Wooohoooo!Seems to be doing good, a little slow getting everything going on startup, but no viruses so I really can't complain!!! Keep up the great work. I have another family computer that is extremely slower than it should be, and that's an understatement! I'll put up another post on that one, hopefully some one can help me with it. Thank you so much again!
Uh Oh, I still keep getting these random search pages when I use the google tool bar? Well, when I do the search, it comes up, but when I go to click on the link, I get the random pages??? Hope its nothing!
Hi,
Try uninstall and then reinstall Google toolbar. If that doesn't work then do following:
Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
- When done, DDS will open two (2) logs:
- DDS.txt
- Attach.txt
- Save both reports to your desktop. Post DDS.txt contents back to your topic.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Hello again,
Here's the dds.txt, tried to uninstall and reinstall with no luck! Thanks for the continued help!!!
DDS (Ver_09-02-01.01) - NTFSx86
Run by Jared at 14:02:04.67 on Fri 02/20/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1443 [GMT -5:00]
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Jared\Desktop\dds.scr
============== Pseudo HJT Report ===============
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.comcast.net/a/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MBkLogOnHook] c:\program files\mcafee\mbk\LogOnHook.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [McAfee Backup] c:\program files\mcafee\mbk\McAfeeDataBackup.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} - hxxp://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://cnn-5.vo.llnwd.net/c1/static/cab_headless/GameTapWebUpdater.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {DA363896-0CE0-4756-91CF-9E5F69B4C693} = 68.87.71.226,68.87.73.242
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\jared\applic~1\mozilla\firefox\profiles\xpvbvtdy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/c/
FF - plugin: c:\documents and settings\jared\application data\mozilla\firefox\profiles\xpvbvtdy.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\gametap\bin\release\npgametaptool.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
============= SERVICES / DRIVERS ===============
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-8-8 201320]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-8-8 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-8-8 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-8-8 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-8-8 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-8-8 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-8-8 40488]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-8-8 33832]
S3 NPUSB;NPUSB;c:\windows\system32\drivers\npusb.sys [2007-3-8 15360]
S3 npusbio;npusbio;c:\windows\system32\drivers\npusbio.sys [2008-7-14 36384]
S3 SaiH075C;SaiH075C;c:\windows\system32\drivers\SaiH075C.sys [2007-8-6 176640]
S3 SaiH0763;SaiH0763;c:\windows\system32\drivers\SaiH0763.sys [2007-3-8 179968]
S3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [2009-1-12 7548]
S4 gupdate1c988783205663c;Google Update Service (gupdate1c988783205663c);c:\program files\google\update\GoogleUpdate.exe [2009-2-6 133104]
S4 Just Flight Limited License Service;Just Flight Limited License Service;c:\program files\common files\just flight limited shared\service\JustFlightLimitedLicSvc.exe [2008-2-24 69632]
=============== Created Last 30 ================
2009-02-20 13:58 <DIR> --d-h--- c:\windows\PIF
2009-02-19 15:39 <DIR> --d----- c:\program files\SpywareBlaster
2009-02-19 15:15 <DIR> --d----- c:\windows\system32\XPSViewer
2009-02-19 15:14 117,760 -------- c:\windows\system32\prntvpt.dll
2009-02-19 15:14 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-19 15:14 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-19 15:14 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-19 15:14 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-02-19 15:14 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-02-19 15:14 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-02-19 15:14 <DIR> --d----- C:\7d7aebd68f3275cb354150902ebe
2009-02-17 09:28 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-17 09:28 73,728 a------- c:\windows\system32\javacpl.cpl
2009-02-17 09:14 <DIR> --d----- c:\program files\Foxit Software
2009-02-17 09:14 <DIR> --d----- c:\docume~1\jared\applic~1\Foxit
2009-02-16 15:53 <DIR> a-dshr-- C:\cmdcons
2009-02-12 15:47 <DIR> --d----- c:\docume~1\jared\applic~1\Malwarebytes
2009-02-12 15:47 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-12 15:47 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-12 15:47 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-12 15:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-12 01:57 <DIR> --d----- c:\documents and settings\jared\dwhelper
2009-02-10 20:45 350 a------- c:\windows\wininit.ini
2009-02-10 20:19 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-02-10 20:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-02-10 20:08 <DIR> --d----- c:\program files\Trend Micro
2009-02-10 19:42 240,383 a------- C:\lxcfUNST.csv
2009-02-10 02:04 97,552 a------- c:\windows\system32\MSCOMM32.OCX
2009-02-10 02:04 <DIR> --d----- c:\program files\QuickLOADDEMO
2009-02-10 02:04 10,640 a------- c:\windows\ST5UNST.000
2009-02-03 05:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Ascentive
2009-02-03 05:31 36,864 a------- c:\windows\system32\ascbalon.dll
2009-02-03 05:31 45,056 a------- c:\windows\system32\CreateLog.dll
2009-02-03 05:31 20,480 a------- c:\windows\system32\SysRestore.dll
2009-02-03 05:31 <DIR> --d----- c:\program files\Ascentive
==================== Find3M ====================
2009-02-19 17:51 138,584 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-02-19 17:51 189,672 a------- c:\windows\system32\PnkBstrB.exe
2009-02-10 23:24 70,968 a------- c:\windows\system32\PnkBstrA.exe
2008-12-26 16:09 22,328 a------- c:\docume~1\jared\applic~1\PnkBstrK.sys
2008-12-26 16:09 682,280 a------- c:\windows\system32\pbsvc.exe
2008-12-20 18:15 826,368 a------- c:\windows\system32\wininet.dll
2008-12-10 19:33 200,704 a------- c:\windows\system32\dtu100.dll
2008-12-10 19:33 86,016 a------- c:\windows\system32\dpl100.dll
2008-12-08 21:28 593,920 a------- c:\windows\system32\dpuGUI11.dll
2008-12-08 21:28 344,064 a------- c:\windows\system32\dpus11.dll
2008-12-08 21:28 294,912 a------- c:\windows\system32\dpu11.dll
2008-12-08 21:28 57,344 a------- c:\windows\system32\dpv11.dll
2008-11-25 19:24 3,824,707 a------- c:\windows\HK In Action.dat
2008-11-25 19:24 466,944 a------- c:\windows\HK In Action.scr
2008-11-25 19:24 180,224 a------- c:\windows\UninstallWSST.exe
2008-11-25 19:24 28,672 a------- c:\windows\system32\ssconfig.exe
2007-08-11 21:08 47,360 a------- c:\docume~1\jared\applic~1\pcouffin.sys
2006-03-19 20:37 401 a------- c:\program files\file_id.diz
2005-02-05 08:44 122 a------- c:\program files\TCAS2v7.ini
2004-11-21 12:54 163,840 a------- c:\program files\TCAS2v7.dll
2004-04-27 03:57 360 a------- c:\program files\avsim.diz
2007-04-20 21:51 61 ---sh--- c:\windows\cnerolf.bin
2007-03-08 21:44 61 ---sh--- c:\windows\cnerolf.dat
2008-09-04 12:26 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090420080905\index.dat
============= FINISH: 14:02:57.53 ===============
Hi,
If you do search in www.google.com does it take you to wrong sites also then or just when you use searching from google toolbar? If you have google toolbar installed in ie does it behave same way there?
Creating & executing batch file
-------------------------------
Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@echo off
regedit /a c:\regkey.txt "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32"
Double-click on fixes.bat file to execute it. Post back contents of c:\regkey.txt file.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Hello,
Seemed to be doing it in all. Now that I've tried a couple different times, it seems to be doing it only in Firefox toolbar? Almost intermittent, and very confusing??? Here's a copy of that file. Thanks yet again!!!
