View Full Version : HelpAssistant folder
Hello,
I have an unknown HelpAssistant folder on my C:\Documents and Settings.
Malwarebytes, SuperAntiSpyware and AVG removed some things. Spybot did not find anything.
I've unchecked the HelpAssistant in the Computer management tool and deleted the HelpAssistant folder: after restarting it reappears.
I've tried to run Safe Mode (for the spyware tools) but then a blue screen appears, normal start-up is no problem.
My laptop is running quite slow, seems that there is always some process running in the background.
System: Microsoft Windows XP professional edition v2002 SP3.
Thank you for your help.
Hi,
Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.
Thank you for your support and sorry for my late reply.
Before your post, I've found via google how to solve this problem with fix mbr.
I did this and now everything seems fine.
I would appreciate it if you could do a quick check though (if there are maybe any hidden things left).
Thanks,
Mark
Ok, if you want me to check then please post those requested logs :)
I've tried to run GMER twice but the first time I ended up with a blue screen and the second time my pc froze.
I will try again.
Below and attached the logs from DDS:
DDS (Ver_09-12-01.01) - NTFSx86
Run by makke at 11:40:16,09 on wo 03-02-2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1033.18.1022.587 [GMT 1:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\AVG\avgchsvx.exe
svchost.exe
C:\Program Files\AVG\avgrsx.exe
svchost.exe
C:\Program Files\AVG\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\avgtray.exe
C:\Program Files\Labtec\Mouse\V3.0\MOUSE32A.EXE
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\PayPal Payment Request Wizard\Outlook Wizard\OEHook.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
C:\Program Files\AVG\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Telecom Italia\WanMiniport1st\srvany.exe
C:\Program Files\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\AVG\avgemc.exe
C:\Program Files\AVG\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\pip\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 193.191.148.227:3127
uInternet Settings,ProxyOverride = 127.0.0.1;192.168.1.1;*.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" -"http://wbs.paginegialle.it/vservice/visual_shock.html?prjQuery=F1152A5E5CA495857926286B9B3E6AD7&initDataset=italia&initCoordX=467166.4627390145&initCoordY=5068834.556504496&sWidth=1240&sHeight=500"
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Document Manager] c:\program files\wave systems corp\services manager\docmgr\bin\docmgr.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [DeviceDiscovery] c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [Synchronization Manager] mobsync.exe /logon
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [FLMOFFICE4DMOUSE] c:\program files\labtec\mouse\v3.0\moffice.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AVG9_TRAY] c:\progra~1\avg\avgtray.exe
mRun: [AliceRE_McciTrayApp] c:\progra~1\alicet~1\vendors\alicere\content\template\driven~1\syncer\MCCITR~1.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\embass~1.lnk - c:\program files\wave systems corp\services manager\secure update\AutoUpdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\outloo~1.lnk - c:\program files\paypal payment request wizard\outlook wizard\OEHook.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} - hxxp://www.streamplug.com/StreamPlug/beta/SP.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/32.72/uploader2.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://verkopen.marktplaats.nl/js/widgets/imageUploader/aurigma/5_7_24_0/ImageUploader5.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229433515703
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229433502453
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://belgacom.extrafilm.be/ImageUploader4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: wxvault.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora pro\EuShlExt.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 wvauth
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\pip\applic~1\mozilla\firefox\profiles\o12307pq.default\
FF - prefs.js: browser.startup.homepage - hxxp://stat.northitaly.eu/
FF - component: c:\documents and settings\pip\application data\mozilla\firefox\profiles\o12307pq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1808.5272\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-30 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2006-12-18 28424]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-30 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\supportappxl\cdrom_mon.exe [2009-12-3 81920]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avgemc.exe [2009-11-12 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avgwdsvc.exe [2009-11-12 285392]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\program files\telecom italia\wanminiport1st\srvany.exe [2010-1-4 8192]
R2 PPPoEService;PPPoE Service;c:\progra~1\alice\alicee~1\app\pppoeservice.exe [2009-12-17 49152]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2005-11-27 31896]
R3 NTSPPPOE;Efficient Networks Enternet P.P.P.o.E LAN Miniport Driver;c:\windows\system32\drivers\ntspppoe.sys [2009-12-16 161640]
S2 gupdate1c985e6b2870e1c;Google Update Service (gupdate1c985e6b2870e1c);c:\program files\google\update\GoogleUpdate.exe [2009-2-3 133104]
S2 ONDA Autorun CDROM Monitor;ONDA Autorun CDROM Monitor;c:\windows\system32\supportappxl\onda_mon.exe --> c:\windows\system32\supportappxl\onda_mon.exe [?]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 {1098D678-AB61-4746-8F8FCF470F2CB976};{1098D678-AB61-4746-8F8FCF470F2CB976};c:\windows\system32\svchost.exe -k netsvcs [2004-8-11 14336]
S3 BulkUsb;VoIPUSBDriver.sys;c:\windows\system32\drivers\VoIPUSBDriver.sys [2005-9-16 149504]
S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\ONDAusbmdm6k.sys [2009-12-3 104960]
S3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\drivers\ONDAusbnet.sys [2009-12-3 110080]
S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\drivers\ONDAusbnmea.sys [2009-12-3 104960]
S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\ONDAusbser6k.sys [2009-12-3 104960]
S3 OxUSBTIMOUT;OxUSBTIMOUT;c:\windows\system32\drivers\OxUSBTIMOUT.sys [2007-6-7 34152]
S3 RAWESR;RAWESR;c:\progra~1\alice\alicee~1\app\RAWESR.SYS [2009-12-17 12924]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]
S3 SNPP106;PC Camera (6029 CIF);c:\windows\system32\drivers\snpp106.sys [2006-12-27 243328]
S3 TAPBIND;TAPBIND;c:\progra~1\alice\alicee~1\app\TAPBIND1.SYS [2009-12-17 44544]
=============== Created Last 30 ================
2010-01-24 10:22:40 0 d-----w- c:\docume~1\pip\applic~1\Zanichelli
2010-01-24 10:22:24 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-01-24 10:15:07 0 d-----w- c:\docume~1\alluse~1\applic~1\Zanichelli
2010-01-22 13:08:28 0 d-----w- c:\program files\OpenXML-ODF Translator
2010-01-21 08:27:29 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-01-21 08:27:17 0 d-----w- c:\program files\SUPERAntiSpyware
2010-01-21 08:27:17 0 d-----w- c:\docume~1\pip\applic~1\SUPERAntiSpyware.com
2010-01-21 08:26:51 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-01-11 15:32:43 512 ----a-w- C:\drmHeader.bin
2010-01-08 19:09:18 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2010-01-08 19:09:15 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-01-07 13:42:01 350720 ----a-w- C:\hjsplit.exe
2010-01-04 22:27:36 0 d-----w- c:\program files\iPod
2010-01-04 22:27:19 0 d-----w- c:\program files\iTunes
2010-01-04 22:27:19 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-04 20:20:10 0 d-----w- c:\windows\Motive
2010-01-04 20:19:50 0 d-----w- c:\program files\common files\Motive
2010-01-04 20:17:57 0 d-----w- c:\program files\Telecom Italia
==================== Find3M ====================
2010-02-01 22:52:21 76324 ----a-w- c:\windows\system32\nvModes.dat
2010-01-07 15:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-11-21 15:51:04 471552 ----a-w- c:\windows\system32\dllcache\aclayers.dll
2009-11-12 10:46:30 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2008-07-31 15:48:14 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008073120080801\index.dat
============= FINISH: 11:40:45,42 ===============
Hi,
Please see if you're able to run GMER by deselecting sections, devices and files before clicking scan.
Are you familiar with this proxy server:
uInternet Settings,ProxyServer = 193.191.148.227:3127
I think the proxy server you're mentioning is a remainder of the µtorrent program (which has been uninstalled).
GMER seems quite a nasty program as it keeps freezing up my pc.
I did manage to save the log:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-04 09:40:34
Windows 5.1.2600 Service Pack 3
Running: 6jh25cic.exe; Driver: C:\DOCUME~1\pip\LOCALS~1\Temp\pxtdypob.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\NOTEPAD.EXE[1828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A12E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\NOTEPAD.EXE[1828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A12C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\NOTEPAD.EXE[1828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A12C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\NOTEPAD.EXE[1828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A12C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00E32E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00E32C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00E32C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00E32C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[3636] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B72E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[3636] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B72C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[3636] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B72C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[3636] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B72C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\pip\Desktop\6jh25cic.exe[5808] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [004E2E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\pip\Desktop\6jh25cic.exe[5808] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [004E2C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\pip\Desktop\6jh25cic.exe[5808] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [004E2C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\pip\Desktop\6jh25cic.exe[5808] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [004E2C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
---- EOF - GMER 1.0.15 ----
Thank you very much,
Mark
Ok. Let's clear the proxy setting. In Internet Explorer do this:
1. Click tools->internet options
2. In Internet options window go to connections tab and click lan settings button.
3. Clear address and port fields in proxy server section. Uncheck also "Use a proxy server for your LAN" checkbox.
4. Click ok twice to close both windows.
Are you using Adobe Acrobat Professional for other duties than to convert documents to pdf files?
