Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DDS & Hijack this log


  • This topic is locked This topic is locked
7 replies to this topic

#1 MicheleBarr-Burkett

MicheleBarr-Burkett

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Gifford, PA
  • Local time:05:46 PM

Posted 12 January 2009 - 09:19 AM

My computer has gone all wonky on me! Totally slow and the screens flicker and the color is very pixelish (broken up)!?!
Can y'all check these out and give me a clue of what to do or how to fix it? Thanks a million in advance!

Here's my DDS log:

DDS (Ver_09-01-07.01) - NTFSx86
Run by Owner at 9:09:30.40 on Mon 01/12/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.385 [GMT -5:00]

AV: avast! antivirus 4.8.1290 [VPS 090111-1] *On-access scanning enabled* (Updated)
FW: Sunbelt Personal Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\SlipStream Web Accelerator\slipcore.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SlipStream Web Accelerator\slipgui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\spider.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5400
uInternet Settings,ProxyOverride = <local>;127.0.0.1:5400;*update.microsoft.com;*windowsupdate.com;download.microsoft.com;codecs.microsoft.com;activex.microsoft.com;liveupdate.symantecliveupdate.com;liveupdate.symantec.com;download.mcafee.com;*.phobos.apple.com;update.adobe.com;localhost
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: PBlockHelper Class: {4115122b-85ff-4dd3-9515-f075bede5eb5} - c:\program files\slipstream web accelerator\PBHelper.dll
BHO: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_07\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [SlipStream] "c:\program files\slipstream web accelerator\slipcore.exe"
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_07\bin\jusched.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pennsw~1.lnk - c:\program files\slipstream web accelerator\slipgui.exe
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNman000
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Show All Original Images - c:\program files\slipstream web accelerator\gui_resource.dll/327
IE: Show Original Image - c:\program files\slipstream web accelerator\gui_resource.dll/328
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_07\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: c:\progra~1\slipst~1\sliplsp.dll
TCP: {2AD7A51A-9BCF-42A2-AE01-5DC79CC546D4} = 69.72.74.11 69.72.74.3
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: igfxcui - igfxsrvc.dll
SEH: {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - No File
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-3-31 110160]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2007-4-26 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2007-4-26 72624]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2005-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2005-11-26 352920]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-3-31 20560]
R4 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2005-11-26 155160]
S3 ultradfg;ultradfg;c:\windows\system32\drivers\ultradfg.sys [2008-11-13 35840]
S4 mrtRate;mrtRate; [x]
S4 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe --> c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [?]
S4 SPF4;Sunbelt Personal Firewall 4;c:\program files\sunbelt software\personal firewall\kpf4ss.exe [2007-4-26 1234480]

=============== Created Last 30 ================

2009-01-07 14:55 <DIR> -cd----- c:\program files\Ratbag
2009-01-04 14:38 <DIR> -cd----- c:\windows\UltraDefrag
2008-12-30 13:21 250 ac------ c:\windows\7THLEVEL.INI
2008-12-30 12:41 <DIR> -cd----- c:\program files\GameSpy Arcade
2008-12-30 12:33 <DIR> -cd----- c:\program files\common files\AOL
2008-12-30 12:33 749 ac--h--- C:\IPH.PH
2008-12-30 12:33 <DIR> -cd-h--- C:\TEMP
2008-12-29 20:44 <DIR> -cd----- c:\program files\Yahoo!
2008-12-28 15:29 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-12-28 15:23 <DIR> -cd----- c:\docume~1\owner\applic~1\wsInspector
2008-12-28 15:21 <DIR> -cd----- c:\program files\Startup Inspector for Windows
2008-12-20 14:54 244 ac--h--- C:\sqmnoopt02.sqm
2008-12-20 14:54 232 ac--h--- C:\sqmdata02.sqm
2008-12-15 13:25 <DIR> -cd----- c:\program files\ReflexiveArcade

==================== Find3M ====================

2008-12-18 13:22 227,781 ac------ c:\windows\system32\drivers\fwdrv.err
2008-12-05 14:06 192,512 ac------ c:\windows\off-road-uninst.exe
2008-11-13 04:52 95,232 ac------ c:\windows\system32\ultradefrag.exe
2008-11-13 04:52 12,288 ac------ c:\windows\system32\defrag_native.exe
2008-11-13 04:52 7,680 ac------ c:\windows\system32\udefrag-gui.exe
2008-11-13 04:52 7,680 ac------ c:\windows\system32\bootexctrl.exe
2008-11-13 04:52 200,704 ac------ c:\windows\system32\lua5.1a.dll
2008-11-13 04:52 16,384 ac------ c:\windows\system32\lua5.1a_gui.exe
2008-11-13 04:52 13,824 ac------ c:\windows\system32\lua5.1a.exe
2008-11-13 04:52 9,728 ac------ c:\windows\system32\udefrag.exe
2008-11-13 04:52 10,752 ac------ c:\windows\system32\udefrag.dll
2008-11-13 04:52 24,064 ac------ c:\windows\system32\zenwinx.dll
2008-10-23 07:36 286,720 ac------ c:\windows\system32\gdi32.dll
2008-10-16 15:38 826,368 ac------ c:\windows\system32\wininet.dll
2008-03-31 13:19 5,085,212 ac------ c:\program files\core.zip
2006-02-02 11:46 411,557 -c-sh--- c:\windows\system32\bdeeg.ini2

============= FINISH: 9:11:11.70 ===============


Here is my Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:17:44 AM, on 1/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\SlipStream Web Accelerator\slipcore.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SlipStream Web Accelerator\slipgui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\spider.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\SlipStream Web Accelerator\PBHelper.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\SlipStream Web Accelerator\slipcore.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Pennswoods.net Web Accelerator.lnk = C:\Program Files\SlipStream Web Accelerator\slipgui.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNman000
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\SlipStream Web Accelerator\gui_resource.dll/327
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\SlipStream Web Accelerator\gui_resource.dll/328
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AD7A51A-9BCF-42A2-AE01-5DC79CC546D4}: NameServer = 69.72.74.11 69.72.74.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{2AD7A51A-9BCF-42A2-AE01-5DC79CC546D4}: NameServer = 69.72.74.11 69.72.74.3
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 10314 bytes

BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 PM

Posted 26 January 2009 - 03:26 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Download and Run DDS
If you already have a copy of DDS, there is no need to download a new one.

Download DDS by sUBs from any of the links below:
DDS.com, DDS.scr, DDS.pif

Double click its icon to run it. If you are using Windows Vista, right click it and select "Run as Administrator".
When the scan is finished, two logs will open.
Post DDS.txt directly into your reply. Attach Attach.txt.

Please tell me what changes have been made to the computer since your topic was started. Also give me an update on any symptoms.

With Regards,
The Panda

#3 MicheleBarr-Burkett

MicheleBarr-Burkett
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Gifford, PA
  • Local time:05:46 PM

Posted 27 January 2009 - 09:04 AM

Here is the DDS log. I had to do a system restore point yesterday coz all of my cleaners wouldn't work. They would start then close themselves down with no error message popups. The graphics are still a mess. Hope this helps. Hope to hear from you soon.

Thanks,
BooBooswife


DDS (Ver_09-01-07.01) - NTFSx86
Run by Owner at 8:56:17.68 on Tue 01/27/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.264 [GMT -5:00]

