Jump to content

Recommended Posts

I have run a scan w/ GMER but it never stopped for hours and I exited and tried to open and copy stuff or print screen some of the logs but my computer freezes when i open it to any other program...here are the logs i am able to send and the attached zip folder...

DDS (Ver_10-03-17.01) - NTFSx86

Run by HP_Owner at 23:12:23.31 on Fri 05/14/2010

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.525 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe

C:\WINDOWS\system32\NLSSRV32.EXE

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\imapi.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\windows\system\hpsysdrv.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\WINDOWS\ALCMTR.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe

C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\SVXWY1SY\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop

uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop

uInternet Settings,ProxyOverride = <local>

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: BrowserHelper Class: {8a9d74f9-560b-4fe7-abeb-3b2e638e5cd6} - c:\program files\sgpsa\SearchAssistant.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File

TB: {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [PMSpeed] c:\program files\newsoft\presto! pagemanager 8 for ep\PMSpeed.EXE

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe

mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [KBD] c:\hp\kbd\KBD.EXE

mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [PS2] c:\windows\system32\ps2.exe

mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"

mRun: [soundMan] SOUNDMAN.EXE

mRun: [AlcWzrd] ALCWZRD.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [AGRSMMSG] AGRSMMSG.exe

IE: &Search - ?s=100000343&p=ZKman000&si=&a=IipwOX5PXEFIuvqEBQ12MA&n=2010040716

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1257998661078

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258063188859

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

Notify: igfxcui - igfxsrvc.dll

Notify: LMIinit - LMIinit.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-5-14 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-5-14 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-14 267432]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-14 60936]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-11-12 47640]

R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2009-12-16 188736]

R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2009-12-16 65856]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-25 135664]

S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-05-15 06:03:03 0 ----a-w- c:\documents and settings\hp_owner\defogger_reenable

2010-05-15 05:59:52 0 d-----w- c:\windows\Options

2010-05-15 05:36:34 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-05-15 05:36:33 0 d-----w- c:\program files\Avira

2010-05-15 05:36:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira

2010-05-14 17:29:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-14 17:29:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-14 17:29:20 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-14 16:15:42 0 d-----w- c:\program files\Trend Micro

2010-05-14 15:49:43 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-05-08 09:40:14 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll

2010-05-08 09:40:14 17728 ----a-w- c:\windows\system32\nitrolocalui.dll

2010-05-08 09:39:49 0 d-----w- c:\program files\common files\Nitro PDF

2010-05-08 09:39:47 0 d-----w- c:\program files\Nitro PDF

2010-05-08 09:37:39 0 d-----w- c:\docume~1\hp_owner\applic~1\Downloaded Installations

2010-05-05 02:39:43 0 d-----w- c:\docume~1\hp_owner\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2010-05-03 01:57:28 0 d-----w- c:\docume~1\hp_owner\applic~1\deskPDF

2010-05-03 01:55:00 20886 ----a-w- c:\windows\system32\ddmon.dll

2010-05-03 01:54:38 0 d-----w- c:\program files\Docudesk

==================== Find3M ====================

2010-03-10 13:18:21 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe

2010-03-10 13:18:20 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll

2010-03-09 11:09:18 430080 ------w- c:\windows\system32\dllcache\vbscript.dll

2010-03-03 16:13:50 70984 ----a-w- c:\documents and settings\hp_owner\g2mdlhlpx.exe

2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys

2010-02-23 05:20:02 634648 ------w- c:\windows\system32\dllcache\iexplore.exe

2010-02-23 05:18:28 161792 ------w- c:\windows\system32\dllcache\ieakui.dll

2010-02-17 16:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe

2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe

2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe

2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe

============= FINISH: 23:13:06.59 ===============

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:16:01 AM, on 5/14/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17023)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\system32\hkcmd.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Documents and Settings\HP_Owner\Desktop\JavaRa.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PMSpeed] C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US

O8 - Extra context menu item: &Search - ?s=100000343&p=ZKman000&si=&a=IipwOX5PXEFIuvqEBQ12MA&n=2010040716

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Absolute Poker - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Documents and Settings\HP_Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)

O9 - Extra 'Tools' menuitem: Absolute Poker - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Documents and Settings\HP_Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1257998661078

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1258063188859

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe

O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe

O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\NLSSRV32.EXE

--

End of file - 9565 bytes

Internet Explorer 7.0.5730.13

5/14/2010 11:21:25 AM

mbam-log-2010-05-14 (11-21-25).txt

Scan type: Quick scan

Objects scanned: 154185

Time elapsed: 12 minute(s), 23 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 10

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

___________________________________________

i can not get any log files from the GMER without this freezing..

Attach_dds2.zip

Link to post
Share on other sites

Hi - Thank you for replying. My computer is going slow a lot and also freezes sometimes and I have a lot of processes that auto start-up and I have to go an 'end processes' for each one, everytime. I can't find where to perminity remove these, but a lot of them I have looked up on google searches and they are malware? Also, I was told that my ex added some type of key-logger to see what I am typing, but I haven't found anything? I do know that my computer runs way slower and 'thinks' almost non-stop. When I downloaded the GMER it scanned for a very long time and froze everything else on my computer and never saved anything when i hit the save button...just froze the computer. Here is the new logs...

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4104

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

5/15/2010 4:15:00 PM

mbam-log-2010-05-15 (16-15-00).txt

Scan type: Quick scan

Objects scanned: 158104

Time elapsed: 16 minute(s), 44 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

here is the new AVIRA scan...

Avira AntiVir Personal

Report file date: Saturday, May 15, 2010 13:43

Scanning for 2118977 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : HPDESKTOP

Version information:

BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00

AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 20:37:38

AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 20:57:04

LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 02:33:04

LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 07:40:49

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 17:05:36

VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 03:27:49

VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 01:37:42

VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 00:37:42

VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 19:29:03

VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 05:55:37

VBASE006.VDF : 7.10.6.83 2048 Bytes 4/15/2010 05:55:37

VBASE007.VDF : 7.10.6.84 2048 Bytes 4/15/2010 05:55:37

VBASE008.VDF : 7.10.6.85 2048 Bytes 4/15/2010 05:55:37

VBASE009.VDF : 7.10.6.86 2048 Bytes 4/15/2010 05:55:37

VBASE010.VDF : 7.10.6.87 2048 Bytes 4/15/2010 05:55:38

VBASE011.VDF : 7.10.6.88 2048 Bytes 4/15/2010 05:55:38

VBASE012.VDF : 7.10.6.89 2048 Bytes 4/15/2010 05:55:38

VBASE013.VDF : 7.10.6.90 2048 Bytes 4/15/2010 05:55:38

VBASE014.VDF : 7.10.6.123 126464 Bytes 4/19/2010 05:55:39

VBASE015.VDF : 7.10.6.152 123392 Bytes 4/21/2010 05:55:39

VBASE016.VDF : 7.10.6.178 122880 Bytes 4/22/2010 05:55:40

VBASE017.VDF : 7.10.6.206 120320 Bytes 4/26/2010 05:55:41

VBASE018.VDF : 7.10.6.232 99328 Bytes 4/28/2010 05:55:41

VBASE019.VDF : 7.10.7.2 155648 Bytes 4/30/2010 05:55:42

VBASE020.VDF : 7.10.7.26 119808 Bytes 5/4/2010 05:55:42

VBASE021.VDF : 7.10.7.51 118272 Bytes 5/6/2010 05:55:43

VBASE022.VDF : 7.10.7.75 404992 Bytes 5/10/2010 05:55:45

VBASE023.VDF : 7.10.7.100 125440 Bytes 5/13/2010 05:55:45

VBASE024.VDF : 7.10.7.101 2048 Bytes 5/13/2010 05:55:45

VBASE025.VDF : 7.10.7.102 2048 Bytes 5/13/2010 05:55:46

VBASE026.VDF : 7.10.7.103 2048 Bytes 5/13/2010 05:55:46

VBASE027.VDF : 7.10.7.104 2048 Bytes 5/13/2010 05:55:46

VBASE028.VDF : 7.10.7.105 2048 Bytes 5/13/2010 05:55:46

VBASE029.VDF : 7.10.7.106 2048 Bytes 5/13/2010 05:55:46

VBASE030.VDF : 7.10.7.107 2048 Bytes 5/13/2010 05:55:47

VBASE031.VDF : 7.10.7.111 68096 Bytes 5/14/2010 05:55:47

Engineversion : 8.2.1.242

AEVDF.DLL : 8.1.2.0 106868 Bytes 5/15/2010 05:55:59

AESCRIPT.DLL : 8.1.3.29 1343866 Bytes 5/15/2010 05:55:59

AESCN.DLL : 8.1.6.1 127347 Bytes 5/15/2010 05:55:57

AESBX.DLL : 8.1.3.1 254324 Bytes 5/15/2010 05:56:00

AERDL.DLL : 8.1.4.6 541043 Bytes 5/15/2010 05:55:57

AEPACK.DLL : 8.2.1.1 426358 Bytes 3/19/2010 20:34:51

AEOFFICE.DLL : 8.1.1.0 201081 Bytes 5/15/2010 05:55:56

AEHEUR.DLL : 8.1.1.27 2670967 Bytes 5/15/2010 05:55:55

AEHELP.DLL : 8.1.11.3 242039 Bytes 4/2/2010 00:05:25

AEGEN.DLL : 8.1.3.9 377203 Bytes 5/15/2010 05:55:51

AEEMU.DLL : 8.1.2.0 393588 Bytes 5/15/2010 05:55:50

AECORE.DLL : 8.1.15.3 192886 Bytes 5/15/2010 05:55:49

AEBB.DLL : 8.1.1.0 53618 Bytes 5/15/2010 05:55:49

AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 20:03:38

AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 20:03:35

AVREP.DLL : 10.0.0.8 62209 Bytes 2/19/2010 00:47:40

AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 20:35:46

AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 20:39:51

AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 20:22:13

AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 17:53:30

SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 20:57:58

AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 23:38:56

NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 22:41:00

RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 21:10:20

RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 22:14:29

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, D:,

Process scan........................: on

Extended process scan...............: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Start of the scan: Saturday, May 15, 2010 13:43

Starting search for hidden objects.

HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc\Config\Standalone\drivelist

[NOTE] The registry entry is invisible.

The scan of running processes will be started

Scan process 'msdtc.exe' - '40' Module(s) have been scanned

Scan process 'dllhost.exe' - '59' Module(s) have been scanned

Scan process 'dllhost.exe' - '45' Module(s) have been scanned

Scan process 'vssvc.exe' - '48' Module(s) have been scanned

Scan process 'avscan.exe' - '70' Module(s) have been scanned

Scan process 'avcenter.exe' - '71' Module(s) have been scanned

Scan process 'wlcomm.exe' - '69' Module(s) have been scanned

Scan process 'NOTEPAD.EXE' - '27' Module(s) have been scanned

Scan process 'NOTEPAD.EXE' - '27' Module(s) have been scanned

Scan process 'aim.exe' - '69' Module(s) have been scanned

Scan process 'GoogleToolbarNotifier.exe' - '54' Module(s) have been scanned

Scan process 'msnmsgr.exe' - '140' Module(s) have been scanned

Scan process 'iPodService.exe' - '31' Module(s) have been scanned

Scan process 'PMSpeed.EXE' - '44' Module(s) have been scanned

Scan process 'ctfmon.exe' - '25' Module(s) have been scanned

Scan process 'AGRSMMSG.exe' - '19' Module(s) have been scanned

Scan process 'avgnt.exe' - '52' Module(s) have been scanned

Scan process 'WrtProc.exe' - '17' Module(s) have been scanned

Scan process 'EEventManager.exe' - '60' Module(s) have been scanned

Scan process 'WrtMon.exe' - '17' Module(s) have been scanned

Scan process 'ALCMTR.EXE' - '26' Module(s) have been scanned

Scan process 'ALCWZRD.EXE' - '29' Module(s) have been scanned

Scan process 'SOUNDMAN.EXE' - '25' Module(s) have been scanned

Scan process 'lsburnwatcher.exe' - '27' Module(s) have been scanned

Scan process 'iTunesHelper.exe' - '30' Module(s) have been scanned

Scan process 'hkcmd.exe' - '30' Module(s) have been scanned

Scan process 'hpsysdrv.exe' - '14' Module(s) have been scanned

Scan process 'jusched.exe' - '20' Module(s) have been scanned

Scan process 'Explorer.EXE' - '117' Module(s) have been scanned

Scan process 'alg.exe' - '33' Module(s) have been scanned

Scan process 'svchost.exe' - '43' Module(s) have been scanned

Scan process 'avshadow.exe' - '26' Module(s) have been scanned

Scan process 'NLSSRV32.EXE' - '14' Module(s) have been scanned

Scan process 'NitroPDFDriverService.exe' - '19' Module(s) have been scanned

Scan process 'MDM.EXE' - '22' Module(s) have been scanned

Scan process 'GoogleUpdate.exe' - '36' Module(s) have been scanned

Scan process 'LSSrvc.exe' - '11' Module(s) have been scanned

Scan process 'jqs.exe' - '33' Module(s) have been scanned

Scan process 'avguard.exe' - '54' Module(s) have been scanned

Scan process 'eEBSVC.exe' - '23' Module(s) have been scanned

Scan process 'svchost.exe' - '33' Module(s) have been scanned

Scan process 'sched.exe' - '46' Module(s) have been scanned

Scan process 'spoolsv.exe' - '69' Module(s) have been scanned

Scan process 'svchost.exe' - '41' Module(s) have been scanned

Scan process 'svchost.exe' - '32' Module(s) have been scanned

Scan process 'svchost.exe' - '162' Module(s) have been scanned

Scan process 'svchost.exe' - '39' Module(s) have been scanned

Scan process 'svchost.exe' - '54' Module(s) have been scanned

Scan process 'lsass.exe' - '58' Module(s) have been scanned

Scan process 'services.exe' - '36' Module(s) have been scanned

Scan process 'winlogon.exe' - '77' Module(s) have been scanned

Scan process 'csrss.exe' - '14' Module(s) have been scanned

Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

Master boot sector HD2

[iNFO] No virus was found!

