|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Virus/Trojan/Spyware Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
LinkBack | Thread Tools |
08-12-2009, 10:22 PM
|
#1 (permalink) |
|
Registered User
Join Date: Aug 2009
Posts: 2
OS: xp
|
Virus/Malware Check
My computer is running incredibly slower and now takes extra long opening ie. That is the biggest thing as it usually hangs up as it tries to open programs up. Any help is greatly appreciated. Here is the dss log:
DDS (Ver_09-07-30.01) - NTFSx86 Run by Administrator at 23:24:34.18 on Wed 08/12/2009 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.105 [GMT -4:00] AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Administrator\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\norton antivirus\engine\16.5.0.134\IPSBHO.DLL BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0983.0\msneshellx.dll TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0983.0\msneshellx.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup uRun: [DVDXGhost] mRun: [VTTimer] VTTimer.exe mRun: [VTTrayp] VTtrayp.exe mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [SoundMan] SOUNDMAN.EXE mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t uPolicies-explorer: HideClock = 0 (0x0) dPolicies-explorer: HideClock = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177182227983 DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://myspace.oberon-media.com/gameshell/games/channel--110343720/lc--en/room--2f92828c-c662-48b7-8322-d9dbd4608be2/online/diner_dash/en/DinerDash.1.0.0.80.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: PFW - UmxWnp.Dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ============= SERVICES / DRIVERS =============== R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-10-21 107000] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1005000.086\SymEFA.sys [2009-3-3 310320] R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-4-21 11264] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1005000.086\BHDrvx86.sys [2009-3-3 258608] R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2007-4-21 13696] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1005000.086\cchpx86.sys [2009-3-3 482352] R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090810.001\IDSXpx86.sys [2009-8-12 276344] R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-8-6 72184] R2 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\norton antivirus\engine\16.5.0.134\ccSvcHst.exe [2009-3-3 115560] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-6-3 92008] R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-5-25 101936] R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-10-21 203768] R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090812.033\NAVENG.SYS [2009-8-12 87888] R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090812.033\NAVEX15.SYS [2009-8-12 875728] S2 ccSchedulerSVC;CA Common Scheduler Service; [x] S2 UmxAgent;HIPS Event Manager; [x] S2 UmxCfg;HIPS Configuration Interpreter; [x] S2 UmxPol;HIPS Policy Manager; [x] =============== Created Last 30 ================ 2009-08-12 18:53 98 a------- C:\index.ini 2009-08-12 18:51 <DIR> --d----- c:\program files\a-squared HiJackFree 2009-08-10 21:15 <DIR> --d----- c:\program files\Spyware Doctor 2009-08-10 21:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SecTaskMan 2009-08-03 22:11 <DIR> --d----- c:\program files\TomTom International B.V 2009-07-17 15:01 58,880 -------- c:\windows\system32\dllcache\atl.dll 2009-07-15 22:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IObit ==================== Find3M ==================== 2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-08-05 05:01 204,800 a------- c:\windows\system32\dllcache\mswebdvd.dll 2009-07-19 09:33 3,597,824 a------- c:\windows\system32\dllcache\mshtml.dll 2009-07-19 09:32 6,067,200 -------- c:\windows\system32\dllcache\ieframe.dll 2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll 2009-07-13 23:43 10,841,088 a------- c:\windows\system32\dllcache\wmp.dll 2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll 2009-07-13 23:43 286,208 a------- c:\windows\system32\dllcache\wmpdxm.dll 2009-07-10 09:27 1,315,328 a------- c:\windows\system32\dllcache\msoe.dll 2009-06-29 07:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe 2009-06-29 07:07 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe 2009-06-29 04:35 634,632 a------- c:\windows\system32\dllcache\iexplore.exe 2009-06-29 04:33 2,452,872 -------- c:\windows\system32\dllcache\ieapfltr.dat 2009-06-29 04:33 161,792 a------- c:\windows\system32\dllcache\ieakui.dll 2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll 2009-06-16 10:36 119,808 a------- c:\windows\system32\dllcache\t2embed.dll 2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll 2009-06-16 10:36 81,920 a------- c:\windows\system32\dllcache\fontsub.dll 2009-06-12 08:31 80,896 a------- c:\windows\system32\tlntsess.exe 2009-06-12 08:31 80,896 a------- c:\windows\system32\dllcache\tlntsess.exe 2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe 2009-06-12 08:31 76,288 a------- c:\windows\system32\dllcache\telnet.exe 2009-06-10 10:13 84,992 a------- c:\windows\system32\dllcache\avifil32.dll 2009-06-10 10:13 84,992 a------- c:\windows\system32\avifil32.dll 2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll 2009-06-10 09:19 2,066,432 a------- c:\windows\system32\dllcache\mstscax.dll 2009-06-10 02:14 132,096 a------- c:\windows\system32\wkssvc.dll 2009-06-10 02:14 132,096 -------- c:\windows\system32\dllcache\wkssvc.dll 2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll 2009-06-03 15:09 1,291,264 a------- c:\windows\system32\dllcache\quartz.dll 2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll 2009-03-22 19:36 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT 2007-11-27 01:33 15,854,536 a------- c:\program files\960-enu-xp.exe 2009-02-14 23:40 0 a--sh--- c:\windows\system32\sys_drv.dat 2008-08-18 17:52 16,384 a--sh--- c:\windows\system32\config\systemprofile\cookies\index.dat 2008-08-18 17:52 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat 2008-08-18 17:51 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081820080819\index.dat 2008-08-18 17:52 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat ============= FINISH: 23:25:19.57 =============== |
|
     
|
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
08-14-2009, 02:25 PM
|
#2 (permalink) |
|
Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic
|
Re: Virus/Malware Check
Hi and welcome to TSF.
My name is Iain and I will be helping you clean your system. You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply. Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below. Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean. If there is anything you don't understand, please ask BEFORE proceeding with the fixes. Please ensure that you follow the instructions in the order I have them listed. Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Combofix We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/comb...o-use-combofix Please read all the information carefully! You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They may otherwise interfere with our tools and interrupt the cleansing process. Please include the log C:\ComboFix.txt in your next reply for further review.
__________________
Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums.   PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner |
|
|
|
|
| Thread Tools | |
|
|