Uninstall your current Adobe shockwave player and get the fresh one here (http://get.adobe.com/shockwave/) if needed.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6 Update 18 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u18-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.
Download ATF (Atribune Temp File) Cleanerİ by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report & a fresh dds.txt log. How's the system running?
I'm basically using Adobe Acrobat Professional only to convert documents to pdf files.
My system is running fine, only the start-up is a bit slow lately.
Requested logs below:
KAS:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, February 7, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, February 06, 2010 21:07:01
Records in database: 3442232
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Objects scanned: 216062
Threats found: 5
Infected objects found: 6
Suspicious objects found: 24
Scan duration: 05:36:01
File name / Threat / Threats count
C:\Documents and Settings\pip\Application Data\Sun\Java\Deployment\cache\6.0\26\650996da-14a1f344 Infected: Trojan-Downloader.Java.Agent.ab 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.60 1
C:\Program Files\Qualcomm\Eudora Pro\In.mbx Suspicious: Exploit.HTML.Iframe.FileDownload 11
C:\Program Files\Qualcomm\Eudora Pro\In.mbx Infected: Email-Worm.Win32.Mydoom.a 2
C:\Program Files\Qualcomm\Eudora Pro\In.mbx Suspicious: Password-protected-EXE 1
C:\Program Files\Qualcomm\Eudora Pro\In.mbx.001 Suspicious: Exploit.HTML.Iframe.FileDownload 3
C:\Program Files\Qualcomm\Eudora Pro\In.mbx.002 Suspicious: Exploit.HTML.Iframe.FileDownload 8
C:\Program Files\Qualcomm\Eudora Pro\In.mbx.002 Infected: Email-Worm.Win32.Mydoom.a 2
C:\Program Files\Qualcomm\Eudora Pro\In.mbx.002 Suspicious: Password-protected-EXE 1
Selected area has been scanned.
DDS:
DDS (Ver_09-12-01.01) - NTFSx86
Run by makke at 9:10:36,93 on zo 07/02/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.32.1033.18.1022.654 [GMT 1:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\AVG\avgchsvx.exe
C:\Program Files\AVG\avgrsx.exe
C:\Program Files\AVG\avgcsrvx.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
C:\Program Files\AVG\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Telecom Italia\WanMiniport1st\srvany.exe
C:\Program Files\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\AVG\avgemc.exe
C:\Program Files\AVG\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
C:\PROGRA~1\AVG\avgtray.exe
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Labtec\Mouse\V3.0\MOUSE32A.EXE
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\PayPal Payment Request Wizard\Outlook Wizard\OEHook.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\pip\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" -"http://wbs.paginegialle.it/vservice/visual_shock.html?prjQuery=F1152A5E5CA495857926286B9B3E6AD7&initDataset=italia&initCoordX=467166.4627390145&initCoordY=5068834.556504496&sWidth=1240&sHeight=500"
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Document Manager] c:\program files\wave systems corp\services manager\docmgr\bin\docmgr.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [DeviceDiscovery] c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [Synchronization Manager] mobsync.exe /logon
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [FLMOFFICE4DMOUSE] c:\program files\labtec\mouse\v3.0\moffice.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AVG9_TRAY] c:\progra~1\avg\avgtray.exe
mRun: [AliceRE_McciTrayApp] c:\progra~1\alicet~1\vendors\alicere\content\template\driven~1\syncer\MCCITR~1.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\embass~1.lnk - c:\program files\wave systems corp\services manager\secure update\AutoUpdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\outloo~1.lnk - c:\program files\paypal payment request wizard\outlook wizard\OEHook.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} - hxxp://www.streamplug.com/StreamPlug/beta/SP.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/32.72/uploader2.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://verkopen.marktplaats.nl/js/widgets/imageUploader/aurigma/5_7_24_0/ImageUploader5.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229433515703
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229433502453
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://belgacom.extrafilm.be/ImageUploader4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: wxvault.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora pro\EuShlExt.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 wvauth
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\pip\applic~1\mozilla\firefox\profiles\o12307pq.default\
