Tech Support Forum - View Single Post

Everest63 · 07-09-2009, 08:51 PM

Hi,

The family laptop was very slow to boot and once at the desktop apps took a very long time to open. Then, Blue Screen STOP ERROR. Ran MalWareBytes in Safe Mode to remove over 260 infections. Most were in the Registry. Trojan Vundo was one and another was called MyWebSearch. I can provide the MalWareBytes log if needed.

-Andy

DDS (Ver_09-06-26.01) - NTFSx86
Run by Andrew at 22

56.69 on Thu 07/09/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.752 [GMT -4:00]

AV: avast! antivirus 4.8.1335 [VPS 090709-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Andrew\Desktop\dds.scr

============== Pseudo HJT Report ===============

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1246029836928
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1246038860259
Notify: AtiExtEvent - Ati2evxx.dll
Notify: Sebring - c:\windows\system32\LgNotify.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\andrew\applic~1\mozilla\firefox\profiles\3f2dk4km.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZNfox000&fl=0&ptb=Xip6MeZFKcF058iUh8wnjw&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-26 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-26 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-6-26 138680]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-26 24652]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-6-26 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-6-26 352920]

=============== Created Last 30 ================

2009-07-09 20:51 <DIR> --d----- c:\docume~1\andrew\applic~1\Malwarebytes
2009-07-09 20:50 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-09 20:50 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-09 20:50 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-09 20:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-07 21:44 <DIR> --d----- c:\windows\system32\Adobe
2009-07-01 16:30 <DIR> --d----- c:\program files\LWW
2009-06-26 18:26 268,648 a------- c:\windows\system32\mucltui.dll
2009-06-26 18:26 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-06-26 18:23 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2009-06-26 18:23 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-06-26 18:23 10,368 ac------ c:\windows\system32\dllcache\hidusb.sys
2009-06-26 18:23 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-06-26 14:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2009-06-26 14:58 <DIR> --d----- c:\program files\Viewpoint
2009-06-26 14:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\acccore
2009-06-26 14:58 <DIR> --d----- c:\program files\common files\AOL
2009-06-26 14:57 <DIR> --d----- c:\program files\AIM6
2009-06-26 14:57 454 a---h--- C:\IPH.PH
2009-06-26 14:10 <DIR> --d----- c:\windows\ie8updates
2009-06-26 14:08 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-26 14:08 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-26 14:08 1,985,024 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-06-26 14:08 11,064,832 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-06-26 13:52 376 a------- c:\windows\ODBC.INI
2009-06-26 13:52 28,040 a------- c:\windows\system32\mdimon.dll
2009-06-26 13:51 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-06-26 13:51 <DIR> --d----- c:\windows\SHELLNEW
2009-06-26 13:44 <DIR> --dsh--- c:\documents and settings\andrew\IECompatCache
2009-06-26 13:44 <DIR> --dsh--- c:\documents and settings\andrew\PrivacIE
2009-06-26 13:42 <DIR> --dsh--- c:\documents and settings\andrew\IETldCache
2009-06-26 13:31 <DIR> -cd-h--- c:\windows\ie8
2009-06-26 13:11 81,920 -c------ c:\windows\system32\dllcache\ieencode.dll
2009-06-26 13:11 81,920 -------- c:\windows\system32\ieencode.dll
2009-06-26 13:10 585,216 -c------ c:\windows\system32\dllcache\rpcrt4.dll
2009-06-26 13:10 1,847,168 -c------ c:\windows\system32\dllcache\win32k.sys
2009-06-26 13:10 345,600 -c------ c:\windows\system32\dllcache\localspl.dll
2009-06-26 13:08 1,288,192 -c------ c:\windows\system32\dllcache\quartz.dll
2009-06-26 13:08 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-06-26 13:08 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-06-26 13:08 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-06-26 13:08 8,461,312 -c------ c:\windows\system32\dllcache\shell32.dll
2009-06-26 13:07 144,896 -c------ c:\windows\system32\dllcache\schannel.dll
2009-06-26 13:07 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-06-26 13:05 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-06-26 13:05 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-06-26 12:09 <DIR> --d----- c:\windows\ServicePackFiles
2009-06-26 12:09 294,912 -c------ c:\windows\system32\dllcache\dlimport.exe
2009-06-26 12:05 19,569 a------- c:\windows\002891_.tmp
2009-06-26 11:27 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-06-26 11:27 <DIR> --d----- c:\windows\system32\PreInstall
2009-06-26 11:24 31,768 a------- c:\windows\system32\wucltui.dll.mui
2009-06-26 11:24 18,456 a------- c:\windows\system32\wuaueng.dll.mui
2009-06-26 11:24 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
