Inactive Malware issue affecting IExplorer and Firefox

Status
Not open for further replies.

neilAVMALprobs

Posts: 6   +0
Hi,

I am currently experiencing slow opening of websites and sometimes they will not open at all. As an example, I use Aol web mail which takes about 10 minutes to open and thats the slow connection version. My internet connection is using BTOpenzone and i although i realise the bandwidth is not mine alone, other websites seem to work ok and after using Broadband speed checker the results are pretty good.

I have followed the 8-step Viruses/Spyware/Malware prelim instructions and my results will be posted/attached next.

Thanks in advance for your help.

Neil
 
My logs/txt files are as follows:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5351

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

19/12/2010 12:31:33
mbam-log-2010-12-19 (12-31-33).txt

Scan type: Quick scan
Objects scanned: 151414
Time elapsed: 4 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
I will attach the gmer.log and the attach (Zip) file as they are rather large:

Below is the DDS file:


DDS (Ver_10-12-12.02) - NTFSx86
Run by Neil D at 13:51:52.93 on 19/12/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3039.1920 [GMT 0:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
AV: AVG Anti-Virus *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_08f19d3e5efcf526\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_08f19d3e5efcf526\aestsrv.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Windows\system32\lxblcoms.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Neil D\Desktop\8 Point Malware results\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Wanadoo: {8b68564d-53fd-4293-b80c-993a9f3988ee} - c:\windows\system32\WSBar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [iolo Startup] "c:\program files\iolo\common\lib\ioloLManager.exe"
mRun: [SpeedTouch USB Diagnostics] "c:\program files\thomson\speedtouch usb\Dragdiag.exe" /icon
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Search with Wanadoo - c:\windows\system32\WSBar.dll/VSearch.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
DPF: {72376E32-8AF2-473F-BE32-E5D0F39C865D} - hxxp://docs.cyberlink.com/multi/patch/prog/UpdateAdvisor.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} - c:\program files\dvd region-free\DVDShell.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\neild~1\appdata\roaming\mozilla\firefox\profiles\3dusbj8y.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.12
============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-8-19 52872]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-11-27 64288]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-8-19 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-8-19 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-8-19 243024]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2010-12-1 20392]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};Power Control [2009/09/26 23:57:30];c:\program files\hp\quickplay\000.fcl [2009-9-26 87536]
R2 acedrv10;acedrv10;c:\windows\system32\drivers\ACEDRV10.sys [2007-7-24 328824]
R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-7-11 201848]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_08f19d3e5efcf526\AEstSrv.exe [2008-11-15 73728]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-8-19 308136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-12-15 724664]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-12-15 724664]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-14 26352]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-14 493032]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-23 1389400]
R2 lxbl_device;lxbl_device;c:\windows\system32\lxblcoms.exe -service --> c:\windows\system32\lxblcoms.exe -service [?]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-7-2 341328]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2009-8-22 22784]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-24 52736]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-4-1 81296]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-11-10 66592]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 517448]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-7-2 193840]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-23 15264]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-26 1343400]