AV: avast! antivirus 4.8.1290 [VPS 090127-0] *On-access scanning enabled* (Updated)
FW: Sunbelt Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\SlipStream Web Accelerator\slipcore.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SlipStream Web Accelerator\slipgui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\spider.exe
C:\Documents and Settings\Owner\Desktop\HTJ\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5400
uInternet Settings,ProxyOverride = <local>;127.0.0.1:5400;*update.microsoft.com;*windowsupdate.com;download.microsoft.com;codecs.microsoft.com;activex.microsoft.com;liveupdate.symantecliveupdate.com;liveupdate.symantec.com;download.mcafee.com;*.phobos.apple.com;update.adobe.com;localhost
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: PBlockHelper Class: {4115122b-85ff-4dd3-9515-f075bede5eb5} - c:\program files\slipstream web accelerator\PBHelper.dll
BHO: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_07\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [SlipStream] "c:\program files\slipstream web accelerator\slipcore.exe"
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_07\bin\jusched.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pennsw~1.lnk - c:\program files\slipstream web accelerator\slipgui.exe
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNman000
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Show All Original Images - c:\program files\slipstream web accelerator\gui_resource.dll/327
IE: Show Original Image - c:\program files\slipstream web accelerator\gui_resource.dll/328
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_07\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: c:\progra~1\slipst~1\sliplsp.dll
TCP: {2AD7A51A-9BCF-42A2-AE01-5DC79CC546D4} = 69.72.74.11 69.72.74.3
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: igfxcui - igfxsrvc.dll
SEH: {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - No File
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-3-31 110160]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2007-4-26 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2007-4-26 72624]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2005-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2005-11-26 352920]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-3-31 20560]
R4 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2005-11-26 155160]
R4 SPF4;Sunbelt Personal Firewall 4;c:\program files\sunbelt software\personal firewall\kpf4ss.exe [2007-4-26 1234480]
S4 mrtRate;mrtRate; [x]
S4 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe --> c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [?]

=============== Created Last 30 ================

2009-01-07 14:55 <DIR> -cd----- c:\program files\Ratbag
2009-01-04 14:38 <DIR> -cd----- c:\windows\UltraDefrag
2008-12-30 13:21 250 ac------ c:\windows\7THLEVEL.INI
2008-12-30 12:41 <DIR> -cd----- c:\program files\GameSpy Arcade
2008-12-30 12:33 <DIR> -cd----- c:\program files\common files\AOL
2008-12-30 12:33 749 ac--h--- C:\IPH.PH
2008-12-30 12:33 <DIR> -cd-h--- C:\TEMP
2008-12-29 20:44 <DIR> -cd----- c:\program files\Yahoo!
2008-12-28 15:29 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-12-28 15:23 <DIR> -cd----- c:\docume~1\owner\applic~1\wsInspector
2008-12-28 15:21 <DIR> -cd----- c:\program files\Startup Inspector for Windows

==================== Find3M ====================

2009-01-22 09:12 228,009 ac------ c:\windows\system32\drivers\fwdrv.err
2008-12-11 05:57 333,952 ac------ c:\windows\system32\drivers\srv.sys
2008-12-05 14:06 192,512 ac------ c:\windows\off-road-uninst.exe
2008-03-31 13:19 5,085,212 ac------ c:\program files\core.zip
2006-02-02 11:46 411,557 -c-sh--- c:\windows\system32\bdeeg.ini2

============= FINISH: 8:57:58.73 ===============

#4 MicheleBarr-Burkett

MicheleBarr-Burkett
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Gifford, PA
  • Local time:05:46 PM

Posted 27 January 2009 - 09:05 AM

Sorry.....forgot to post the Attach.txt.



DDS (Ver_09-01-07.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 10/21/2005 9:17:25 PM
System Uptime: 1/27/2009 8:22:18 AM (0 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | Gamila/Giovani/Neon series
Processor: Intel® Celeron® CPU 2.66GHz | Socket 478 | 2666/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 70 GiB total, 51.546 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 0.69 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP248: 11/12/2008 4:18:50 PM - Installed Windows XP KB953356.
RP249: 11/13/2008 5:00:19 AM - Software Distribution Service 3.0
RP250: 11/16/2008 8:13:55 AM - System Checkpoint
RP251: 11/18/2008 1:42:19 AM - System Checkpoint
RP252: 11/19/2008 4:13:27 PM - Installation
RP253: 11/19/2008 4:14:20 PM - Installation
RP254: 11/19/2008 4:16:10 PM - Installation
RP255: 11/19/2008 4:16:16 PM - Installation
RP256: 11/19/2008 4:16:57 PM - Installation
RP257: 11/19/2008 4:17:48 PM - Installation
RP258: 11/21/2008 10:28:07 AM - System Checkpoint
RP259: 11/23/2008 12:32:31 AM - System Checkpoint
RP260: 11/30/2008 6:46:49 PM -
RP261: 11/30/2008 6:56:55 PM -
RP262: 12/1/2008 11:16:13 AM - Shockwave Player
RP263: 12/3/2008 5:29:38 PM - System Checkpoint
RP264: 12/5/2008 10:31:22 AM - System Checkpoint
RP265: 12/7/2008 12:14:03 PM - System Checkpoint
RP266: 12/9/2008 3:58:44 PM - System Checkpoint
RP267: 12/10/2008 3:46:56 AM - Software Distribution Service 3.0
RP268: 12/10/2008 6:58:10 AM - Software Distribution Service 3.0
RP269: 12/11/2008 3:22:59 AM - Software Distribution Service 3.0
RP270: 12/11/2008 6:50:32 AM - Software Distribution Service 3.0
RP271: 12/11/2008 3:58:59 PM - Software Distribution Service 3.0
RP272: 12/12/2008 1:52:19 AM - Software Distribution Service 3.0
RP273: 12/12/2008 7:29:28 AM - Software Distribution Service 3.0
RP274: 12/13/2008 11:05:20 AM - System Checkpoint
RP275: 12/15/2008 7:32:59 PM - System Checkpoint
RP276: 12/17/2008 12:40:43 PM - System Checkpoint
RP277: 12/18/2008 12:45:29 PM - Software Distribution Service 3.0
RP278: 12/22/2008 10:22:01 AM - System Checkpoint
RP279: 12/23/2008 4:54:21 PM - System Checkpoint
RP280: 12/24/2008 9:52:02 PM - System Checkpoint
RP281: 12/28/2008 2:43:28 PM - System Checkpoint
RP282: 12/28/2008 2:57:27 PM - Removed Microsoft Office Standard Edition 2003
RP283: 12/29/2008 3:41:34 PM - Installed Clifford Phonics
RP284: 12/30/2008 12:38:45 PM - Installed Dirt Track Racing 2 Demo
RP285: 12/30/2008 12:44:10 PM - Installed Need For Speed Hot Pursuit 2 Demo
RP286: 1/1/2009 12:29:32 PM - Removed Dirt Track Racing 2 Demo
RP287: 1/2/2009 2:46:08 PM - System Checkpoint
RP288: 1/3/2009 9:12:29 PM - System Checkpoint
RP289: 1/6/2009 10:17:24 AM - System Checkpoint
RP290: 1/7/2009 10:54:38 AM - System Checkpoint
RP291: 1/7/2009 12:03:14 PM - Removed Microsoft Office Standard Edition 2003
RP292: 1/13/2009 8:26:31 AM - System Checkpoint
RP293: 1/15/2009 2:37:40 AM - Software Distribution Service 3.0
RP294: 1/20/2009 4:58:13 PM - System Checkpoint
RP295: 1/21/2009 8:09:09 PM - System Checkpoint
RP296: 1/23/2009 12:29:57 PM - System Checkpoint
RP297: 1/26/2009 2:40:08 PM - System Checkpoint
RP298: 1/26/2009 3:39:36 PM - Restore Operation

==== Installed Programs ======================


Abexo Free Registry Cleaner
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Reader 6.0.1
Adobe Shockwave Player 11
Agere Systems PCI Soft Modem
AOL Connectivity Services
avast! Antivirus
CCleaner (remove only)
CDex extraction audio
CleanUp!
Clifford Phonics
Compaq Connections
Compaq Instant Support
Compaq Organize
Dirt Track Racing
Dirt Track Racing - Sprint Cars
Diskeeper Lite
Easy Internet Sign-up
GameSpy Arcade
Google Toolbar for Internet Explorer
Happyland Adventures - Xmas Edition v1.3
Harry's Filters 3.01
HijackThis 2.0.2
Hot Shots Djali Bowling
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format SDK (KB902344)
HP Deskjet 3740
HP Deskjet 3740 Series
HP Software Update
HpSdpAppCoreApp
Intel® Extreme Graphics Driver
InterActual Player
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
J2SE Runtime Environment 5.0 Update 7
KBD
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Monster Truck Madness 2 Trial
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Works 7.0
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Need For Speed Hot Pursuit 2 Demo
Off Road Arena
Offroad Arena
P.I.E. Patch
PC Pitstop Driver Alert 1.0.0.13
Pennswoods.net Web Accelerator
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
RealOne Player
Realtek AC'97 Audio
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB941569)
Sunbelt Personal Firewall
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Service Pack 3
WinMX
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

1/22/2009 5:47:25 AM, error: Service Control Manager [7000] - The My Web Search Service service failed to start due to the following error: The system cannot find the path specified.
1/22/2009 5:47:25 AM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

#5 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 PM

Posted 27 January 2009 - 11:48 AM

Hello.

From that log, there does not appear to be an infection except a leftover component of an adware. There is a file that I would like to take a look at though.

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.

Download and Run OTMoveIT
  • Please download OTMoveIt3 by OldTimer to your desktop. If you have already used the program, there is no need to download a new one.
  • Double-click OTMoveIt3.exe to run it. If you are running on Vista, right click on the file and choose Run As Administrator.
  • Copy the lines in the codebox below. Do not copy the word "code".
    :services
    MyWebSearchService
    
    :files
    c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe
  • Return to OTMoveIt3, right click in the Paste List Of Files/Patterns To Move window (under the yellow bar) and choose Paste.
  • Close all open windows expect OTMoveIt.
  • Click the Posted Image button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3.
Note: If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key. Navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest ".log" file present, and copy/paste the contents of that document back here in your next post.

Submit File to Online Scanner
There is an unidentified file that I would like you to check out for me using Jotti/VirusTotal.
  • Click Submit.
  • Wait for the scan to finish.
  • Copy Scanner Results into your next reply.
  • If more than one file was listed, repeat for each of them.
Update Java to Version 6 Update 11
Your current version of Java is outdated. Malware creators can exploit the lesser security of older versions. Please uninstall your current version through Add/Remove Programs. Remove all instances of Java, J2SE Runtime, Java Runtime, and Java Runtime Environment. Restart your computer after uninstalling.

Please download the installer for Windows.32, here. Follow the prompts to install and delete the install after use.

Please post back with:
-the OTMoveIt log
-the Jotti scan results
-a new DDS.txt log

With Regards,
The Panda

#6 MicheleBarr-Burkett

MicheleBarr-Burkett
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Gifford, PA
  • Local time:05:46 PM

Posted 29 January 2009 - 09:27 AM

Here's all the info you asked for. Hope this helps.

-the OTMoveIt log

========== SERVICES/DRIVERS ==========
Unable to stop service MyWebSearchService .
========== FILES ==========
File/Folder c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe not found.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01272009_122610



-VirusTotal Scan:
File core.zip received on 01.29.2009 15:08:22 (CET)

Antivirus Version Last Update Result
a-squared 4.0.0.93 2009.01.29 -
AhnLab-V3 5.0.0.2 2009.01.29 -
AntiVir 7.9.0.60 2009.01.29 -
Authentium 5.1.0.4 2009.01.28 -
Avast 4.8.1281.0 2009.01.28 -
AVG 8.0.0.229 2009.01.29 -
BitDefender 7.2 2009.01.29 -
CAT-QuickHeal 10.00 2009.01.29 -
ClamAV 0.94.1 2009.01.29 -
Comodo 952 2009.01.29 -
DrWeb 4.44.0.09170 2009.01.29 -
eSafe 7.0.17.0 2009.01.28 -
eTrust-Vet 31.6.6334 2009.01.29 -
F-Prot 4.4.4.56 2009.01.28 -
F-Secure 8.0.14470.0 2009.01.29 -
Fortinet 3.117.0.0 2009.01.29 -
GData 19 2009.01.29 -
Ikarus T3.1.1.45.0 2009.01.29 -
K7AntiVirus 7.10.608 2009.01.28 -
Kaspersky 7.0.0.125 2009.01.29 -
McAfee 5509 2009.01.28 -
McAfee+Artemis 5509 2009.01.28 -
Microsoft 1.4205 2009.01.29 -
NOD32 3811 2009.01.29 -
Norman 6.00.02 2009.01.29 -
nProtect 2009.1.8.0 2009.01.29 -
Panda 9.5.1.2 2009.01.29 -
PCTools 4.4.2.0 2009.01.29 -
Prevx1 V2 2009.01.29 -
Rising 21.13.42.00 2009.01.23 -
SecureWeb-Gateway 6.7.6 2009.01.29 -
Sophos 4.38.0 2009.01.29 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.29 -
TheHacker 6.3.1.5.231 2009.01.29 -
TrendMicro 8.700.0.1004 2009.01.29 -
VBA32 3.12.8.11 2009.01.29 -
ViRobot 2009.1.29.1580 2009.01.29 -
VirusBuster 4.5.11.0 2009.01.28 -

Additional information
File size: 5085212 bytes
MD5...: 37c64a0515474c12335a5fdeb1c2a0da
SHA1..: c935a71d810ea8277b05670fc978aef30ee69559
SHA256: 7724d06c870b54946d80aefde085108e0c1702106c76419ada1b4864d5e8c045
SHA512: 7ac711c5f6e894c4187ed771db6bcb4ec14980c46a0ad147599f70d71cc4e3a7<BR>7b5a5b5759c1bea704b52ca2933dfe54b8a59194413dbdd45d0255c3b45b9d61<BR>
ssdeep: 98304:sBzZImcUuU3VZukdRBmjbnQpzH7zRYsqEVYG134r//:OGS+kdR8j0pzb8E<BR>wb<BR>
PEiD..: -
TrID..: File type identification<BR>ZIP compressed archive (100.0%)
PEInfo: -
packers (F-Prot): ARJ

-a new DDS.txt log
DDS (Ver_09-01-07.01) - NTFSx86
Run by Owner at 9:20:32.96 on Thu 01/29/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.369 [GMT -5:00]

AV: avast! antivirus 4.8.1290 [VPS 090128-0] *On-access scanning enabled* (Updated)
FW: Sunbelt Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\SlipStream Web Accelerator\slipcore.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SlipStream Web Accelerator\slipgui.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\spider.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Documents and Settings\Owner\Desktop\HTJ\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5400
uInternet Settings,ProxyOverride = <local>;127.0.0.1:5400;*update.microsoft.com;*windowsupdate.com;download.microsoft.com;codecs.microsoft.com;activex.microsoft.com;liveupdate.symantecliveupdate.com;liveupdate.symantec.com;download.mcafee.com;*.phobos.apple.com;update.adobe.com;localhost
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: PBlockHelper Class: {4115122b-85ff-4dd3-9515-f075bede5eb5} - c:\program files\slipstream web accelerator\PBHelper.dll
BHO: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - No File
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [SlipStream] "c:\program files\slipstream web accelerator\slipcore.exe"
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pennsw~1.lnk - c:\program files\slipstream web accelerator\slipgui.exe
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNman000
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Show All Original Images - c:\program files\slipstream web accelerator\gui_resource.dll/327
IE: Show Original Image - c:\program files\slipstream web accelerator\gui_resource.dll/328
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: c:\progra~1\slipst~1\sliplsp.dll
TCP: {2AD7A51A-9BCF-42A2-AE01-5DC79CC546D4} = 69.72.74.11 69.72.74.3
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: igfxcui - igfxsrvc.dll
SEH: {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - No File
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-3-31 110160]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2007-4-26 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2007-4-26 72624]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2005-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2005-11-26 352920]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-3-31 20560]
R4 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2005-11-26 155160]
R4 SPF4;Sunbelt Personal Firewall 4;c:\program files\sunbelt software\personal firewall\kpf4ss.exe [2007-4-26 1234480]
S4 mrtRate;mrtRate; [x]
S4 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe --> c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [?]

=============== Created Last 30 ================

2009-01-27 12:24 <DIR> -cd----- C:\_OTMoveIt
2009-01-07 14:55 <DIR> -cd----- c:\program files\Ratbag
2009-01-04 14:38 <DIR> -cd----- c:\windows\UltraDefrag
2008-12-30 13:21 250 ac------ c:\windows\7THLEVEL.INI
2008-12-30 12:41 <DIR> -cd----- c:\program files\GameSpy Arcade
2008-12-30 12:33 <DIR> -cd----- c:\program files\common files\AOL
2008-12-30 12:33 749 ac--h--- C:\IPH.PH
2008-12-30 12:33 <DIR> -cd-h--- C:\TEMP

==================== Find3M ====================

2009-01-22 09:12 228,009 ac------ c:\windows\system32\drivers\fwdrv.err
2008-12-11 05:57 333,952 ac------ c:\windows\system32\drivers\srv.sys
2008-12-05 14:06 192,512 ac------ c:\windows\off-road-uninst.exe
2008-03-31 13:19 5,085,212 ac------ c:\program files\core.zip
2006-02-02 11:46 411,557 -c-sh--- c:\windows\system32\bdeeg.ini2

============= FINISH: 9:22:06.81 ===============




DDS (Ver_09-01-07.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 10/21/2005 9:17:25 PM
System Uptime: 1/29/2009 8:20:37 AM (1 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | Gamila/Giovani/Neon series
Processor: Intel® Celeron® CPU 2.66GHz | Socket 478 | 2666/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 70 GiB total, 51.428 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 0.689 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP248: 11/12/2008 4:18:50 PM - Installed Windows XP KB953356.
RP249: 11/13/2008 5:00:19 AM - Software Distribution Service 3.0
RP250: 11/16/2008 8:13:55 AM - System Checkpoint
RP251: 11/18/2008 1:42:19 AM - System Checkpoint
RP252: 11/19/2008 4:13:27 PM - Installation
RP253: 11/19/2008 4:14:20 PM - Installation
RP254: 11/19/2008 4:16:10 PM - Installation
RP255: 11/19/2008 4:16:16 PM - Installation
RP256: 11/19/2008 4:16:57 PM - Installation
RP257: 11/19/2008 4:17:48 PM - Installation
RP258: 11/21/2008 10:28:07 AM - System Checkpoint
RP259: 11/23/2008 12:32:31 AM - System Checkpoint
RP260: 11/30/2008 6:46:49 PM -
RP261: 11/30/2008 6:56:55 PM -
RP262: 12/1/2008 11:16:13 AM - Shockwave Player
RP263: 12/3/2008 5:29:38 PM - System Checkpoint
RP264: 12/5/2008 10:31:22 AM - System Checkpoint
RP265: 12/7/2008 12:14:03 PM - System Checkpoint
RP266: 12/9/2008 3:58:44 PM - System Checkpoint
RP267: 12/10/2008 3:46:56 AM - Software Distribution Service 3.0
RP268: 12/10/2008 6:58:10 AM - Software Distribution Service 3.0
RP269: 12/11/2008 3:22:59 AM - Software Distribution Service 3.0
RP270: 12/11/2008 6:50:32 AM - Software Distribution Service 3.0
RP271: 12/11/2008 3:58:59 PM - Software Distribution Service 3.0
RP272: 12/12/2008 1:52:19 AM - Software Distribution Service 3.0
RP273: 12/12/2008 7:29:28 AM - Software Distribution Service 3.0
RP274: 12/13/2008 11:05:20 AM - System Checkpoint
RP275: 12/15/2008 7:32:59 PM - System Checkpoint
RP276: 12/17/2008 12:40:43 PM - System Checkpoint
RP277: 12/18/2008 12:45:29 PM - Software Distribution Service 3.0
RP278: 12/22/2008 10:22:01 AM - System Checkpoint
RP279: 12/23/2008 4:54:21 PM - System Checkpoint
RP280: 12/24/2008 9:52:02 PM - System Checkpoint
RP281: 12/28/2008 2:43:28 PM - System Checkpoint
RP282: 12/28/2008 2:57:27 PM - Removed Microsoft Office Standard Edition 2003
RP283: 12/29/2008 3:41:34 PM - Installed Clifford Phonics
RP284: 12/30/2008 12:38:45 PM - Installed Dirt Track Racing 2 Demo
RP285: 12/30/2008 12:44:10 PM - Installed Need For Speed Hot Pursuit 2 Demo
RP286: 1/1/2009 12:29:32 PM - Removed Dirt Track Racing 2 Demo
RP287: 1/2/2009 2:46:08 PM - System Checkpoint
RP288: 1/3/2009 9:12:29 PM - System Checkpoint
RP289: 1/6/2009 10:17:24 AM - System Checkpoint
RP290: 1/7/2009 10:54:38 AM - System Checkpoint
RP291: 1/7/2009 12:03:14 PM - Removed Microsoft Office Standard Edition 2003
RP292: 1/13/2009 8:26:31 AM - System Checkpoint
RP293: 1/15/2009 2:37:40 AM - Software Distribution Service 3.0
RP294: 1/20/2009 4:58:13 PM - System Checkpoint
RP295: 1/21/2009 8:09:09 PM - System Checkpoint
RP296: 1/23/2009 12:29:57 PM - System Checkpoint
RP297: 1/26/2009 2:40:08 PM - System Checkpoint
RP298: 1/26/2009 3:39:36 PM - Restore Operation
RP299: 1/27/2009 12:33:49 PM - Removed J2SE Runtime Environment 5.0 Update 7

