity
Infections Removal [Resolved] spyware/ fake antivirus 12	29	83valentine	302	Today, 11:38 AM Last post by: ken545
Infections Removal [Resolved] laptop running slow	14	juibre	166	Today, 11:37 AM Last post by: ken545