Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] SUSPECTED MALWARE ON MY LAPTOP - SLOW RESPONSES


  • This topic is locked This topic is locked
13 replies to this topic

#1 andreas

andreas

    Authentic Member

  • Authentic Member
  • PipPip
  • 81 posts

Posted 02 October 2009 - 08:36 AM

Hi, The memory on my laptop when using the internet in particular and opening IE pages is very slow. Malware suspected, I have done a sytem scan and removed harmful findings with superantispyware. My antivirus is Avast and my firewall is Comodo. would appreciate any help and advice. I have included a hijackthis file below. For further info re my laptop eg; logs, specs, hijackthis etc....please ask Thankyou andy.T

    Advertisements

Register to Remove


#2 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 06 October 2009 - 11:49 AM

Hi andreas,

:welcome:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

I'm not seeing any HijackThis log. :unsure:

Let's get some information.

  • Download DDS and save it to your desktop from
  • Here
  • here or
  • here.
    • Disable any script blocking protection (How to Disable your Security Programs)
    • Double click DDS icon to run the tool (may take up to 3 minutes to run)
    • When done, DDS.txt will open.
    • After a few moments, attach.txt will open in a second window.
    • Save both reports to your desktop.
  • We Need to check for Rootkits with RootRepeal
    • Download RootRepeal from one of the following locations and save it to your desktop.
    • Open Posted Image on your desktop.
    • Click the Posted Image tab.
    • Click the Posted Image button.
    • In the Select Scan dialog, check
      Posted Image
    • Push Ok
    • Check the box for your main system drive (Usually C:), and press Ok.
    • Allow RootRepeal to run a scan of your system. This may take some time.
    • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt.
  • Copy/paste the log (that you've previously saved to your desktop) from RootRepeal onto your post.

  • Copy/paste the DDS.txt log (that you've previously saved to your desktop) onto your post.

  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#3 andreas

andreas

    Authentic Member

  • Authentic Member
  • PipPip
  • 81 posts

Posted 07 October 2009 - 06:14 AM

Hi Tomk
And thankyou for taking on my case.
Sorry that I didnt include the hijack this log in my opening thread, I thought that was to be done once my case was assigned.
anyway, here it is now, ...in the meantime i will get the other logs that you asked for.
regards
Andreas


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:08:46, on 07/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Silvercrest OM1007 driver\StartAutorun.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\Silvercrest OM1007 driver\KMConfig.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Silvercrest OM1007 driver\KMWDSrv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Silvercrest OM1007 driver\KMProcess.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\TalkTalk\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Silvercrest OM1007 driver\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\cssdll32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Silvercrest OM1007 driver\KMWDSrv.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe

--
End of file - 9798 bytes

#4 andreas

andreas

    Authentic Member

  • Authentic Member
  • PipPip
  • 81 posts

Posted 07 October 2009 - 06:33 AM

Tomk Below are logs from Rootrepeal and DDS.. Hope this helps andreas ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/10/07 13:25 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xF6586000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF8A7C000 Size: 8192 File Visible: No Signed: - Status: - Name: hiber_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\hiber_WMILIB.SYS Address: 0xF8A82000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xF28B5000 Size: 49152 File Visible: No Signed: - Status: - SSDT ------------------- #: 011 Function Name: NtAdjustPrivilegesToken Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf686e2a0 #: 025 Function Name: NtClose Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf65a66b8 #: 031 Function Name: NtConnectPort Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf686d7c2 #: 037 Function Name: NtCreateFile Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf686de5c #: 041 Function Name: NtCreateKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf65a6574 #: 046 Function Name: NtCreatePort Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf686d51c #: 050 Function Name: NtCreateSection Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf686f776 #: 052 Function Name: NtCreateSymbolicLinkObject Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf686e486 #: 053 Function Name: NtCreateThread Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf686d0ea #: 063 Function Name: NtDeleteKey Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf686e6d4 #: 065 Function Name: NtDeleteValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf65a6a52 #: 068 Function Name: NtDuplicateObject Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf65a614c #: 097 Function Name: NtLoadDriver Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf686f3f8 #: 105 Function Name: NtMakeTemporaryObject Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf686da46 #: 116 Function Name: NtOpenFile Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf686e094 #: 119 Function Name: NtOpenKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf65a664e #: 122 Function Name: NtOpenProcess Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf65a608c #: 125 Function Name: NtOpenSection Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf686dcd6 #: 128 Function Name: NtOpenThread Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf65a60f0 #: 177 Function Name: NtQueryValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf65a676e #: 192 Function Name: NtRenameKey Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf686ee30 #: 200 Function Name: NtRequestWaitReplyPort Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf686d63a #: 204 Function Name: NtRestoreKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf65a672e #: 210 Function Name: NtSecureConnectPort Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf686f194 #: 240 Function Name: NtSetSystemInformation Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf686f5a6 #: 247 Function Name: NtSetValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf65a68ae #: 249 Function Name: NtShutdownSystem Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf686d9e0 #: 255 Function Name: NtSystemDebugControl Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf686dbca #: 257 Function Name: NtTerminateProcess Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xf67510b0 #: 258 Function Name: NtTerminateThread Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf686d2b4 ==EOF== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-06-26.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 29/04/2008 12:54:29 System Uptime: 10/05/2009 18:47:22 (3595 hours ago) Motherboard: IBM | | 2366FG1 Processor: Intel® Pentium® 4 Mobile CPU 1.80GHz | None | 1798/400mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 37 GiB total, 26.843 GiB free. D: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP164: 14/05/2009 11:48:31 - Tomk instruction RP165: 15/05/2009 16:32:19 - Software Distribution Service 3.0 RP166: 12/06/2009 03:00:28 - Software Distribution Service 3.0 RP167: 13/06/2009 10:00:48 - Software Distribution Service 3.0 RP168: 03/07/2009 00:53:59 - Software Distribution Service 3.0 RP169: 08/07/2009 23:27:21 - Installed Windows Media Player 11 RP170: 08/07/2009 23:28:17 - Software Distribution Service 3.0 RP171: 09/07/2009 09:45:35 - Software Distribution Service 3.0 RP172: 10/07/2009 11:15:26 - Software Distribution Service 3.0 RP173: 17/07/2009 17:28:19 - Software Distribution Service 3.0 RP174: 22/07/2009 15:38:33 - Software Distribution Service 3.0 RP175: 29/07/2009 23:05:48 - Software Distribution Service 3.0 RP176: 04/08/2009 14:52:32 - System Checkpoint RP177: 06/08/2009 13:11:47 - System Checkpoint RP178: 19/08/2009 09:48:21 - Software Distribution Service 3.0 RP179: 25/08/2009 12:47:38 - Software Distribution Service 3.0 RP180: 11/09/2009 13:51:27 - Software Distribution Service 3.0 RP181: 11/09/2009 14:19:45 - Installed Windows XP KB954708. RP182: 11/09/2009 14:20:29 - Installed DirectX RP183: 21/09/2009 13:59:42 - Software Distribution Service 3.0 RP184: 21/09/2009 17:15:12 - Software Distribution Service 3.0 RP185: 23/09/2009 11:01:36 - Printer Driver Microsoft XPS Document Writer Installed RP186: 24/09/2009 09:35:31 - Software Distribution Service 3.0 RP187: 25/09/2009 09:38:14 - Software Distribution Service 3.0 ==== Installed Programs ====================== ABBYY FineReader 5.0 Sprint Adobe Acrobat 5.0 Adobe Flash Player 10 ActiveX Adobe Illustrator 9.0 Adobe InDesign CS Adobe Photoshop 7.0 Agere Systems AC'97 Modem ATI Display Driver avast! Antivirus AVS DVD Copy version 3.1 AVS DVD Player version 2.4 AVS Update Manager 1.0 AVS4YOU Software Navigator 1.3 BBC iPlayer Download Manager Canon IXY 200a, PowerShot S200, IXUS v2 WIA Driver Canon PhotoRecord Canon Utilities PhotoStitch 3.1 Canon Utilities RAW Image Converter2 Canon Utilities RemoteCapture 2.4 Canon Utilities ZoomBrowser EX COMODO Firewall Pro COMODO SafeSurf ConnectGoV5UpdateVer2 Critical Update for Windows Media Player 11 (KB959772) Dr SpeedTouch EPSON PhotoQuicker3.5 EPSON Print CD EPSON PRINT Image Framer Tool2.1 EPSON Printer Software ESPR200 Reference Guide ESPR200 Software Guide FaxTools Google Toolbar for Internet Explorer HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB954708) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) IBM ThinkPad Power Management Driver IBM ThinkPad UltraNav Driver Java™ 6 Update 11 Java™ 6 Update 7 Junk Mail filter update Lexmark X1100 Series Lucent Technologies Soft Modem AMR Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable MSVCRT PIF DESIGNER2.1 RealPlayer ScanToWeb Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB963027) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969897) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972260) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Segoe UI Silvercrest OM1007 driver SpeedTouch USB Software SUPERAntiSpyware Free Edition TalkTalk Assist & Go Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows XP (KB942763) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955839) Update for Windows XP (KB961503) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB973815) WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Toolbar Windows Live Upload Tool Windows Live Writer Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 WinZip ==== Event Viewer Messages From Past Week ======== 30/09/2009 20:03:22, error: MRxSmb [8003] - The master browser has received a server announcement from the computer HARDAF-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1DA869CF-C0DE-4383. The master browser is stopping or an election is being forced. 30/09/2009 14:20:26, error: MRxSmb [8003] - The master browser has received a server announcement from the computer PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1DA869CF-C0DE-4383-B677. The master browser is stopping or an election is being forced. 01/10/2009 14:51:07, error: Dhcp [1002] - The IP address lease 192.168.0.14 for the Network Card with network address 00053C03CB35 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message). 01/10/2009 14:51:01, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service. 01/10/2009 04:51:45, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the JavaQuickStarterService service. ==== End Of File ===========================

#5 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 07 October 2009 - 08:45 AM

andreas,

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "JRE 6 Update 16".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version.
Now to Clean out the Java cache:

Go into the Control Panel and double-click the Java Icon. Posted Image
  • Under Temporary Internet Files, click the Settings... button
  • click the Delete Files button.
  • There are two options in the window to clear the cache - Leave both Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Settings
  • Click OK to leave the Java Control Panel.

You have provided attach.txt but not DDS.txt. Please run DDS again and be sure to provide both logs.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#6 andreas

andreas

    Authentic Member

  • Authentic Member
  • PipPip
  • 81 posts

Posted 07 October 2009 - 11:00 AM

Ok Tomk.......All done Plus the two DDS files that you requested are below Andreas ------------------------------- UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-06-26.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 29/04/2008 12:54:29 System Uptime: 10/07/2009 17:32:48 (2136 hours ago) Motherboard: IBM | | 2366FG1 Processor: Intel® Pentium® 4 Mobile CPU 1.80GHz | None | 1798/400mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 37 GiB total, 26.816 GiB free. D: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP164: 14/05/2009 11:48:31 - Tomk instruction RP165: 15/05/2009 16:32:19 - Software Distribution Service 3.0 RP166: 12/06/2009 03:00:28 - Software Distribution Service 3.0 RP167: 13/06/2009 10:00:48 - Software Distribution Service 3.0 RP168: 03/07/2009 00:53:59 - Software Distribution Service 3.0 RP169: 08/07/2009 23:27:21 - Installed Windows Media Player 11 RP170: 08/07/2009 23:28:17 - Software Distribution Service 3.0 RP171: 09/07/2009 09:45:35 - Software Distribution Service 3.0 RP172: 10/07/2009 11:15:26 - Software Distribution Service 3.0 RP173: 17/07/2009 17:28:19 - Software Distribution Service 3.0 RP174: 22/07/2009 15:38:33 - Software Distribution Service 3.0 RP175: 29/07/2009 23:05:48 - Software Distribution Service 3.0 RP176: 04/08/2009 14:52:32 - System Checkpoint RP177: 06/08/2009 13:11:47 - System Checkpoint RP178: 19/08/2009 09:48:21 - Software Distribution Service 3.0 RP179: 25/08/2009 12:47:38 - Software Distribution Service 3.0 RP180: 11/09/2009 13:51:27 - Software Distribution Service 3.0 RP181: 11/09/2009 14:19:45 - Installed Windows XP KB954708. RP182: 11/09/2009 14:20:29 - Installed DirectX RP183: 21/09/2009 13:59:42 - Software Distribution Service 3.0 RP184: 21/09/2009 17:15:12 - Software Distribution Service 3.0 RP185: 23/09/2009 11:01:36 - Printer Driver Microsoft XPS Document Writer Installed RP186: 24/09/2009 09:35:31 - Software Distribution Service 3.0 RP187: 25/09/2009 09:38:14 - Software Distribution Service 3.0 RP188: 07/10/2009 17:24:25 - Removed Java™ 6 Update 11 RP189: 07/10/2009 17:26:18 - Removed Java™ 6 Update 7 RP190: 07/10/2009 17:40:08 - Installed Java™ 6 Update 16 ==== Installed Programs ====================== ABBYY FineReader 5.0 Sprint Adobe Acrobat 5.0 Adobe Flash Player 10 ActiveX Adobe Illustrator 9.0 Adobe InDesign CS Adobe Photoshop 7.0 Agere Systems AC'97 Modem ATI Display Driver avast! Antivirus AVS DVD Copy version 3.1 AVS DVD Player version 2.4 AVS Update Manager 1.0 AVS4YOU Software Navigator 1.3 BBC iPlayer Download Manager Canon IXY 200a, PowerShot S200, IXUS v2 WIA Driver Canon PhotoRecord Canon Utilities PhotoStitch 3.1 Canon Utilities RAW Image Converter2 Canon Utilities RemoteCapture 2.4 Canon Utilities ZoomBrowser EX COMODO Firewall Pro COMODO SafeSurf ConnectGoV5UpdateVer2 Critical Update for Windows Media Player 11 (KB959772) Dr SpeedTouch EPSON PhotoQuicker3.5 EPSON Print CD EPSON PRINT Image Framer Tool2.1 EPSON Printer Software ESPR200 Reference Guide ESPR200 Software Guide FaxTools Google Toolbar for Internet Explorer HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB954708) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) IBM ThinkPad Power Management Driver IBM ThinkPad UltraNav Driver Java™ 6 Update 16 Junk Mail filter update Lexmark X1100 Series Lucent Technologies Soft Modem AMR Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable MSVCRT PIF DESIGNER2.1 RealPlayer ScanToWeb Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB963027) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969897) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972260) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Segoe UI Silvercrest OM1007 driver SpeedTouch USB Software SUPERAntiSpyware Free Edition TalkTalk Assist & Go Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows XP (KB942763) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955839) Update for Windows XP (KB961503) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB973815) WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Toolbar Windows Live Upload Tool Windows Live Writer Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 WinZip ==== Event Viewer Messages From Past Week ======== 30/09/2009 20:03:22, error: MRxSmb [8003] - The master browser has received a server announcement from the computer HARDAF-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1DA869CF-C0DE-4383. The master browser is stopping or an election is being forced. 30/09/2009 14:20:26, error: MRxSmb [8003] - The master browser has received a server announcement from the computer PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1DA869CF-C0DE-4383-B677. The master browser is stopping or an election is being forced. 07/10/2009 17:36:54, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect. 07/10/2009 17:36:54, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 01/10/2009 14:51:07, error: Dhcp [1002] - The IP address lease 192.168.0.14 for the Network Card with network address 00053C03CB35 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message). 01/10/2009 14:51:01, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service. 01/10/2009 04:51:45, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the JavaQuickStarterService service. ==== End Of File =========================== ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ DDS (Ver_09-06-26.01) - NTFSx86 Run by user at 17:54:39.92 on 07/10/2009 Internet Explorer: 6.0.2900.5512 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.125 [GMT 1:00] AV: avast! antivirus 4.8.1351 [VPS 091007-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} ============== Running Processes =============== C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Silvercrest OM1007 driver\StartAutorun.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\COMODO\SafeSurf\cssurf.exe C:\Program Files\Silvercrest OM1007 driver\KMConfig.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\COMODO\Firewall\cfp.exe C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Kontiki\KHost.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Silvercrest OM1007 driver\KMProcess.exe C:\Program Files\WinZip\WZQKPICK.EXE svchost.exe C:\Program Files\Silvercrest OM1007 driver\KMWDSrv.exe C:\Program Files\Kontiki\KService.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\TalkTalk\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe C:\Program Files\Windows NT\Accessories\WORDPAD.EXE C:\WINDOWS\system32\msiexec.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\81G3CF4B\dds[1].scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.co.uk/ uSearch Page = hxxp://search.live.com uSearch Bar = hxxp://search.live.com/sphome.aspx mDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://search.live.com/sphome.aspx mURLSearchHooks: H - No File BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll uRun: [STManager] "c:\program files\speedtouch\dr speedtouch\drst.exe" -b uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [kdx] c:\program files\kontiki\KHost.exe -all uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [KMCONFIG] c:\program files\silvercrest om1007 driver\StartAutorun.exe KMConfig.exe mRun: [SpeedTouch USB Diagnostics] "c:\program files\thomson\speedtouch usb\Dragdiag.exe" /icon mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [COMODO SafeSurf] "c:\program files\comodo\safesurf\cssurf.exe" -s mRun: [COMODO Firewall Pro] "c:\program files\comodo\firewall\cfp.exe" -h mRun: [Lexmark X1100 Series] "c:\program files\lexmark x1100 series\lxbkbmgr.exe" mRun: [TalkTalk] "c:\program files\talktalk\bin\sprtcmd.exe" /P TalkTalk mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u mRun: [COMODO Internet Security] "c:\program files\comodo\firewall\cfp.exe" -h mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE IE: &Search IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: AtiExtEvent - Ati2evxx.dll AppInit_DLLs: c:\windows\system32\cssdll32.