=============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
regfile=NOTEPAD.EXE %1
scrfile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2010-12-18 23:42:18 -------- d-----w- c:\users\neild~1\appdata\roaming\Malwarebytes
2010-12-18 23:40:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-18 23:40:49 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-18 23:40:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-18 23:40:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-18 21:00:15 -------- d-----w- c:\users\neild~1\appdata\local\Sunbelt Software
2010-12-15 00:22:26 511328 ----a-w- c:\program files\common files\microsoft shared\capicom\CAPICOM.DLL
2010-12-14 20:58:32 516096 ----a-w- c:\program files\windows mail\wab.exe
2010-12-14 20:58:32 314368 ----a-w- c:\windows\system32\webio.dll
2010-12-14 20:58:27 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-14 20:58:16 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-14 20:58:15 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-12-14 20:58:15 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-14 20:58:15 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-14 20:58:15 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-12-14 20:58:15 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-12-14 20:58:14 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-14 20:58:14 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-12-14 20:57:20 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-12-14 20:57:20 101760 ----a-w- c:\windows\system32\consent.exe
2010-12-14 20:57:15 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-08 17:59:50 -------- d-----w- c:\users\neild~1\appdata\roaming\LucasArts
2010-12-05 20:16:07 286720 ----a-w- c:\windows\system32\WSBar.dll
2010-12-05 20:03:28 70688 ----a-w- c:\windows\system32\drivers\alcaudsl.sys
2010-12-05 20:03:28 5606 ----a-w- c:\windows\system32\stci.dll
2010-12-05 20:03:28 5280 ----a-w- c:\windows\system32\drivers\alcawh.sys
2010-12-05 20:03:28 3968 ----a-w- c:\windows\system32\drivers\alcacr.sys
2010-12-05 20:03:27 53600 ----a-w- c:\windows\system32\drivers\alcan5wn.sys
2010-12-05 20:03:24 -------- d-----w- c:\program files\Thomson
2010-12-05 20:02:15 -------- d-----w- c:\program files\Wanadoo
2010-12-02 21:47:22 3181568 ----a-w- c:\windows\system32\mf.dll
2010-12-02 21:47:22 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-12-02 21:47:21 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-12-02 21:46:37 804864 ----a-w- c:\windows\system32\FntCache.dll
2010-12-02 21:46:37 737280 ----a-w- c:\windows\system32\d2d1.dll
2010-12-02 21:46:37 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-12-02 21:46:37 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2010-12-02 21:46:37 1076224 ----a-w- c:\windows\system32\DWrite.dll
2010-12-02 21:45:56 279552 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2010-12-02 21:45:56 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2010-12-02 21:44:52 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2010-12-02 21:41:52 -------- d-----w- c:\program files\Feedback Tool
2010-12-01 16:44:00 20392 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys
2010-12-01 16:43:43 87688 ----a-w- c:\windows\system32\IncContxMenu.dll
2010-12-01 16:43:43 2234040 ----a-w- c:\windows\system32\Incinerator.dll
2010-12-01 16:43:33 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2010-12-01 16:43:33 11776 ----a-w- c:\windows\system32\smrgdf.exe
2010-12-01 16:43:32 -------- d-----w- c:\program files\iolo
2010-12-01 16:38:14 74703 ----a-w- c:\windows\system32\mfc45.dll
2010-12-01 16:37:22 -------- d-----w- c:\users\neild~1\appdata\roaming\iolo
2010-12-01 16:37:22 -------- d-----w- c:\progra~2\iolo
2010-11-30 23:14:54 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-28 20:30:31 1836 ----a-w- c:\windows\system32\ASOROSet.bin
2010-11-28 20:30:31 16184 ----a-w- c:\windows\system32\ROBoot.exe
2010-11-28 18:28:47 -------- d-----w- c:\progra~2\Systweak
2010-11-28 18:23:04 -------- d-----w- c:\users\neild~1\appdata\roaming\Systweak
