Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Cursor freezing, suspected virus.

  1. #1
    Senior Member
    Join Date
    Nov 2009
    Posts
    102

    Default Cursor freezing, suspected virus.

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by James at 16:10:38.21 on 27/08/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.35 [GMT 1:00]

    AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\James\My Documents\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uInternet Connection Wizard,ShellNext = hxxp://google.co.uk/
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [POINTER] point32.exe
    mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [BCMSMMSG] BCMSMMSG.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\james\applic~1\mozilla\firefox\profiles\ejjv6hx2.default\
    FF - prefs.js: browser.startup.homepage - hxxp://google.co.uk
    FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - plugin: c:\documents and settings\james\application data\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-26 165456]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-2 17744]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-26 40384]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-26 40384]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-26 40384]

    =============== Created Last 30 ================

    2010-08-27 11:58:07 0 d-----w- c:\program files\Trend Micro
    2010-08-21 14:25:57 0 d-sh--w- c:\documents and settings\james\IECompatCache
    2010-08-20 19:52:59 16029 ----a-w- c:\documents and settings\james\.recently-used.xbel
    2010-07-31 12:42:23 0 d-sh--w- c:\documents and settings\james\PrivacIE

    ==================== Find3M ====================

    2010-07-17 04:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-28 20:57:33 38848 ----a-w- c:\windows\avastSS.scr
    2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2010-05-27 19:14:05 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
    2010-05-27 19:14:05 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010052720100528\index.dat

    ============= FINISH: 16:11:18.84 ===============

  2. #2
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Please post a fresh dds.txt log and describe your problem a bit.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #3
    Senior Member
    Join Date
    Nov 2009
    Posts
    102

    Default

    The cursor freezes for minutes and the pc has slowed down considerably.

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by James at 12:09:31.37 on 05/09/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.163 [GMT 1:00]

    AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\James\My Documents\Downloads\dds(2).scr

    ============== Pseudo HJT Report ===============

    uInternet Connection Wizard,ShellNext = hxxp://google.co.uk/
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [POINTER] point32.exe
    mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [BCMSMMSG] BCMSMMSG.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\james\applic~1\mozilla\firefox\profiles\ejjv6hx2.default\
    FF - prefs.js: browser.startup.homepage - hxxp://google.co.uk
    FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - plugin: c:\documents and settings\james\application data\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-26 165456]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-2 17744]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-26 40384]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-26 40384]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-26 40384]

    =============== Created Last 30 ================

    2010-08-27 11:58:07 0 d-----w- c:\program files\Trend Micro
    2010-08-21 14:25:57 0 d-sh--w- c:\documents and settings\james\IECompatCache
    2010-08-20 19:52:59 16029 ----a-w- c:\documents and settings\james\.recently-used.xbel

    ==================== Find3M ====================

    2010-07-17 04:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-28 20:57:33 38848 ----a-w- c:\windows\avastSS.scr
    2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2010-05-27 19:14:05 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
    2010-05-27 19:14:05 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010052720100528\index.dat

    ============= FINISH: 12:10:02.53 ===============

  4. #4
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Has the hard drive been defragged lately?

    Download GMER here by clicking download exe -button and then saving it your desktop:
    • Double-click .exe that you downloaded
    • Click rootkit-tab, uncheck files option and then click scan.
    • Don't check
      Show All
      box while scanning in progress!
    • When scanning is ready, click Copy.
    • This copies log to clipboard
    • Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.



    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

    Double-click ATF Cleaner.exe to open it

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Prefetch
    Java Cache

    *The other boxes are optional*
    Then click the Empty Selected button.

    If you use Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    If you use Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.


    Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here. Post back its report.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  5. #5
    Senior Member
    Join Date
    Nov 2009
    Posts
    102

    Default

    I haven't defragged recently.
    There was nothing detected on Kaspersky.

