TechSpot

Malware issue affecting IExplorer and Firefox

By neilAVMALprobs
Dec 19, 2010
  1. Hi,

    I am currently experiencing slow opening of websites and sometimes they will not open at all. As an example, I use Aol web mail which takes about 10 minutes to open and thats the slow connection version. My internet connection is using BTOpenzone and i although i realise the bandwidth is not mine alone, other websites seem to work ok and after using Broadband speed checker the results are pretty good.

    I have followed the 8-step Viruses/Spyware/Malware prelim instructions and my results will be posted/attached next.

    Thanks in advance for your help.

    Neil
     
  2. neilAVMALprobs

    neilAVMALprobs TS Rookie Topic Starter

    My logs/txt files are as follows:

    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5351

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    19/12/2010 12:31:33
    mbam-log-2010-12-19 (12-31-33).txt

    Scan type: Quick scan
    Objects scanned: 151414
    Time elapsed: 4 minute(s), 55 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  3. neilAVMALprobs

    neilAVMALprobs TS Rookie Topic Starter

    I will attach the gmer.log and the attach (Zip) file as they are rather large:

    Below is the DDS file:


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Neil D at 13:51:52.93 on 19/12/2010
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3039.1920 [GMT 0:00]

    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
    AV: AVG Anti-Virus *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
    FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_08f19d3e5efcf526\STacSV.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\WINDOWS\System32\ZoneLabs\vsmon.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_08f19d3e5efcf526\aestsrv.exe
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
    C:\Windows\system32\lxblcoms.exe
    C:\Windows\system32\PnkBstrA.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    C:\Windows\SMINST\BLService.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\AVG\AVG9\avgam.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Razer\DeathAdder\razerhid.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    C:\Program Files\Razer\DeathAdder\razertra.exe
    C:\Program Files\Razer\DeathAdder\razerofa.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Neil D\Desktop\8 Point Malware results\dds.scr
    C:\Windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    mStart Page = about:blank
    uInternet Settings,ProxyOverride = <local>
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
    BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    TB: Wanadoo: {8b68564d-53fd-4293-b80c-993a9f3988ee} - c:\windows\system32\WSBar.dll
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
    mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
    mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
    mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe
    mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
    mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
    mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"
    mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [iolo Startup] "c:\program files\iolo\common\lib\ioloLManager.exe"
    mRun: [SpeedTouch USB Diagnostics] "c:\program files\thomson\speedtouch usb\Dragdiag.exe" /icon
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Search with Wanadoo - c:\windows\system32\WSBar.dll/VSearch.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
    DPF: {72376E32-8AF2-473F-BE32-E5D0F39C865D} - hxxp://docs.cyberlink.com/multi/patch/prog/UpdateAdvisor.cab
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} - c:\program files\dvd region-free\DVDShell.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\neild~1\appdata\roaming\mozilla\firefox\profiles\3dusbj8y.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
    FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

    ---- FIREFOX POLICIES ----
    FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.12
    ============= SERVICES / DRIVERS ===============

    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-8-19 52872]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-11-27 64288]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-8-19 216400]
    R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-8-19 29584]
    R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-8-19 243024]
    R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2010-12-1 20392]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};Power Control [2009/09/26 23:57:30];c:\program files\hp\quickplay\000.fcl [2009-9-26 87536]
    R2 acedrv10;acedrv10;c:\windows\system32\drivers\ACEDRV10.sys [2007-7-24 328824]
    R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-7-11 201848]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_08f19d3e5efcf526\AEstSrv.exe [2008-11-15 73728]
    R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-8-19 308136]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-12-15 724664]
    R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-12-15 724664]
    R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-14 26352]
    R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-14 493032]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-23 1389400]
    R2 lxbl_device;lxbl_device;c:\windows\system32\lxblcoms.exe -service --> c:\windows\system32\lxblcoms.exe -service [?]
    R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-7-2 341328]
    R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2009-8-22 22784]
    R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-24 52736]
    R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-4-1 81296]
    R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-11-10 66592]
    S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 517448]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-7-2 193840]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-23 15264]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-26 1343400]

    =============== File Associations ===============

    JSEFile=NOTEPAD.EXE %1
    regfile=NOTEPAD.EXE %1
    scrfile=NOTEPAD.EXE %1
    VBEFile=NOTEPAD.EXE %1
    VBSFile=NOTEPAD.EXE %1

    =============== Created Last 30 ================

    2010-12-18 23:42:18 -------- d-----w- c:\users\neild~1\appdata\roaming\Malwarebytes
    2010-12-18 23:40:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-18 23:40:49 -------- d-----w- c:\progra~2\Malwarebytes
    2010-12-18 23:40:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-18 23:40:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-18 21:00:15 -------- d-----w- c:\users\neild~1\appdata\local\Sunbelt Software
    2010-12-15 00:22:26 511328 ----a-w- c:\program files\common files\microsoft shared\capicom\CAPICOM.DLL
    2010-12-14 20:58:32 516096 ----a-w- c:\program files\windows mail\wab.exe
    2010-12-14 20:58:32 314368 ----a-w- c:\windows\system32\webio.dll
    2010-12-14 20:58:27 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-12-14 20:58:16 749056 ----a-w- c:\windows\system32\schedsvc.dll
    2010-12-14 20:58:15 496128 ----a-w- c:\windows\system32\taskschd.dll
    2010-12-14 20:58:15 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-12-14 20:58:15 305152 ----a-w- c:\windows\system32\taskcomp.dll
    2010-12-14 20:58:15 192000 ----a-w- c:\windows\system32\taskeng.exe
    2010-12-14 20:58:15 179712 ----a-w- c:\windows\system32\schtasks.exe
    2010-12-14 20:58:14 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-12-14 20:58:14 294400 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-14 20:57:20 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2010-12-14 20:57:20 101760 ----a-w- c:\windows\system32\consent.exe
    2010-12-14 20:57:15 2327552 ----a-w- c:\windows\system32\win32k.sys
    2010-12-08 17:59:50 -------- d-----w- c:\users\neild~1\appdata\roaming\LucasArts
    2010-12-05 20:16:07 286720 ----a-w- c:\windows\system32\WSBar.dll
    2010-12-05 20:03:28 70688 ----a-w- c:\windows\system32\drivers\alcaudsl.sys
    2010-12-05 20:03:28 5606 ----a-w- c:\windows\system32\stci.dll
    2010-12-05 20:03:28 5280 ----a-w- c:\windows\system32\drivers\alcawh.sys
    2010-12-05 20:03:28 3968 ----a-w- c:\windows\system32\drivers\alcacr.sys
    2010-12-05 20:03:27 53600 ----a-w- c:\windows\system32\drivers\alcan5wn.sys
    2010-12-05 20:03:24 -------- d-----w- c:\program files\Thomson
    2010-12-05 20:02:15 -------- d-----w- c:\program files\Wanadoo
    2010-12-02 21:47:22 3181568 ----a-w- c:\windows\system32\mf.dll
    2010-12-02 21:47:22 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
    2010-12-02 21:47:21 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2010-12-02 21:46:37 804864 ----a-w- c:\windows\system32\FntCache.dll
    2010-12-02 21:46:37 737280 ----a-w- c:\windows\system32\d2d1.dll
    2010-12-02 21:46:37 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
    2010-12-02 21:46:37 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2010-12-02 21:46:37 1076224 ----a-w- c:\windows\system32\DWrite.dll
    2010-12-02 21:45:56 279552 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2010-12-02 21:45:56 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
    2010-12-02 21:44:52 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
    2010-12-02 21:41:52 -------- d-----w- c:\program files\Feedback Tool
    2010-12-01 16:44:00 20392 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys
    2010-12-01 16:43:43 87688 ----a-w- c:\windows\system32\IncContxMenu.dll
    2010-12-01 16:43:43 2234040 ----a-w- c:\windows\system32\Incinerator.dll
    2010-12-01 16:43:33 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
    2010-12-01 16:43:33 11776 ----a-w- c:\windows\system32\smrgdf.exe
    2010-12-01 16:43:32 -------- d-----w- c:\program files\iolo
    2010-12-01 16:38:14 74703 ----a-w- c:\windows\system32\mfc45.dll
    2010-12-01 16:37:22 -------- d-----w- c:\users\neild~1\appdata\roaming\iolo
    2010-12-01 16:37:22 -------- d-----w- c:\progra~2\iolo
    2010-11-30 23:14:54 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-11-28 20:30:31 1836 ----a-w- c:\windows\system32\ASOROSet.bin
    2010-11-28 20:30:31 16184 ----a-w- c:\windows\system32\ROBoot.exe
    2010-11-28 18:28:47 -------- d-----w- c:\progra~2\Systweak
    2010-11-28 18:23:04 -------- d-----w- c:\users\neild~1\appdata\roaming\Systweak
    2010-11-28 16:50:12 -------- d-----w- c:\users\neild~1\appdata\roaming\Registry Mechanic
    2010-11-28 16:46:38 -------- d-----w- c:\program files\common files\PC Tools
    2010-11-28 16:34:26 -------- d-----w- c:\windows\$regcmp$
    2010-11-28 16:22:04 -------- d-----w- c:\users\neild~1\appdata\roaming\CleanMyPC Software
    2010-11-28 12:52:35 -------- d-----w- c:\users\neild~1\appdata\local\Diagnostics
    2010-11-28 01:17:25 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-11-27 23:51:21 3063561 ----a-w- c:\progra~2\MobileTV.exe
    2010-11-27 23:51:21 2989660 ----a-w- c:\progra~2\DVD.exe
    2010-11-27 23:51:21 2864396 ----a-w- c:\progra~2\MPV.exe
    2010-11-27 23:51:21 2331174 ----a-w- c:\progra~2\Karaoke.exe
    2010-11-27 23:51:20 2231606 ----a-w- c:\progra~2\Games.exe
    2010-11-27 23:12:11 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-11-27 23:11:16 -------- dc-h--w- c:\progra~2\{E961CE1B-C3EA-4882-9F67-F859B555D097}
    2010-11-27 23:10:59 -------- d-----w- c:\program files\Lavasoft
    2010-11-26 22:00:39 -------- d-----w- c:\windows\system32\Wat
    2010-11-26 19:42:00 257024 ----a-w- c:\windows\system32\msv1_0.dll
    2010-11-26 19:37:42 293376 ----a-w- c:\windows\system32\browserchoice.exe
    2010-11-26 19:36:52 190976 ----a-w- c:\windows\system32\drivers\ks.sys
    2010-11-26 19:36:52 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
    2010-11-26 16:21:26 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2010-11-26 16:21:19 285696 ----a-w- c:\windows\system32\winlogon.exe
    2010-11-26 16:21:19 2614272 ----a-w- c:\windows\explorer.exe
    2010-11-26 16:21:15 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
    2010-11-26 16:21:15 1413632 ----a-w- c:\windows\system32\ole32.dll
    2010-11-26 16:20:16 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
    2010-11-26 16:20:15 316928 ----a-w- c:\windows\system32\spoolsv.exe
    2010-11-26 16:19:20 82944 ----a-w- c:\windows\system32\iccvid.dll
    2010-11-26 16:19:20 197632 ----a-w- c:\windows\system32\ir32_32.dll
    2010-11-26 16:17:59 1286456 ----a-w- c:\windows\system32\ntdll.dll
    2010-11-26 16:12:15 172032 ----a-w- c:\windows\system32\wintrust.dll
    2010-11-26 16:12:05 132608 ----a-w- c:\windows\system32\cabview.dll
    2010-11-26 12:31:23 -------- d-----w- c:\users\neild~1\appdata\local\ElevatedDiagnostics
    2010-11-26 06:55:38 -------- d-----w- c:\windows\Panther
    2010-11-26 06:36:55 -------- d--h--w- C:\$WINDOWS.~Q
    2010-11-26 06:19:54 -------- d--h--w- C:\$INPLACE.~TR
    2010-11-26 00:17:06 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2010-11-26 00:17:06 49472 ----a-w- c:\windows\system32\netfxperf.dll
    2010-11-26 00:17:06 297808 ----a-w- c:\windows\system32\mscoree.dll
    2010-11-26 00:17:06 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2010-11-26 00:17:06 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2010-11-26 00:13:19 -------- d-----w- c:\windows\system32\wbem\Performance
    2010-11-26 00:10:09 -------- d-sh--w- C:\Recovery
    2010-11-25 23:00:03 -------- d-----w- c:\program files\Synaptics
    2010-11-25 22:59:35 -------- d-----w- c:\program files\IDT
    2010-11-25 22:59:34 73728 ----a-w- c:\windows\system32\AESTCom.dll
    2010-11-25 22:59:34 53248 ----a-w- c:\windows\system32\aestaren.dll
    2010-11-25 22:59:34 372736 ----a-w- c:\windows\system32\aestecap.dll
    2010-11-25 22:59:34 133632 ----a-w- c:\windows\system32\aestacap.dll
    2010-11-25 22:59:33 5611585 ------w- c:\windows\system32\idtcpl.cpl
    2010-11-25 22:59:33 512000 ----a-w- c:\windows\system32\idtmini1.exe
    2010-11-25 22:59:33 442433 ----a-w- c:\windows\sttray.exe
    2010-11-25 22:59:33 2387968 ------w- c:\windows\system32\stlang.dll
    2010-11-25 22:59:21 485920 ----a-w- c:\windows\system32\nvuninst.exe
    2010-11-24 21:59:38 -------- d-----w- c:\program files\SequoiaView
    2010-11-24 21:43:12 -------- d-----w- c:\program files\CCleaner
    2010-11-23 13:33:48 -------- d-----w- c:\windows\system32\eu-ES
    2010-11-23 13:33:48 -------- d-----w- c:\windows\system32\ca-ES
    2010-11-23 13:33:47 -------- d-----w- c:\windows\system32\vi-VN
    2010-11-22 10:53:09 -------- d-----w- c:\program files\ProtectDisc Driver Installer