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midimapper"="midimap.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msadpcm"="msadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.trspch"="tssoft32.acm"
"vidc.cvid"="iccvid.dll"
"vidc.I420"="msh263.drv"
"vidc.iv31"="ir32_32.dll"
"vidc.iv32"="ir32_32.dll"
"vidc.iv41"="ir41_32.ax"
"vidc.iyuv"="iyuv_32.dll"
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"vidc.uyvy"="msyuv.dll"
"vidc.yuy2"="msyuv.dll"
"vidc.yvu9"="tsbyuv.dll"
"vidc.yvyu"="msyuv.dll"
"wavemapper"="msacm32.drv"
"msacm.msg723"="msg723.acm"
"vidc.M263"="msh263.drv"
"vidc.M261"="msh261.drv"
"msacm.msaudio1"="msaud32.acm"
"msacm.sl_anet"="sl_anet.acm"
"msacm.iac2"="C:\\WINDOWS\\system32\\iac25_32.ax"
"vidc.iv50"="ir50_32.dll"
"msacm.l3acm"="C:\\WINDOWS\\system32\\l3codeca.acm"
"wave"="wdmaud.drv"
"midi"="wdmaud.drv"
"mixer"="wdmaud.drv"
"aux"="wdmaud.drv"
"wave1"="wdmaud.drv"
"midi1"="wdmaud.drv"
"mixer1"="wdmaud.drv"
"aux1"="wdmaud.drv"
"msacm.lhacm"="lhacm.acm"
"VIDC.FPS1"="frapsvid.dll"
"VIDC.MPG4"="mpg4c32.dll"
"VIDC.MP42"="mpg4c32.dll"
"vidc.DIVX"="DivX.dll"
"vidc.yv12"="DivX.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server\RDP]
"wave"="rdpsnd.dll"
"mixer"="rdpsnd.dll"
"MaxBandwidth"=dword:000056b9
"wavemapper"="msacm32.drv"
"EnableMP3Codec"=dword:00000001
"midimapper"="midimap.dll"
Hi
Registry export looks ok. Since you said it's Firefox related thing then please try complete reinstall of it. Backup your bookmarks and then follow instructions here to uninstall Firefox (remember choose "Remove my Firefox personal data and customizations" -option to remove profile related things too). After that reinstall Firefox.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Sorry for the delay, haven't had a chance to send a reply. Reinstalled Firefox and the problem seemed to go away!
I'm not sure why, but now when I start my computer, it seems to take forever to load up. It takes almost 5 min before I can get Firefox running. From the task manager, it takes about that long for my computer to stabilize. It has gotten slower through time but now it's doubled overnight? And now I seem to be having display driver problems. The screen flickers a lot and some times restarts my system? Any help?
Hi
Please post fresh DDS logs
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
DDS (Ver_09-02-01.01) - NTFSx86
Run by Jared at 11:25:39.26 on Fri 02/27/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1250 [GMT -5:00]
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Defraggler\Defraggler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\MSC\mcshell.exe
C:\Documents and Settings\Jared\Desktop\dds.scr
============== Pseudo HJT Report ===============
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.comcast.net/a/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MBkLogOnHook] c:\program files\mcafee\mbk\LogOnHook.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [McAfee Backup] c:\program files\mcafee\mbk\McAfeeDataBackup.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} - hxxp://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://cnn-5.vo.llnwd.net/c1/static/cab_headless/GameTapWebUpdater.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {DA363896-0CE0-4756-91CF-9E5F69B4C693} = 68.87.71.226,68.87.73.242
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\jared\applic~1\mozilla\firefox\profiles\l6hf4u8s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/a/
FF - plugin: c:\documents and settings\jared\application data\mozilla\firefox\profiles\l6hf4u8s.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\gametap\bin\release\npgametaptool.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
============= SERVICES / DRIVERS ===============
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-8-8 201320]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-8-8 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-8-8 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-8-8 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-8-8 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-8-8 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-8-8 40488]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-8-8 33832]
S3 NPUSB;NPUSB;c:\windows\system32\drivers\npusb.sys [2007-3-8 15360]
S3 npusbio;npusbio;c:\windows\system32\drivers\npusbio.sys [2008-7-14 36384]
S3 SaiH075C;SaiH075C;c:\windows\system32\drivers\SaiH075C.sys [2007-8-6 176640]
