plscd.exe .....anybody any the wiser than I?

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

hi guys n gals,
ok, heres a wee puzzle,
i got my oem vista business a few weeks ago,
now i dont use p2p ,
somehow i have a process running sucking up all my system resources......plscd.exe
i have no idea where it has came from,
appart from general browsing my internet connection only gets used for gaming,i have downloaded a few drivers , but they have been from the likes of creative etc....
now i know what you will be thinking....it doesnt matter where you download from etc, i do run a virus scan on anything that comes into this machine(got my fingers burnt a few years ago....enuf said)
anybody that could shed a little light on this, or how to remove it would be great
Mark

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

a quick google came up with this-
http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=49727
hope it helps

 

I would try AVG free antivirus on your machine, works great with vista. Unfortunately the antispyware does not, and I have not found anything decent and free that does yet.
I believe spybot search and destroy might be your best bet...

HTH

 

Also there is tons more info which is linked to on the above page but you may miss it..

http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=39437

It sounds like a real nasty to me

 

Logfile of HijackThis v1.99.1
Scan saved at 22:54:27, on 04/02/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\XpertVision\TBPANEL.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\plscd.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\Mark\AppData\Local\Temp\Rar$EX00.672\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\RunServices: [dansbabys2ss] plscd.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [{9B71D88C-C598-4935-C5D1-43AA4DB90836}] C:\Windows\system32\win32GI\svchost.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

 

Oh great our very first Vista Highjack this log

I am no highjack this expert but with a quick parse the only dodgy entry is the one you have already identified ie plscd.exe

I would now try an on-line scan here and hope for the best..

http://uk.trendmicro-europe.com/housecall/v6.5/

 

A bit of info for you....

http://virusinfo.prevx.com/pxparall.asp?PXC=205210026651

hope it helps.

 

.....alas,i could hold on no longer,
backed up what little there was and done a clean reinstall.
i just wanted to say thanks to everyone who pointed me in the right way, the links you guys sent me has enlightened me regarding this malware, however im still at a loss as to how it got on my machine in the first place........
meditate on this i will !! !! !! :hhhmmm

s'pose its just one of (i dont want to know the true amount!!) a few holes MS will be plugging with the service pack due out for vista in a few months.

anyway, thanks again for helping me out......
CF then some more!!
keep it real homies
Mark

 

Don't be so quick to blame Vista... simply visiting an infected Web site will give you little bugaboos like that one, even without consenting to install anything. Glad to hear you got it all sorted out.