Master boot sector HD3

[iNFO] No virus was found!

Master boot sector HD4

[iNFO] No virus was found!

Master boot sector HD5

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '1700' files ).

Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip

[DETECTION] Contains suspicious code GEN/PwdZIP

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch4.zip

[DETECTION] Contains suspicious code GEN/PwdZIP

C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\6.0\17\2ff2a511-4d1ece87

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the EXP/Java.Agent.F.6 exploit

--> quote/GReader.class

[DETECTION] Contains recognition pattern of the EXP/Java.Agent.F.6 exploit

C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\0CNJWW27\bidding[1].htm

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\0CNJWW27\cd[1].htm

[DETECTION] Contains recognition pattern of the HTML/Crypted.Gen HTML script virus

C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\0QUNHUBQ\cust[1].htm

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\2D7L63XM\all[1].pdf

[0] Archive type: PDF Stream

[DETECTION] Contains recognition pattern of the EXP/Pidief.6367 exploit

--> Object

[DETECTION] Contains recognition pattern of the EXP/Pidief.6367 exploit

C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\2D7L63XM\libtiff[1].pdf

[0] Archive type: PDF Stream

[DETECTION] Contains recognition pattern of the EXP/Pidief.arx exploit

--> Object

[DETECTION] Contains recognition pattern of the EXP/Pidief.arx exploit

C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\BDJGTSVY\index[3].htm

[DETECTION] Contains recognition pattern of the EXP/Pidief.dbw.7 exploit

C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\SVXWY1SY\cust[1].htm

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

Begin scan in 'D:\' <HP_RECOVERY>

Beginning disinfection:

C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\SVXWY1SY\cust[1].htm

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

[WARNING] The file was ignored!

C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\BDJGTSVY\index[3].htm

[DETECTION] Contains recognition pattern of the EXP/Pidief.dbw.7 exploit

[WARNING] The file was ignored!

C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\2D7L63XM\libtiff[1].pdf

[DETECTION] Contains recognition pattern of the EXP/Pidief.arx exploit

[WARNING] The file was ignored!

C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\2D7L63XM\all[1].pdf

[DETECTION] Contains recognition pattern of the EXP/Pidief.6367 exploit

[WARNING] The file was ignored!

C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\0QUNHUBQ\cust[1].htm

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

[WARNING] The file was ignored!

C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\0CNJWW27\cd[1].htm

[DETECTION] Contains recognition pattern of the HTML/Crypted.Gen HTML script virus

[WARNING] The file was ignored!

C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\0CNJWW27\bidding[1].htm

[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus

[WARNING] The file was ignored!

C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\6.0\17\2ff2a511-4d1ece87

[DETECTION] Contains recognition pattern of the EXP/Java.Agent.F.6 exploit

[WARNING] The file was ignored!

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch4.zip

[DETECTION] Contains suspicious code GEN/PwdZIP

[NOTE] The detection was classified as suspicious.

[WARNING] The file was ignored!

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip

[DETECTION] Contains suspicious code GEN/PwdZIP

[NOTE] The detection was classified as suspicious.

[WARNING] The file was ignored!

End of the scan: Saturday, May 15, 2010 14:37

Used time: 53:55 Minute(s)

The scan has been done completely.

8807 Scanned directories

394410 Files were scanned

8 Viruses and/or unwanted programs were found

2 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

0 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

394400 Files not concerned

16282 Archives were scanned

10 Warnings

2 Notes

521926 Objects were scanned with rootkit scan

1 Hidden objects were found

I attached a doc that shows some of the processes running that I can't get off... not sure if any of these are making my computer slower?

Microsoft_Word___Processes.PDF

Link to post
Share on other sites

Here is the Hijack info as well if it helps?

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:44:45 PM, on 5/15/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17023)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe

C:\WINDOWS\system32\NLSSRV32.EXE

C:\WINDOWS\system32\svchost.exe

c:\WINDOWS\system32\ZuneBusEnum.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\WINDOWS\ALCMTR.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PMSpeed] C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US

O8 - Extra context menu item: &Search - ?s=100000343&p=ZKman000&si=&a=IipwOX5PXEFIuvqEBQ12MA&n=2010040716

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Absolute Poker - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Documents and Settings\HP_Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)

O9 - Extra 'Tools' menuitem: Absolute Poker - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Documents and Settings\HP_Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1257998661078

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1258063188859

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe

O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\NLSSRV32.EXE

--

End of file - 10451 bytes

Link to post
Share on other sites

  • Staff
and I have a lot of processes that auto start-up and I have to go an 'end processes' for each one, everytime. I can't find where to perminity remove these, but a lot of them I have looked up on google searches and they are malware?
Which ones are you referring to??

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.