    ==================== Find3M ====================

    2010-11-09 22:06:52 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
    2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
    2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
    2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-10-19 10:41:44 222080 ----a-w- c:\windows\system32\MpSigStub.exe

    ============= FINISH: 13:52:34.38 ===============
     

    Attached Files:

  4. neilAVMALprobs

    neilAVMALprobs TS Rookie Topic Starter

    I realise that i should paste the two attachments as per your instructions. Do you want me to or should i leave it as it is.

    Thansk in advance

    Neil
     
  5. neilAVMALprobs

    neilAVMALprobs TS Rookie Topic Starter

    Sorry, but i cannot post my gmer.log file in order as i have posted the 1st part of it already and the website tells me that the posts are being moderated, then the second part above gets in before the moderated bits. To save confusion, i am going to stop adding the 4 parts of the log as they wont be in any particular order it seems. it is attached however on the 3rd post.

    If you still require me to cut and paste the gmer.log i will however my browser is now starting to slow your site down as well.

    Thanks
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Isn't BTOpenzone a 'buy as you go' hotspot wireless company? This makes all your connections dependent upon how many others are connecting at the same time. Don't let an internet speed test fool you.

    By chance, did you miss this in the GMER instructions?
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    We also tell you to ignore the author's instruction to zip the Attach.txt log and just paste it in like the others.

    I'm going to delete the pasted GMER since you also left an attachment and possibly checked 'Show all' in error.

    You should resolve this: Multiple AV programs make a system more vulnerable, not less:
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated*
    AV: AVG Anti-Virus *Enabled/Updated


    Java is way out of date- You have Java v6u05. The current is v6u22. Please update:
    Check this site .Java Updates Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.

    There is a driver trying to start but cannot because it is blocked: The process atksgt belongs to the software atksgt by Tages SA. This is for The TAGES copy protection system. You can find specific information and some discussion as to whether it's legal to block it.HERE

    There is also a second process blocked Related to StarForce Protection software that protects software from being copyrighted. Disabling this service could make programs that use its protection to stop working.

    Take a look at this information, regrading the Error Event 10:
    How to enable Schannel event logging in IIS> http://support.microsoft.com/kb/260729

    And you might want to check out these 4 Registry entries since they are for the ISP:
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0021867f0dd2
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0021867f0dd2 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)
    ==================================================
    I do not see signs of malware in these logs. If you can't resolve the problem with the information I have given you, let me know and I'll give you instructions on uninstalling AVG and running Combofix.
     
  7. neilAVMALprobs

    neilAVMALprobs TS Rookie Topic Starter

    Hi,

    I have got rid of Lavasoft, uninstalled my old Java and installed the newest one and removed both the blocked drivers through their respective websites.

    I am not sure what to do with the SChannel event logging as this is what is listed under SCHANNEL:

    (Default) REG_SZ (Value not set)
    Event Logging REG_DWORD 0x00000001 (1)

    Is this correct or not?

    Also, you ask me to check out the 4 registry entries. I must admit, that i do not know what to do with these at all and i cannot find anything on google or any other search engine.

    Just a little bit more background on my issue. BTOpenzone is an ISP i use when away from home as i am in the Miltary. At weekends there is nobody else on the network so it is markedly faster than during the week. These issues do however still apply when i am at home on my wired internet connection. A good example is that my Internet explorer will not open any microsoft webpages at all. Firefox does open some but it hangs at times. very strange.

    Any more help would be very much appreciated
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    About your speed with the different ISPs. There isn't much I can do to change them- they are dependent on your location, time of day/night, number of other users> but you can trim down your system so there is less to load on start, fewer programs running in the background and sorter shutdown time.

    For instance, I notice that you have several 'tweaking' tools running. Frequently, these type of programs actually use more resources to run, thus slowing the system down overall. I would suggest that you take them all off of the Startup Menu and if they have related Services, change their startup Type to Manual. The programs/processes are:
    • Driver Robot is a free utility that offers to scan your PC for incorrect and out-of-date drivers. It's also a marketing ploy designed to upsell a $30 software package and subscription to a driver database.
    • Advanced System Optimizer> IOBIT> Both this program and the home site are not recommended.
    • System Mechanic Pro(IOLO)
    • Systweak
    • PCTools
    • CleanMyPC Software> a Registry Cleaner.
    What they are also most likely doing is accessing their home site doing your run, for various but unneeded reasons.
    =====================================
    I'd like you to do an online virus scan:

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    =====================================
    We'll see if this find any malware.
    Try taking the 'tweaking' programs off of Startup> see if that makes any significant difference.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...