Results 1 to 2 of 2

Thread: JS-pdfka-sd (expl) Machine freezing after a few minutes browsing

  1. #1
    Junior Member
    Join Date
    Dec 2009
    Posts
    1

    Smile JS-pdfka-sd (expl) Machine freezing after a few minutes browsing

    Hi there,I'm new to the forum so please be gentle

    My machine is suddenly freezing, then makinga constant beep noise, thus making me turn the whole thing off.
    It started whn my avast spotted the file as follows
    c:/documentandsettings/helpassistant.mikey./localsettings/tempnps15.tmpcontains sample of 'js:pdfka-SD(expl)

    Avast asked me to move to chest or delete, moving had no effect.
    it still came up with teh alert malware found and trojan found.
    After looking up some posts beforehand i did the following


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-12-01.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 30/04/2009 09:26:12
    System Uptime: 12/10/2009 13:02:15 (1416 hours ago)

    Motherboard: ECS | | P4M900T-M
    Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz | CPU 1 | 2393/266mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 100 GiB total, 60.108 GiB free.
    D: is CDROM ()
    F: is FIXED (NTFS) - 366 GiB total, 17.84 GiB free.

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1: 05/12/2009 00:11:12 - System Checkpoint
    RP2: 06/12/2009 00:49:22 - System Checkpoint
    RP3: 07/12/2009 12:37:10 - System Checkpoint
    RP4: 08/12/2009 13:27:53 - System Checkpoint
    RP5: 08/12/2009 22:04:52 - Restore Operation
    RP6: 10/12/2009 12:53:30 - Removed IMosaic

    ==== Installed Programs ======================

    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.2
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    avast! Antivirus
    AviSynth 2.5
    BitTorrent
    Bonjour
    BookSmartŪ 2.0.2 2.0.2
    DNA
    EasyRecovery DataRecovery
    Google Chrome
    Google Earth
    Google Update Helper
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    HP USB Disk Storage Format Tool
    IrfanView (remove only)
    iTunes
    Java(TM) 6 Update 15
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Mosaic Creator 3.1
    Mozilla Firefox (3.0.13)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NVIDIA Drivers
    NVIDIA PhysX
    ParetoLogic Data Recovery
    Platform
    QuickTime
    RealPlayer
    Realtek High Definition Audio Driver
    SAMSUNG Mobile Composite Device Software
    SAMSUNG Mobile Modem Driver Set
    Samsung Mobile phone USB driver Software
    SAMSUNG Mobile USB Modem 1.0 Software
    SAMSUNG Mobile USB Modem Software
    Samsung New PC Studio
    Samsung New PC Studio USB Driver Installer
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB968220)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VIA Platform Device Manager
    VIA Rhine-Family Fast-Ethernet Adapter
    Videora Xbox 360 Converter 4.07
    VLC media player 0.9.9
    WebFldrs XP
    Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
    Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows XP Service Pack 3
    WinRAR archiver
    Xvid 1.2.1 final uninstall
    Ycopy 1.0d
    YouTube Downloader App 1.02

    ==== Event Viewer Messages From Past Week ========

    09/12/2009 22:47:31, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
    09/12/2009 22:47:01, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the wscsvc service.
    09/12/2009 22:46:01, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.
    09/12/2009 22:45:31, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.
    09/12/2009 19:34:11, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 88d2c320, parameter3 88d2c738, parameter4 1a830002.
    09/12/2009 19:04:57, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 88d09000, parameter3 88d09418, parameter4 1a830000.
    09/12/2009 19:04:54, error: System Error [1003] - Error code 0000004e, parameter1 00000099, parameter2 00009c4f, parameter3 00000000, parameter4 00000000.

    ==== End Of File ===========================


    DDS (Ver_09-12-01.01) - NTFSx86
    Run by Mike Richards at 13:04:06.34 on 10/12/2009
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1514 [GMT 0:00]

    AV: avast! antivirus 4.8.1368 [VPS 091210-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\FsUsbExService.Exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    C:\Documents and Settings\Mike Richards\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\Mike Richards\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Mike Richards\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Mike Richards\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = <!DOCTYPE html PUBLIC "-//W3C//DT
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
    uRun: [BitTorrent] "c:\program files\bittorrent\bittorrent.exe"
    uRun: [Google Update] "c:\documents and settings\mike richards\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
    mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [NPSStartup]
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\mikeri~1\applic~1\mozilla\firefox\profiles\u2tweq1h.default\
    FF - component: c:\documents and settings\mike richards\application data\mozilla\firefox\profiles\u2tweq1h.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    FF - plugin: c:\documents and settings\mike richards\application data\mozilla\firefox\profiles\u2tweq1h.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
    FF - plugin: c:\documents and settings\mike richards\application data\mozilla\firefox\profiles\u2tweq1h.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
    FF - plugin: c:\documents and settings\mike richards\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

    ============= SERVICES / DRIVERS ===============

    R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2009-4-30 21144]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-4-30 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-30 20560]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-4-30 138680]
    R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-5-6 233472]
    R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-5-6 36608]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-4-30 208384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-16 135664]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-4-30 254040]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-4-30 352920]

    =============== Created Last 30 ================

    2009-12-09 19:07:22 0 d-sha-r- C:\cmdcons
    2009-12-09 19:06:14 0 d-s---w- C:\ComboFix
    2009-12-09 18:48:26 98816 ----a-w- c:\windows\sed.exe
    2009-12-09 18:48:26 77312 ----a-w- c:\windows\MBR.exe
    2009-12-09 18:48:26 261632 ----a-w- c:\windows\PEV.exe
    2009-12-09 18:48:26 161792 ----a-w- c:\windows\SWREG.exe
    2009-12-09 18:43:38 0 d-----w- C:\SDFix
    2009-12-08 22:07:30 0 d-----w- c:\windows\system32\wbem\Repository
    2009-12-05 00:08:58 0 d-sh--w- c:\windows\system32\lowsec
    2009-11-22 17:02:23 0 d-----w- c:\program files\MosaicCreator
    2009-11-22 16:01:26 0 d-----w- c:\program files\IrfanView
    2009-11-19 22:33:25 0 d-----w- c:\program files\IMosaic

    ==================== Find3M ====================

    2009-11-04 00:27:30 212992 ----a-w- c:\windows\system32\npeauth.dll
    2009-11-04 00:27:28 151552 ----a-w- c:\windows\system32\npeudelself.exe
    2009-09-21 23:53:42 36224 ---ha-w- c:\windows\system32\mlfcache.dat
    2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll

    ============= FINISH: 13:04:19.35 ===============

    I also believe there is a rootkit on the machine

    my friend was trying to get me to use combofix, but i kept getting blue screens

    varying from messages such as
    bad_pool_header
    and
    Rfn_list_corrupt

    On anothe rnote why is my chrome browser running safari?(i noticed this with an online kaspersky)
    maybe connected im really not sure..

    Any help would be much appreciated in the season of good tydings

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello mikeproducer,

    Please see this forum's FAQ: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    Also,
    File Sharing, otherwise known as Peer To Peer. (P2P)

    Do NOT run 'FIXES' (ComboFix etc) without being asked

    If you still need help please start a new topic providing the HJT log and a link back to this thread.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •