Tech Support banner

Not open for further replies.
1 - 3 of 3 Posts

1 Posts
Discussion Starter #1
Foremost, Let me thank you in advance for any assistance you may provide. What you're about to read may be a mouthful however I am doing as I was instructed to do in being very specific and detailed. This is in response to
Thread: NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help |
My Issue:

As of 4th July 2009 weekend my system has been operating quirky and buggy. In my troubles I've installed Avast Anitvirus. Now around that time, one day I can recall returning to my computer and it had shutdown on its own, although my system remains on idle the majority of the week by the way. Upon turning on the computer and booted up I got a notification window stating that Windows had been updated and restarted (turned off). At that point, when attempting to open a program (by clicking on any of my icons on the desktop) the computer would quirk and reboot. After several attempts, eventually it resulted in a continuous reboot, window would repeatedly restart. If I can remember correctly, in the process I got some prompts then eventually a dreaded blue screen perhaps something about windows couldnt find or load a file, i think it had a .dll extension. Well, in conclusion, thats when I decided to perform some tech procedures, check boot sequence, BIOS, the usual troubleshooting. Threw in the Windows XP for a Install repair. After having done the XP repair option it seemed to have made progress beacause I could see windows beginning to load and Avast Antivirus doing its Pre Boot Scan (it took a long time to scan). While it scanned I could see a multitude of infections or files that displayed trojan so I opted to delete all. Finally windows was back to loading normal again. The next couple of days Avast would detect trojans as my PC continued to stabilize. Any sign of detection from Avast I choose to Delete.

To sum things up... My computer is stable now and running what appears to be normal. However now encountering this issue with my C drive not opening when I double click on it (or F, any "Harddisk" of that matter). I have to right click on it and select Explore to open the drive window. What happens upon double clicking is, I get the window prompt saying to: "Choose the program you want to use to open this file" with the list of programs (same as you would get when trying to open an unrecognized file for which you dont have a software/program for). Now, there seems to be some bugginess tied into this because when I highlight a program to choose, the check box that that gives you the option to "Always use the selected program to open this kind of file" is disabled not cannot be checked/turned on. I attempted to assign it the explorer program in which it opens (located in windows system folder "explorer.exe") but as I just stated I can't check the box.

This brings me to how I discovered your forum. Upon a google, I found the
Thread: [SOLVED] Drive C won't open |

I followed the instruction there although encountering another quirk where as I wasn't able to use the "show hidden files & folders" option which then forced me to look into that issue. Within minutes.. THANK GOD! I found a REAL knowledgeable tech who stepped in to this thread (Non TSF) and got straight to the point instead of lilly gagging and asking questions to the person who was asking the question to begin with. Pardon me I'm just venting for a second, some techs just beat around the bush and can drag a thread on for days by just asking elementary questions instead of posting solutions. (You'll see what I mean if you look at the post)
Thread [Non TSF]: "Show hidden files and folders" option in Windows (XP) has no effect |

After all of that, I deleted that "autorun.ini" file which seems to have been a common thread over the year. However, nothing changed and I still cant access my C drive normally by double clicking. That Brings me to this forum right now and posting this. As per your request the Log and attachement is as follows:


DDS (Ver_09-06-26.01) - NTFSx86
Run by jemma at 2:01:22.46 on Sun 07/26/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1482 [GMT -7:00]

AV: avast! antivirus 4.8.1335 [VPS 090725-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\jemma\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://
uSearch Page = hxxp://*
uSearch Bar = hxxp://*
uSearchMigratedDefaultURL = hxxp://{searchTerms}&sourceid=ie7&
mSearch Bar = hxxp://*
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride =;*.local
uSearchURL,(Default) = hxxp://*
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: tylelltyOBJ Class: {d6b84b03-ea6a-48ef-abb9-73bfda19c6ca} - c:\windows\system32\typellty.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} -
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Aim6]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [cdloader] "c:\documents and settings\jemma\application data\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
dRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.908.5008\GoogleToolbarNotifier.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
Trusted Zone:\www
Trusted Zone:\online
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\
DPF: Web-Based Email Tools - hxxp://
DPF: {0000000A-0000-0010-8000-00AA00389B71} - hxxp://
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://
DPF: {42C9E5EE-DA49-49B4-8ECC-1CAB1C51A2AB} - hxxp://
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://
DPF: {55027008-315F-4F45-BBC3-8BE119764741} - hxxp://
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jemma\applic~1\mozilla\firefox\profiles\0gqgracj.default\
FF - prefs.js: - hxxp://
FF - prefs.js: - Google
FF - prefs.js: browser.startup.homepage - hxxp://
FF - prefs.js: keyword.URL - hxxp://
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-7-5 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-7-5 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-7-5 138680]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-6-5 24652]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-7-5 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-7-5 352920]
S3 AVPsys;AVPsys;c:\windows\system32\drivers\cdaudio.sys [2001-8-17 18688]
S3 Moomlmaccua;Moomlmaccua; [x]
S3 phil2vid;Philips USB VGA Camera;c:\windows\system32\drivers\philcam2.sys [2007-12-6 173696]
S3 SeratoUsb;SeratoUsb driver;c:\windows\system32\drivers\SeratoUsb.sys [2008-6-29 35712]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-5-21 1174152]

=============== Created Last 30 ================

2009-07-26 01:54 <DIR> -cd-h--- c:\windows\PIF
2009-07-21 09:47 <DIR> -cd----- c:\program files\iTunes
2009-07-04 14:56 <DIR> -cd----- c:\windows\system32\wbem\Repository
2009-06-29 18:08 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-29 18:00 2,060,288 ac------ c:\windows\system32\usbaaplrc.dll

==================== Find3M ====================

2009-06-16 07:36 119,808 ac------ c:\windows\system32\t2embed.dll
2009-06-16 07:36 81,920 ac------ c:\windows\system32\fontsub.dll
2009-06-05 11:42 39,424 ac------ c:\windows\system32\drivers\usbaapl.sys
2009-06-03 12:09 1,291,264 ac------ c:\windows\system32\quartz.dll
2009-05-12 22:15 915,456 ac------ c:\windows\system32\wininet.dll
2009-05-07 08:32 345,600 ac------ c:\windows\system32\localspl.dll
2009-01-18 14:43 22,744,224 ac------ c:\program files\FTBDL.exe
2008-12-15 18:49 487,600 ac------ c:\program files\GoogleVoiceAndVideoSetup.exe
2008-11-20 12:12 7,508,624 ac------ c:\program files\Firefox Setup 3.0.4.exe
2007-02-25 15:52 24,192 ac------ c:\documents and settings\jemma\usbsermptxp.sys
2007-02-25 15:52 22,768 ac------ c:\documents and settings\jemma\usbsermpt.sys
2008-11-03 16:27 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008110320081104\index.dat

============= FINISH: 2:02:57.88 ===============

Attachment: (contains Attach.txt and ARK.txt)

Thanks again For all the info, I hope that this lands into the review of someone proficient.


559 Posts
Hello and welcome to TSF.

I Apologize for the late response.

If you still require assistance, we would like to see the latest state of your system. So, please post a fresh DDS log and a new GMER log as described in this topic. In your reply, I would also like to know any symptoms you may still have and how your computer is running at the moment.


Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don’t hear from you in three-five days this thread will be closed.

With Regards,

559 Posts
1 - 3 of 3 Posts
Not open for further replies.