S3 SaiH0763;SaiH0763;c:\windows\system32\drivers\SaiH0763.sys [2007-3-8 179968]
S3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [2009-1-12 7548]
S4 gupdate1c988783205663c;Google Update Service (gupdate1c988783205663c);c:\program files\google\update\GoogleUpdate.exe [2009-2-6 133104]
S4 Just Flight Limited License Service;Just Flight Limited License Service;c:\program files\common files\just flight limited shared\service\JustFlightLimitedLicSvc.exe [2008-2-24 69632]
=============== Created Last 30 ================
2009-02-25 07:15 1,374 a------- c:\windows\imsins.BAK
2009-02-25 07:07 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-02-22 17:32 <DIR> --d----- c:\docume~1\jared\applic~1\Uniblue
2009-02-22 17:18 <DIR> --d----- c:\documents and settings\jared\Copy of Favorites
2009-02-20 13:58 <DIR> --d-h--- c:\windows\PIF
2009-02-19 15:39 <DIR> --d----- c:\program files\SpywareBlaster
2009-02-19 15:15 <DIR> --d----- c:\windows\system32\XPSViewer
2009-02-19 15:14 117,760 -------- c:\windows\system32\prntvpt.dll
2009-02-19 15:14 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-19 15:14 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-19 15:14 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-19 15:14 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-02-19 15:14 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-02-19 15:14 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-02-19 15:14 <DIR> --d----- C:\7d7aebd68f3275cb354150902ebe
2009-02-17 09:28 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-17 09:28 73,728 a------- c:\windows\system32\javacpl.cpl
2009-02-17 09:14 <DIR> --d----- c:\program files\Foxit Software
2009-02-17 09:14 <DIR> --d----- c:\docume~1\jared\applic~1\Foxit
2009-02-16 15:53 <DIR> a-dshr-- C:\cmdcons
2009-02-12 15:47 <DIR> --d----- c:\docume~1\jared\applic~1\Malwarebytes
2009-02-12 15:47 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-12 15:47 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-12 15:47 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-12 15:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-12 01:57 <DIR> --d----- c:\documents and settings\jared\dwhelper
2009-02-10 20:45 350 a------- c:\windows\wininit.ini
2009-02-10 20:19 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-02-10 20:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-02-10 20:08 <DIR> --d----- c:\program files\Trend Micro
2009-02-10 19:42 240,383 a------- C:\lxcfUNST.csv
2009-02-10 02:04 97,552 a------- c:\windows\system32\MSCOMM32.OCX
2009-02-10 02:04 <DIR> --d----- c:\program files\QuickLOADDEMO
2009-02-10 02:04 10,640 a------- c:\windows\ST5UNST.000
2009-02-03 05:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Ascentive
2009-02-03 05:31 36,864 a------- c:\windows\system32\ascbalon.dll
2009-02-03 05:31 45,056 a------- c:\windows\system32\CreateLog.dll
2009-02-03 05:31 20,480 a------- c:\windows\system32\SysRestore.dll
2009-02-03 05:31 <DIR> --d----- c:\program files\Ascentive
==================== Find3M ====================
2009-02-24 08:04 138,376 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-02-24 08:04 202,448 a------- c:\windows\system32\PnkBstrB.exe
2009-02-10 23:24 70,968 a------- c:\windows\system32\PnkBstrA.exe
2008-12-26 16:09 22,328 a------- c:\docume~1\jared\applic~1\PnkBstrK.sys
2008-12-26 16:09 682,280 a------- c:\windows\system32\pbsvc.exe
2008-12-20 18:15 826,368 a------- c:\windows\system32\wininet.dll
2008-12-10 19:33 200,704 a------- c:\windows\system32\dtu100.dll
2008-12-10 19:33 86,016 a------- c:\windows\system32\dpl100.dll
2008-12-08 21:28 593,920 a------- c:\windows\system32\dpuGUI11.dll
2008-12-08 21:28 344,064 a------- c:\windows\system32\dpus11.dll
2008-12-08 21:28 294,912 a------- c:\windows\system32\dpu11.dll
2008-12-08 21:28 57,344 a------- c:\windows\system32\dpv11.dll
2007-08-11 21:08 47,360 a------- c:\docume~1\jared\applic~1\pcouffin.sys
2006-03-19 20:37 401 a------- c:\program files\file_id.diz
2005-02-05 08:44 122 a------- c:\program files\TCAS2v7.ini
2004-11-21 12:54 163,840 a------- c:\program files\TCAS2v7.dll
2004-04-27 03:57 360 a------- c:\program files\avsim.diz
2007-04-20 21:51 61 ---sh--- c:\windows\cnerolf.bin
2007-03-08 21:44 61 ---sh--- c:\windows\cnerolf.dat
2008-09-04 12:26 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090420080905\index.dat
============= FINISH: 11:26:30.98 ===============
Posting Permissions
