ceberus

My computer and internet access suddenly slowed down heavily for no reason at all, and when I ran Avira Antivir, it found TR/Crypt.XPACK.Gen. It removed it, but when I checked the event log, it didn't really, just moved it somewhere else. I ran the scan again, this time it found no virus. But my internet and pc is still slow like before. This all just happened suddenly. I hope you guys can provide a solution, I've followed the instructions in the sticky, and here's the log files.


DDS (Ver_09-05-14.01) - NTFSx86
Run by USER at 18:52:34.32 on Tue 06/16/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2660 [GMT 6:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Softwares\Avira\Avira\AntiVir Desktop\sched.exe
svchost.exe
D:\Softwares\Avira\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Softwares\Avira\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Softwares\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Softwares\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Documents and Settings\USER\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [AdobeBridge]
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [Start WingMan Profiler]
uRun: [SUPERAntiSpyware] d:\softwares\superantispyware\SUPERAntiSpyware.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avgnt] "d:\softwares\avira\avira\antivir desktop\avgnt.exe" /min
mRun: [NBKeyScan] "d:\softwares\nero 8\nero backitup\NBKeyScan.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pinnac~1.lnk - d:\softwares\pinnacle\shared files\programs\scheduler\PCLEScheduler.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229186569250
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: {48E29FD6-FCB7-4371-BABE-219EAE9687F2} = 208.67.222.222,208.67.220.220
TCP: {C3830C28-9155-4B9A-994E-33082A48277D} = 203.189.231.93,122.102.32.226
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - d:\softwares\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\softwares\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\i41xjb3a.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\i41xjb3a.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\i41xjb3a.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - plugin: c:\program files\google\google updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;d:\softwares\avira\avira\antivir desktop\avgio.sys [2009-4-29 11608]
R1 SASDIFSV;SASDIFSV;d:\softwares\superantispyware\SASDIFSV.SYS [2008-9-3 9968]
R1 SASKUTIL;SASKUTIL;d:\softwares\superantispyware\SASKUTIL.SYS [2008-9-3 55024]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\softwares\avira\avira\antivir desktop\sched.exe [2009-4-29 108289]
R2 AntiVirService;Avira AntiVir Guard;d:\softwares\avira\avira\antivir desktop\avguard.exe [2009-4-29 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-29 55640]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2008-9-27 36864]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2008-11-22 6400]
R3 SASENUM;SASENUM;d:\softwares\superantispyware\SASENUM.SYS [2008-9-3 7408]
S2 gupdate1c98d162ea4e448;Google Update Service (gupdate1c98d162ea4e448);c:\program files\google\update\GoogleUpdate.exe [2009-2-12 133104]
S3 serport;%USBFilterString%;c:\windows\system32\drivers\ser2pl.sys --> c:\windows\system32\drivers\ser2pl.sys [?]
S3 slabbusedge;MobiData EDGE USB Modem Composite Device driver (WDM) .;c:\windows\system32\drivers\slabbus.sys --> c:\windows\system32\drivers\slabbus.sys [?]
S3 slabseredge;MobiData EDGE USB Modem Controller Drivers .;c:\windows\system32\drivers\slabser.sys --> c:\windows\system32\drivers\slabser.sys [?]

=============== Created Last 30 ================

2009-06-16 03:00 <DIR> -cd----- c:\program files\Trend Micro
2009-06-16 02:50 578,560 a------- c:\windows\system32\dllcache\user32.dll
2009-06-16 02:49 <DIR> --d----- c:\windows\ERUNT
2009-06-15 17:35 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-06-15 13:07 <DIR> -cd----- c:\program files\common files\Macrovision Shared
2009-06-15 12:51 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-06-15 12:47 <DIR> -cd----- c:\docume~1\user\applic~1\DAEMON Tools Lite
2009-06-11 18:41 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 18:41 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-06-05 13:49 <DIR> -cd----- c:\program files\Microsoft Games for Windows - LIVE
2009-06-05 13:49 <DIR> --d----- c:\windows\system32\xlive

==================== Find3M ====================

2009-06-15 12:47 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-13 11:15 5,936,128 a------- c:\windows\system32\dllcache\mshtml.dll
2009-05-13 11:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-13 11:15 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-05-10 23:06 271,360 a------- c:\windows\system32\drivers\atksgt.sys
2009-05-10 23:06 18,048 a------- c:\windows\system32\drivers\lirsgt.sys
2009-05-07 21:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 21:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-05-01 12:32 2,102 a------- c:\windows\system32\ealregsnapshot1.reg
2009-05-01 03:22 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-05-01 03:22 11,064,832 a------- c:\windows\system32\dllcache\ieframe.dll
2009-05-01 03:22 1,207,808 a------- c:\windows\system32\dllcache\urlmon.dll
2009-05-01 03:22 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-05-01 03:22 385,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-04-30 17:21 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-29 12:01 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-04-22 00:20 14,311,680 a------- c:\windows\system32\xlive.dll
2009-04-22 00:20 13,642,496 a------- c:\windows\system32\xlivefnt.dll
2009-04-17 18:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 18:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 20:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 20:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2009-04-06 20:54 361,600 a------- c:\windows\system32\dllcache\tcpip.sys
2009-03-21 20:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2008-10-27 12:58 22,328 ac------ c:\docume~1\user\applic~1\PnkBstrK.sys
2006-06-23 12:48 32,768 a----r-- c:\windows\inf\UpdateUSB.exe
2008-12-22 21:19 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008122220081223\index.dat

============= FINISH: 18:52:42.85 ===============

Attached Files

Attach.zip (5.4 KB, 0 views)

ceberus

Bump! Anyone want to help me out here? :(