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-09-05 18:03:41
    Windows 5.1.2600 Service Pack 3
    Running: h785c1fx.exe; Driver: C:\DOCUME~1\James\LOCALS~1\Temp\pwpyrfog.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEDED4CD2]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEDED4B8E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xEDED5142]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEDED506C]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEDED4764]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEDED4C68]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEDED46A4]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEDED4708]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEDED4D88]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xEDED5210]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEDED4D48]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEDED4EC8]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xEDEE1B9C]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xEDEE19C0]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xEDEE1AFA]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    PAGE ntoskrnl.exe!ObInsertObject 8056503A 5 Bytes JMP EDEDEF6C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
    PAGE ntoskrnl.exe!NtCreateSection 805652B3 7 Bytes JMP EDEE19C4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
    PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FE4C 7 Bytes JMP EDEE1BA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
    PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059F8CA 5 Bytes JMP EDEDD5B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
    PAGE ntoskrnl.exe!ZwLoadDriver 805A3B73 7 Bytes JMP EDEE1AFE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Mozilla Firefox\firefox.exe[1264] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3268] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1044721D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3656] kernel32.dll!LoadResource 7C80A055 7 Bytes JMP 2806C580 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3656] kernel32.dll!FindResourceExW 7C80AD28 7 Bytes JMP 2806C3E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3656] kernel32.dll!FindResourceW 7C80BC6E 7 Bytes JMP 2806C360 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3656] kernel32.dll!SizeofResource 7C80BD09 7 Bytes JMP 2806C630 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3656] kernel32.dll!FindResourceA 7C80BF29 7 Bytes JMP 2806C460 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3656] kernel32.dll!LockResource 7C80CD37 5 Bytes JMP 2806C6A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3656] kernel32.dll!CreateEventA 7C8308B5 5 Bytes JMP 2806BFC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3656] kernel32.dll!FindResourceExA 7C835FA8 7 Bytes JMP 2806C4F0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3656] ADVAPI32.dll!CryptDeriveKey 77DE9FFD 7 Bytes JMP 2806BAD0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3656] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 2806BB30 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3656] USER32.dll!GetWindowLongW 7E4188A6 7 Bytes JMP 28070560 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3656] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 2806E560 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3656] USER32.dll!SetWindowPlacement 7E41DE46 5 Bytes JMP 2806FB00 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3656] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 2806FC50 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3656] USER32.dll!LoadImageW 7E427B97 5 Bytes JMP 280702B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3656] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 2806DB40 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3656] USER32.dll!SetWindowRgn 7E42E528 7 Bytes JMP 2806FBA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3656] USER32.dll!LoadIconW 7E42E8BC 5 Bytes JMP 28070430 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3656] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 2806FE50 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3656] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 2806EBE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3656] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 280748C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3656] WS2_32.dll!send 71AB4C27 5 Bytes JMP 28074580 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3656] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 280743D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3656] WS2_32.dll!recv 71AB676F 5 Bytes JMP 280742A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3656] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 280746F0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3656] SHELL32.dll!Shell_NotifyIconW 7CA2A587 5 Bytes JMP 2806D230 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3656] ole32.dll!CoInitializeEx 774FEF7B 5 Bytes JMP 2806C900 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3656] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 2806CC80 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3656] ole32.dll!CoRegisterClassObject 77517E90 5 Bytes JMP 2806CA00 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3656] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 280734B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3656] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 280735F0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3656] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 28073350 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3656] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 28073550 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003A0002
    IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003A0000

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

    Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/ALWIL Software)

    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/ALWIL Software)

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

    ---- EOF - GMER 1.0.15 ----

  6. #6
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Defragment the system. Log looks ok. This doesn't look like malware issue to me.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  7. #7
    Senior Member
    Join Date
    Nov 2009
    Posts
    102

    Default

    Hi,

    since i followed your steps i've encountered a new problem. I can't open hotmail in firefox and i can't post a comment on Facebook, if i use Internet Explorer there is no problem. Do you think it is something to do with the ATF cleaner?

  8. #8
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Yes, it's related to ATF. Clear Firefox cache and thing should be sorted out.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  9. #9
    Senior Member
    Join Date
    Nov 2009
    Posts
    102

    Default

    Sorted. I'll defrag, thanks for your help

  10. #10
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    You're welcome
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •