I was away from my computer a few days, which resulted in my topic being closed
(http://www.malwareremoval.com/forum/vie ... 11&t=56984). I went ahead and did the recommended actions in the last posting, and a ESET logfile was generated, which I will add for information purposes after the DDS and ATTACH required to receive assistance. (DDS was done after the other actions). I will attach DDS to this message, and the others to separate postings.
Basically, my problem is a slow computer for which no virus or malware seem responsible.
Any help would be much appreciated!
eventhorizon
.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Glenn Smith at 22:17:32 on 2011-06-14
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1534.787 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
svchost.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\glenn smith\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [TpShocks] TpShocks.exe
mRun: [TP4EX] tp4ex.exe
mRun: [UC_SMB]
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [<NO NAME>]
mRun: [IBMPRC] c:\ibmtools\utils\ibmprc.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [AppleSyncNotifier] c:\program files\fichiers communs\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Omnipage] c:\program files\scansoft\omnipagese\opware32.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [SunJavaUpdateSched] "c:\program files\fichiers communs\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menudé~1\progra~1\démarr~1\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: Envoyer à &Bluetooth - c:\program files\ibm\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 6332908109
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-be ... canner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4 ... 42-win.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shoc ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 212.27.40.241 212.27.40.240
TCP: Interfaces\{589BAE28-A23F-4DAF-A0FF-6C73A37D35E7} : DhcpNameServer = 212.27.40.241 212.27.40.240
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: QConGina - QConGina.dll
Notify: tphotkey - tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli pwdmon
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\glenn smith\application data\mozilla\firefox\profiles\qbhlxefs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\glenn smith\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: LavaFox V1-Blue: djziggy@gmail.com - %profile%\extensions\djziggy@gmail.com
FF - Ext: Penguin: penguin@loic.com - %profile%\extensions\penguin@loic.com
FF - Ext: Bluetacular: tron@trionic.net - %profile%\extensions\tron@trionic.net
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Utopia FFSE White: {20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E} - %profile%\extensions\{20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}
FF - Ext: Alienware Invader v1.2: {5476e6b0-3de0-11dd-ae16-0800200c9a66} - %profile%\extensions\{5476e6b0-3de0-11dd-ae16-0800200c9a66}
FF - Ext: Gradient iCool: {de5809e0-2b07-11dd-bd0b-0800200c9a66} - %profile%\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [2010-2-16 14208]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-6 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-6 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-6 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-6 42184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-12 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-12 22712]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [2010-2-16 6016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [2010-2-16 12288]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [1980-1-1 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-06-14 15:52:38 -------- d-----w- c:\program files\ESET
2011-06-14 15:03:50 -------- d-----w- c:\windows\IBM
2011-06-14 15:00:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-14 15:00:28 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-06-14 15:00:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-09 14:10:41 -------- d-----w- c:\program files\trend micro
2011-06-02 15:24:09 -------- d-----w- c:\program files\AnalogX
2011-06-02 15:22:34 -------- d-----w- c:\documents and settings\glenn smith\application data\WinPatrol
2011-06-02 15:22:15 -------- d-----w- c:\program files\BillP Studios
2011-06-02 15:22:14 -------- d-----w- c:\documents and settings\all users\application data\InstallMate
2011-05-20 08:40:01 -------- d-----w- c:\program files\Canon
2011-05-20 08:39:09 -------- d-----w- c:\documents and settings\all users\application data\SSScanWizard
2011-05-20 08:39:09 -------- d-----w- c:\documents and settings\all users\application data\SSScanAppDataDir
2011-05-20 08:39:02 -------- d-----w- c:\program files\fichiers communs\ScanSoft Shared
2011-05-20 08:38:49 -------- d-----w- c:\program files\ScanSoft
2011-05-20 08:36:57 -------- d-----w- c:\program files\NewSoft
2011-05-20 08:32:40 -------- d-----w- c:\documents and settings\glenn smith\application data\NewSoft
2011-05-20 08:29:56 53248 ------w- c:\program files\fichiers communs\installshield\engine\6\intel 32\msihook.dll
2011-05-20 08:29:55 126976 ------w- c:\program files\fichiers communs\installshield\engine\6\intel 32\knlwrap.exe
2011-05-20 08:29:53 114688 ------w- c:\program files\fichiers communs\installshield\engine\6\intel 32\scpthdlr.dll
2011-05-20 08:29:13 212480 ----a-w- c:\windows\pcdlib32.dll
2011-05-20 08:28:32 77312 ----a-w- c:\windows\system32\TWAIN_32.DLL
2011-05-20 08:26:47 389180 ----a-w- c:\windows\system32\UCS32P.DLL
2011-05-20 08:26:46 753664 ----a-w- c:\windows\system32\CNQA3201.DLL
2011-05-20 08:26:46 40960 ----a-w- c:\windows\system32\CNQU82.DLL
2011-05-20 08:26:46 266240 ----a-w- c:\windows\system32\CNQL3201.DLL
2011-05-20 08:26:46 -------- d--h--w- C:\CanoScan
.
==================== Find3M ====================
.
2011-05-29 07:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:03:54 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-06 14:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 14:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 14:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 14:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-08 08:37:14 101544 ----a-w- c:\program files\fichiers communs\LinkInstaller.exe
1999-04-06 12:27:22 99840 ----a-w- c:\program files\fichiers communs\IRAABOUT.DLL
1998-12-09 02:53:54 70144 ----a-w- c:\program files\fichiers communs\IRAMDMTR.DLL
1998-12-09 02:53:54 48640 ----a-w- c:\program files\fichiers communs\IRALPTTR.DLL
1998-12-09 02:53:54 31744 ----a-w- c:\program files\fichiers communs\IRAWEBTR.DLL
1998-12-09 02:53:54 186368 ----a-w- c:\program files\fichiers communs\IRAREG.DLL
1998-12-09 02:53:54 17920 ----a-w- c:\program files\fichiers communs\IRASRIAL.DLL
.
============= FINISH: 22:27:49,37 ===============