2010-11-28 16:50:12 -------- d-----w- c:\users\neild~1\appdata\roaming\Registry Mechanic
2010-11-28 16:46:38 -------- d-----w- c:\program files\common files\PC Tools
2010-11-28 16:34:26 -------- d-----w- c:\windows\$regcmp$
2010-11-28 16:22:04 -------- d-----w- c:\users\neild~1\appdata\roaming\CleanMyPC Software
2010-11-28 12:52:35 -------- d-----w- c:\users\neild~1\appdata\local\Diagnostics
2010-11-28 01:17:25 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-11-27 23:51:21 3063561 ----a-w- c:\progra~2\MobileTV.exe
2010-11-27 23:51:21 2989660 ----a-w- c:\progra~2\DVD.exe
2010-11-27 23:51:21 2864396 ----a-w- c:\progra~2\MPV.exe
2010-11-27 23:51:21 2331174 ----a-w- c:\progra~2\Karaoke.exe
2010-11-27 23:51:20 2231606 ----a-w- c:\progra~2\Games.exe
2010-11-27 23:12:11 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-11-27 23:11:16 -------- dc-h--w- c:\progra~2\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-11-27 23:10:59 -------- d-----w- c:\program files\Lavasoft
2010-11-26 22:00:39 -------- d-----w- c:\windows\system32\Wat
2010-11-26 19:42:00 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-11-26 19:37:42 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-11-26 19:36:52 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-11-26 19:36:52 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-11-26 16:21:26 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-11-26 16:21:19 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-11-26 16:21:19 2614272 ----a-w- c:\windows\explorer.exe
2010-11-26 16:21:15 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-11-26 16:21:15 1413632 ----a-w- c:\windows\system32\ole32.dll
2010-11-26 16:20:16 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-11-26 16:20:15 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-11-26 16:19:20 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-11-26 16:19:20 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-11-26 16:17:59 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-11-26 16:12:15 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-11-26 16:12:05 132608 ----a-w- c:\windows\system32\cabview.dll
2010-11-26 12:31:23 -------- d-----w- c:\users\neild~1\appdata\local\ElevatedDiagnostics
2010-11-26 06:55:38 -------- d-----w- c:\windows\Panther
2010-11-26 06:36:55 -------- d--h--w- C:\$WINDOWS.~Q
2010-11-26 06:19:54 -------- d--h--w- C:\$INPLACE.~TR
2010-11-26 00:17:06 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-11-26 00:17:06 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-11-26 00:17:06 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-11-26 00:17:06 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-11-26 00:17:06 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-11-26 00:13:19 -------- d-----w- c:\windows\system32\wbem\Performance
2010-11-26 00:10:09 -------- d-sh--w- C:\Recovery
2010-11-25 23:00:03 -------- d-----w- c:\program files\Synaptics
2010-11-25 22:59:35 -------- d-----w- c:\program files\IDT
2010-11-25 22:59:34 73728 ----a-w- c:\windows\system32\AESTCom.dll
2010-11-25 22:59:34 53248 ----a-w- c:\windows\system32\aestaren.dll
2010-11-25 22:59:34 372736 ----a-w- c:\windows\system32\aestecap.dll
2010-11-25 22:59:34 133632 ----a-w- c:\windows\system32\aestacap.dll
2010-11-25 22:59:33 5611585 ------w- c:\windows\system32\idtcpl.cpl
2010-11-25 22:59:33 512000 ----a-w- c:\windows\system32\idtmini1.exe
2010-11-25 22:59:33 442433 ----a-w- c:\windows\sttray.exe
2010-11-25 22:59:33 2387968 ------w- c:\windows\system32\stlang.dll
2010-11-25 22:59:21 485920 ----a-w- c:\windows\system32\nvuninst.exe
2010-11-24 21:59:38 -------- d-----w- c:\program files\SequoiaView
2010-11-24 21:43:12 -------- d-----w- c:\program files\CCleaner
2010-11-23 13:33:48 -------- d-----w- c:\windows\system32\eu-ES
2010-11-23 13:33:48 -------- d-----w- c:\windows\system32\ca-ES
2010-11-23 13:33:47 -------- d-----w- c:\windows\system32\vi-VN
2010-11-22 10:53:09 -------- d-----w- c:\program files\ProtectDisc Driver Installer