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ============= SERVICES / DRIVERS =============== R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-7-23 114768] R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-7-23 110992] R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-7-23 24336] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-5-28 9968] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 74480] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-7-23 20560] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-7-23 138680] R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\firewall\cmdagent.exe [2008-7-23 700152] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-11 54752] R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\silvercrest om1007 driver\KMWDSrv.exe [2007-6-16 208896] R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512] R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\talktalk\bin\sprtsvc.exe [2007-10-12 202016] R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\common files\supportsoft\bin\tgsrvc.exe [2007-8-2 148768] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-7-23 254040] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-7-23 352920] R3 IMWEB51;High Rate Wireless LAN Mini-PCI LAN Driver;c:\windows\system32\drivers\IMWEBN51.sys [2003-6-4 648704] R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 7408] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864] S3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [2008-4-29 802683] S3 NetWlan5;Symbol Based 802.11b Wireless LAN Card Driver;c:\windows\system32\drivers\NetWlan5.sys [2008-4-29 132695] =============== Created Last 30 ================ 2009-10-07 17:41 73,728 a------- c:\windows\system32\javacpl.cpl 2009-09-23 11:09 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat 2009-09-21 17:19 <DIR> --d----- c:\windows\system32\XPSViewer 2009-09-21 17:17 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll 2009-09-21 17:17 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-09-21 17:17 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll 2009-09-21 17:17 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-09-21 17:17 1,676,288 -------- c:\windows\system32\xpssvcs.dll 2009-09-21 17:17 575,488 -------- c:\windows\system32\xpsshhdr.dll 2009-09-21 17:17 117,760 -------- c:\windows\system32\prntvpt.dll 2009-09-21 17:17 <DIR> --d----- C:\23c016affc2745f36491c249 2009-09-14 11:19 12,928 ac------ c:\windows\system32\dllcache\dot4prt.sys 2009-09-14 11:19 12,928 a------- c:\windows\system32\drivers\Dot4Prt.sys 2009-09-14 11:19 324,608 ac------ c:\windows\system32\dllcache\hpojwia.dll 2009-09-14 11:19 324,608 a------- c:\windows\system32\hpojwia.dll 2009-09-14 11:19 18,411 a------- c:\windows\system32\hpo5500a.aio 2009-09-14 11:19 18,411 a------- c:\windows\system32\hpo5400a.aio 2009-09-14 11:19 18,411 a------- c:\windows\system32\hpo5300a.aio 2009-09-14 11:19 8,704 ac------ c:\windows\system32\dllcache\dot4scan.sys 2009-09-14 11:19 8,704 a------- c:\windows\system32\drivers\Dot4scan.sys 2009-09-14 11:18 23,808 ac------ c:\windows\system32\dllcache\dot4usb.sys 2009-09-14 11:18 23,808 a------- c:\windows\system32\drivers\Dot4usb.sys 2009-09-14 11:18 206,976 ac------ c:\windows\system32\dllcache\dot4.sys 2009-09-14 11:18 206,976 a------- c:\windows\system32\drivers\Dot4.sys 2009-09-14 10:56 268,648 a------- c:\windows\system32\mucltui.dll 2009-09-14 10:56 208,744 a------- c:\windows\system32\muweb.dll 2009-09-14 10:56 27,496 a------- c:\windows\system32\mucltui.dll.mui 2009-09-11 15:08 <DIR> --d----- c:\documents and settings\user\Tracing 2009-09-11 14:32 54,752 a------- c:\windows\system32\drivers\fssfltr_tdi.sys 2009-09-11 14:20 3,426,072 a------- c:\windows\system32\d3dx9_32.dll 2009-09-11 14:20 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition 2009-09-11 14:17 <DIR> --d----- c:\program files\Microsoft 2009-09-11 14:17 <DIR> --d----- c:\program files\Windows Live SkyDrive 2009-09-11 14:02 <DIR> --d----- c:\program files\common files\Windows Live 2009-09-11 13:54 153,088 -c------ c:\windows\system32\dllcache\triedit.dll ==================== Find3M ==================== 2009-10-07 17:40 411,368 a------- c:\windows\system32\deploytk.dll 2009-08-05 10:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll 2009-07-17 20:01 58,880 a------- c:\windows\system32\atl.dll 2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll 2009-07-10 12:15 306,544 a------- c:\windows\WLXPGSS.SCR ============= FINISH: 17:56:06.57 ===============