==== Installed Programs ======================


Abexo Free Registry Cleaner
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Reader 6.0.1
Adobe Shockwave Player 11
Agere Systems PCI Soft Modem
AOL Connectivity Services
avast! Antivirus
CCleaner (remove only)
CDex extraction audio
CleanUp!
Clifford Phonics
Compaq Connections
Compaq Instant Support
Compaq Organize
Dirt Track Racing
Dirt Track Racing - Sprint Cars
Diskeeper Lite
Easy Internet Sign-up
ERUNT 1.1j
GameSpy Arcade
Google Toolbar for Internet Explorer
Happyland Adventures - Xmas Edition v1.3
Harry's Filters 3.01
HijackThis 2.0.2
Hot Shots Djali Bowling
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format SDK (KB902344)
HP Deskjet 3740
HP Deskjet 3740 Series
HP Software Update
HpSdpAppCoreApp
Intel® Extreme Graphics Driver
InterActual Player
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
J2SE Runtime Environment 5.0 Update 7
KBD
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Monster Truck Madness 2 Trial
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Works 7.0
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Need For Speed Hot Pursuit 2 Demo
Off Road Arena
Offroad Arena
P.I.E. Patch
PC Pitstop Driver Alert 1.0.0.13
Pennswoods.net Web Accelerator
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
RealOne Player
Realtek AC'97 Audio
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB941569)
Sunbelt Personal Firewall
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Service Pack 3
WinMX
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

1/26/2009 4:26:45 PM, error: Service Control Manager [7000] - The My Web Search Service service failed to start due to the following error: The system cannot find the path specified.
1/26/2009 4:26:45 PM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
1/26/2009 5:31:26 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AOL Connectivity Service service to connect.
1/26/2009 5:31:26 PM, error: Service Control Manager [7000] - The AOL Connectivity Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/26/2009 5:31:26 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Diskeeper service to connect.
1/26/2009 5:31:26 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Sunbelt Personal Firewall 4 service to connect.
1/26/2009 5:31:26 PM, error: Service Control Manager [7000] - The Sunbelt Personal Firewall 4 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/26/2009 5:31:26 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Mail Scanner service to connect.
1/26/2009 5:31:26 PM, error: Service Control Manager [7000] - The avast! Mail Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/26/2009 5:31:26 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.
1/26/2009 5:31:26 PM, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/27/2009 12:34:29 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

==== End Of File ===========================

#7 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 PM

Posted 29 January 2009 - 11:26 AM

Hello.

Let's update your Java.

Update Java to Version 6 Update 11
Your current version of Java is outdated. Malware creators can exploit the lesser security of older versions. Please uninstall your current version through Add/Remove Programs. Remove all instances of Java, J2SE Runtime, Java Runtime, and Java Runtime Environment. Restart your computer after uninstalling.

Please download the installer for Windows.32, here. Follow the prompts to install and delete the install after use.

This issue does not appear to be caused by malware. You may want to start a topic in the Windows XP forum.

With Regards,
The Panda

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 PM

Posted 07 February 2009 - 10:39 AM

Hello.

There had been no reply from the topic starter in 5 days. Due to inactivity, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users