FF - prefs.js: browser.startup.homepage - hxxp://stat.northitaly.eu/
FF - component: c:\documents and settings\pip\application data\mozilla\firefox\profiles\o12307pq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-30 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2006-12-18 28424]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-30 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\supportappxl\cdrom_mon.exe [2009-12-3 81920]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avgemc.exe [2009-11-12 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avgwdsvc.exe [2009-11-12 285392]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\program files\telecom italia\wanminiport1st\srvany.exe [2010-1-4 8192]
R2 PPPoEService;PPPoE Service;c:\progra~1\alice\alicee~1\app\pppoeservice.exe [2009-12-17 49152]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2005-11-27 31896]
R3 NTSPPPOE;Efficient Networks Enternet P.P.P.o.E LAN Miniport Driver;c:\windows\system32\drivers\ntspppoe.sys [2009-12-16 161640]
S2 gupdate1c985e6b2870e1c;Google Update Service (gupdate1c985e6b2870e1c);c:\program files\google\update\GoogleUpdate.exe [2009-2-3 133104]
S2 ONDA Autorun CDROM Monitor;ONDA Autorun CDROM Monitor;c:\windows\system32\supportappxl\onda_mon.exe --> c:\windows\system32\supportappxl\onda_mon.exe [?]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 {1098D678-AB61-4746-8F8FCF470F2CB976};{1098D678-AB61-4746-8F8FCF470F2CB976};c:\windows\system32\svchost.exe -k netsvcs [2004-8-11 14336]
S3 BulkUsb;VoIPUSBDriver.sys;c:\windows\system32\drivers\VoIPUSBDriver.sys [2005-9-16 149504]
S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\ONDAusbmdm6k.sys [2009-12-3 104960]
S3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\drivers\ONDAusbnet.sys [2009-12-3 110080]
S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\drivers\ONDAusbnmea.sys [2009-12-3 104960]
S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\ONDAusbser6k.sys [2009-12-3 104960]
S3 OxUSBTIMOUT;OxUSBTIMOUT;c:\windows\system32\drivers\OxUSBTIMOUT.sys [2007-6-7 34152]
S3 RAWESR;RAWESR;c:\progra~1\alice\alicee~1\app\RAWESR.SYS [2009-12-17 12924]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]
S3 SNPP106;PC Camera (6029 CIF);c:\windows\system32\drivers\snpp106.sys [2006-12-27 243328]
S3 TAPBIND;TAPBIND;c:\progra~1\alice\alicee~1\app\TAPBIND1.SYS [2009-12-17 44544]
=============== Created Last 30 ================
2010-02-05 11:12:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-01-24 10:22:40 0 d-----w- c:\docume~1\pip\applic~1\Zanichelli
2010-01-24 10:22:24 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-01-24 10:15:07 0 d-----w- c:\docume~1\alluse~1\applic~1\Zanichelli
2010-01-22 13:08:28 0 d-----w- c:\program files\OpenXML-ODF Translator
2010-01-21 08:27:29 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-01-21 08:27:17 0 d-----w- c:\program files\SUPERAntiSpyware
2010-01-21 08:27:17 0 d-----w- c:\docume~1\pip\applic~1\SUPERAntiSpyware.com
2010-01-21 08:26:51 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-01-11 15:32:43 512 ----a-w- C:\drmHeader.bin
2010-01-08 19:09:18 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2010-01-08 19:09:15 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
==================== Find3M ====================
2010-02-06 18:10:26 76324 ----a-w- c:\windows\system32\nvModes.dat
2010-02-05 11:12:05 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-07 15:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-11-21 15:51:04 471552 ----a-w- c:\windows\system32\dllcache\aclayers.dll
2009-11-12 10:46:30 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2008-07-31 15:48:14 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008073120080801\index.dat
============= FINISH: 9:11:51,03 ===============
Hi,
I'm basically using Adobe Acrobat Professional only to convert documents to pdf files.
Your Adobe Acrobat version is not supported anymore. Either upgrade to the latest one or replace old one with a free alternative here (http://pdfwriters.org/).
Delete C:\Documents and Settings\pip\Application Data\Sun\Java\Deployment\cache\6.0\26\650996da-14a1f344 file if found.
Check email messages in these mail boxes and delete suspicious looking messages if found any:
C:\Program Files\Qualcomm\Eudora Pro\In.mbx
C:\Program Files\Qualcomm\Eudora Pro\In.mbx.001
C:\Program Files\Qualcomm\Eudora Pro\In.mbx.002
My system is running fine, only the start-up is a bit slow lately.
Have you defragged the hard drive recently?
Blade,
Thank you very much for your help.
I've deleted the java file and installed cutepdf.
I will still do a defrag.
Thank you again,
Mark
You're welcome :)
Let me know how it goes.
Due to inactivity, this thread will now be closed.
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.