#7 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 07 October 2009 - 11:59 AM

andreas,

I'm not seeing anything nefarious. Let's get an online scan.


Please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#8 andreas

andreas

    Authentic Member

  • Authentic Member
  • PipPip
  • 81 posts

Posted 07 October 2009 - 07:43 PM

Ok Tomk scan results below...... A KASPERSKY ONLINE SCANNER 7.0: scan report Thursday, October 8, 2009 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Thursday, October 08, 2009 00:28:44 Records in database: 2931836 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Objects scanned: 63298 Threats found: 0 Infected objects found: 0 Suspicious objects found: 0 Scan duration: 01:50:07 No threats found. Scanned area is clean. Selected area has been scanned.

#9 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 08 October 2009 - 12:17 AM

andreas,

Log looks good :D


You need to create a new Clean restore point:

Click Start Menu > Run > copy and paste

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it (something you'll remember) and click Create, when the confirmation screen shows the restore point has been created click Close.

Remove all previous Restore Points
Click Start Menu > Run > copy and paste

cleanmgr

You may be asked to choose drive. Choose C: At top, click on More Options tab. Click Clean up... button in the System Restore box. Click on Yes button. When finished, click on Cancel button to exit.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Check "Hide file extensions for known file types."
Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
Check "Hide protected operating system files."
Click Apply, and then click OK.

Now to remove most of the tools that we have used in fixing your machine:
  • Make sure you have an Internet Connection.
  • Download OTC to your desktop and run it
  • A list of tool components used in the cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.


The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.

Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein


Also: "How to prevent malware"
by miekiemoes

Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved. :thumbup:
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#10 andreas

andreas

    Authentic Member

  • Authentic Member
  • PipPip
  • 81 posts

Posted 08 October 2009 - 08:42 AM

Ok TOMK All done......Hopefully I will start to notice an improvement in my pc's performance... Ill get on to reading the suggestions you gave. Could the large graphic programmes installed ie: Photoshop, Illustrator and Quark etc be slowing the memory down even though Im not using them? If so ...should I winzip them back up or something like that?....Just a thought. Anyway....I will rest assured that at least it is not infected in any way. Regards and thankyou Andreas

#11 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 08 October 2009 - 08:57 AM

andreas,

They shouldn't effect you when not running.

I would further suggest that you also read this tutorial on slow running computers
and Help! My computer is slow! by miekiemoes.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#12 andreas

andreas

    Authentic Member

  • Authentic Member
  • PipPip
  • 81 posts

Posted 08 October 2009 - 10:24 AM

Great Ill get on to that..... sounds very useful Ok. Tomk....I guess you can close the thread now.... All the best and thanks again Regards Andreas

#13 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 08 October 2009 - 10:51 AM

andreas, You are very welcome. Good luck and be Well. :thumbup:
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#14 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 08 October 2009 - 10:51 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users