==================== Find3M ====================

2010-11-09 22:06:52 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-10-19 10:41:44 222080 ----a-w- c:\windows\system32\MpSigStub.exe

============= FINISH: 13:52:34.38 ===============
 

Attachments

  • gmer.log
    174.2 KB · Views: 1
  • Attach.zip
    2.9 KB · Views: 1
I realise that i should paste the two attachments as per your instructions. Do you want me to or should i leave it as it is.

Thansk in advance

Neil
 
Sorry, but i cannot post my gmer.log file in order as i have posted the 1st part of it already and the website tells me that the posts are being moderated, then the second part above gets in before the moderated bits. To save confusion, i am going to stop adding the 4 parts of the log as they wont be in any particular order it seems. it is attached however on the 3rd post.

If you still require me to cut and paste the gmer.log i will however my browser is now starting to slow your site down as well.

Thanks
 
I am currently experiencing slow opening of websites and sometimes they will not open at all. I use Aol web mail which takes about 10 minutes to open and thats the slow connection version. My internet connection is using BTOpenzone

Isn't BTOpenzone a 'buy as you go' hotspot wireless company? This makes all your connections dependent upon how many others are connecting at the same time. Don't let an internet speed test fool you.

By chance, did you miss this in the GMER instructions?
Warning ! Please, do not select the "Show all" checkbox during the scan.
We also tell you to ignore the author's instruction to zip the Attach.txt log and just paste it in like the others.

I'm going to delete the pasted GMER since you also left an attachment and possibly checked 'Show all' in error.

You should resolve this: Multiple AV programs make a system more vulnerable, not less:
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated*
AV: AVG Anti-Virus *Enabled/Updated


Java is way out of date- You have Java v6u05. The current is v6u22. Please update:
Check this site .Java Updates Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.

There is a driver trying to start but cannot because it is blocked: The process atksgt belongs to the software atksgt by Tages SA. This is for The TAGES copy protection system. You can find specific information and some discussion as to whether it's legal to block it.HERE

There is also a second process blocked Related to StarForce Protection software that protects software from being copyrighted. Disabling this service could make programs that use its protection to stop working.

Take a look at this information, regrading the Error Event 10:
How to enable Schannel event logging in IIS> http://support.microsoft.com/kb/260729

And you might want to check out these 4 Registry entries since they are for the ISP:
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0021867f0dd2
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0021867f0dd2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)
==================================================
I do not see signs of malware in these logs. If you can't resolve the problem with the information I have given you, let me know and I'll give you instructions on uninstalling AVG and running Combofix.
 
Hi,

I have got rid of Lavasoft, uninstalled my old Java and installed the newest one and removed both the blocked drivers through their respective websites.

I am not sure what to do with the SChannel event logging as this is what is listed under SCHANNEL:

(Default) REG_SZ (Value not set)
Event Logging REG_DWORD 0x00000001 (1)

Is this correct or not?

Also, you ask me to check out the 4 registry entries. I must admit, that i do not know what to do with these at all and i cannot find anything on google or any other search engine.

Just a little bit more background on my issue. BTOpenzone is an ISP i use when away from home as i am in the Miltary. At weekends there is nobody else on the network so it is markedly faster than during the week. These issues do however still apply when i am at home on my wired internet connection. A good example is that my Internet explorer will not open any microsoft webpages at all. Firefox does open some but it hangs at times. very strange.

Any more help would be very much appreciated
 
About your speed with the different ISPs. There isn't much I can do to change them- they are dependent on your location, time of day/night, number of other users> but you can trim down your system so there is less to load on start, fewer programs running in the background and sorter shutdown time.

For instance, I notice that you have several 'tweaking' tools running. Frequently, these type of programs actually use more resources to run, thus slowing the system down overall. I would suggest that you take them all off of the Startup Menu and if they have related Services, change their startup Type to Manual. The programs/processes are:
  • Driver Robot is a free utility that offers to scan your PC for incorrect and out-of-date drivers. It's also a marketing ploy designed to upsell a $30 software package and subscription to a driver database.
  • Advanced System Optimizer> IOBIT> Both this program and the home site are not recommended.
  • System Mechanic Pro(IOLO)
  • Systweak
  • PCTools
  • CleanMyPC Software> a Registry Cleaner.
What they are also most likely doing is accessing their home site doing your run, for various but unneeded reasons.
=====================================
I'd like you to do an online virus scan:

Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Re-enable your Antivirus software.
  10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
=====================================
We'll see if this find any malware.
Try taking the 'tweaking' programs off of Startup> see if that makes any significant difference.
 
Status
Not open for further replies.
Back