2009-06-26 11:24 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-06-26 11:24 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-06-26 11:23 <DIR> --dsh--- c:\documents and settings\andrew\UserData
2009-06-26 11:21 1,063,936 a------- c:\windows\system32\drivers\HSF_DP.sys
2009-06-26 11:21 631,680 a------- c:\windows\system32\drivers\HSF_CNXT.sys
2009-06-26 11:21 400,553 a------- c:\windows\system32\drivers\del5422.cty
2009-06-26 11:21 189,056 a------- c:\windows\system32\drivers\HSFHWICH.sys
2009-06-26 11:21 90,112 a------- c:\windows\system32\mdmxsdk.dll
2009-06-26 11:21 27,765 a------- c:\windows\system32\HSFCI006.dll
2009-06-26 11:21 11,043 a------- c:\windows\system32\drivers\mdmxsdk.sys
2009-06-26 11:21 <DIR> --d----- c:\program files\CONEXANT
2009-06-26 11:17 94,600 a------- c:\windows\system32\drivers\Apfiltr.sys
2009-06-26 11:17 87,805 a------- c:\windows\system32\Vxdif.dll
2009-06-26 11:17 <DIR> --d----- c:\program files\Apoint
2009-06-26 11:16 <DIR> --d----- c:\program files\SigmaTel
2009-06-26 11:15 <DIR> --d-h--- c:\documents and settings\andrew\WLANProfiles
2009-06-26 11:14 14,037 a------- c:\windows\system32\drivers\mdc8021x.sys
2009-06-26 11:14 <DIR> --d----- c:\windows\system32\LogFiles
2009-06-26 11:14 966,656 a------- c:\windows\system32\W70MLRES.DLL
2009-06-26 11:14 966,656 a------- c:\windows\system32\W20MLRES.DLL
2009-06-26 11:13 2,477,952 a------- c:\windows\system32\drivers\w70n51.sys
2009-06-26 11:13 315,392 a------- c:\windows\system32\W20NCPA.dll
2009-06-26 11:13 32,768 a------- c:\windows\system32\w70n5msg.dll
2009-06-26 11:12 175,360 ac------ c:\windows\system32\dllcache\b57xp32.sys
2009-06-26 11:12 175,360 a----r-- c:\windows\system32\drivers\b57xp32.sys
2009-06-26 11:12 <DIR> --d----- c:\program files\Broadcom
2009-06-26 11:10 20,579 a------- c:\windows\system32\drivers\ozscr.sys
2009-06-26 11:10 7,236 a------- c:\windows\system32\drivers\OZSCRXP.CAT
2009-06-26 11:10 2,274 a------- c:\windows\system32\drivers\OZSCRXP.INF
2009-06-26 11:08 <DIR> --d----- c:\program files\ATI Technologies
2009-06-26 11:04 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-06-26 11:01 5 -------- c:\windows\system32\DELL_LAT_D600.MRK
2009-06-26 11:01 666 a------- c:\windows\speed.reg
2009-06-26 11:01 <DIR> --d----- c:\program files\Dell Computer Corporation
2009-06-26 11:01 53,248 a------- c:\windows\system32\DellSys.dll
2009-06-26 11:01 <DIR> --d----- c:\program files\Dell
2009-06-26 11:00 446,464 a----r-- c:\windows\system32\hhactivex.dll
2009-06-26 11:00 645,616 a------- c:\windows\system32\MSCOMCT2.OCX
2009-06-26 11:00 414,944 a------- c:\windows\system32\COMCT332.OCX
2009-06-26 11:00 176,128 a------- c:\windows\system32\RcdScan.dll
2009-06-26 11:00 328,480 a------- c:\windows\system32\ssa3d30.ocx
2009-06-26 11:00 171,967 a------- c:\windows\system32\Odbcjet.hlp
2009-06-26 11:00 7,348 a------- c:\windows\system32\Odbcjet.cnt
2009-06-26 11:00 89,360 a------- c:\windows\system32\VB5DB.DLL
2009-06-26 11:00 17,153 a------- c:\windows\system32\drivers\omci.sys
2009-06-26 10:58 <DIR> --d----- c:\documents and settings\Andrew
2009-06-26 10:57 <DIR> --ds---- c:\windows\system32\Microsoft
2009-06-26 10:57 8,192 a------- c:\windows\REGLOCS.OLD
2009-06-26 10:56 28,288 ac------ c:\windows\system32\dllcache\xjis.nls
2009-06-26 10:56 156,672 ac------ c:\windows\system32\dllcache\winzm.ime
2009-06-26 10:56 156,672 ac------ c:\windows\system32\dllcache\winsp.ime
2009-06-26 10:56 156,672 ac------ c:\windows\system32\dllcache\winpy.ime
2009-06-26 10:56 72,704 ac------ c:\windows\system32\dllcache\wingb.ime
2009-06-26 10:56 65,536 ac------ c:\windows\system32\dllcache\winime.ime
2009-06-26 10:54 22,016 ac------ c:\windows\system32\dllcache\logscrpt.dll
2009-06-26 10:53 195,618 ac------ c:\windows\system32\dllcache\c_10002.nls
2009-06-26 10:51 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-06-26 10:51 <DIR> --ds---- c:\windows\Downloaded Program Files
2009-06-26 10:51 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-06-26 10:51 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-06-26 10:51 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-06-26 10:51 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-06-26 10:51 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-06-26 10:51 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-06-26 10:51 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-06-26 10:51 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-06-26 10:51 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-06-26 10:50 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-06-26 10:50 <DIR> --d----- c:\program files\common files\MSSoap
2009-06-26 10:48 <DIR> --d----- c:\program files\Online Services
2009-06-26 10:48 <DIR> --d----- c:\program files\Messenger
2009-06-26 10:48 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-06-26 10:47 <DIR> --d----- c:\program files\Windows NT
2009-06-26 07:41 <DIR> --d----- c:\program files\common files\ODBC
2009-06-26 07:41 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-06-26 07:41 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-06-26 12:15 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-26 10:48 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll

============= FINISH: 22:07:16.12 ===============