Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Machine...Need a perusal please


  • Please log in to reply
1 reply to this topic

#1 saylahv

saylahv

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 25 January 2009 - 10:45 PM

Thank you Experts!
Here's my step ONE from the bleepin' prep page... This computer ---w/expired virus definitions--- was infected and I've done my best to cure it. The lumbering boot might be a Mcafee issue.... and the stuttering DVD maybe be resolved with new RAM I've ordered....
But it is this BC forum where I find the MOST help, and I would SO appreciate your help with this...
DDS text below and the Attach one attached
THANK YOU!
--Virginia
Attached File  Attach.txt   8.41KB   24 downloads

DDS (Ver_09-01-19.01) - NTFSx86
Run by Holly Adair at 19:40:37.89 on Sun 01/25/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.225 [GMT -8:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\euuqw.exe
C:\WINDOWS\atiptaxx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
H:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://us.mc828.mail.yahoo.com/mc/welcome?.gx=1&.rand=9fp3v2fso4rnj
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [WCOLOREAL] "c:\program files\compaq\coloreal\coloreal.exe"
mRun: [Pmwluka] c:\windows\euuqw.exe
mRun: [ATIPTA] c:\windows\atiptaxx.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-us\local\search.html
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232183483656
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hollya~1\applic~1\mozilla\firefox\profiles\yra3bm0v.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - plugin: c:\documents and settings\holly adair\application data\mozilla\firefox\profiles\yra3bm0v.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-27 207656]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-1-17 605512]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-1-17 79240]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-1-17 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-1-17 40488]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R4 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-1-17 358736]
R4 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-1-17 144704]
R4 SVKP;SVKP;c:\windows\system32\SVKP.sys [2005-10-17 2368]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-1-17 34152]
S3 mgau;mgau;c:\windows\system32\drivers\mgaum.sys [2004-12-8 320384]
S4 msCMTSrvc;Content Monitoring Tool;c:\windows\system32\mscmtsrvc.exe --> c:\windows\system32\msCMTSrvc.exe [?]

=============== Created Last 30 ================

2009-01-25 16:29 42,165 a------- c:\windows\attenuxx.hlp
2009-01-25 16:29 22,658 a------- c:\windows\atfenuxx.hlp
2009-01-19 23:01 163,840 a------- c:\windows\system32\igfxres.dll
2009-01-19 22:20 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-01-17 17:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-01-17 16:47 399,360 a------- c:\windows\system32\dllcache\rpcss.dll
2009-01-17 16:41 <DIR> --d----- c:\program files\Panda Security
2009-01-17 15:21 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-01-17 14:25 250 a------- c:\windows\gmer.ini
2009-01-17 14:13 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-01-17 14:13 268,648 a------- c:\windows\system32\mucltui.dll
2009-01-17 11:35 <DIR> --d----- c:\docume~1\hollya~1\applic~1\Windows Search
2009-01-17 11:00 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-17 11:00 73,728 a------- c:\windows\system32\javacpl.cpl
2009-01-17 10:40 12,413 a------- c:\windows\system32\Config.MPF
2009-01-17 10:29 40,488 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-01-17 10:29 35,240 a------- c:\windows\system32\drivers\mfebopk.sys
2009-01-17 10:29 79,240 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-01-17 10:29 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2009-01-17 10:23 <DIR> --d----- c:\program files\common files\McAfee
2009-01-17 10:12 34,152 a------- c:\windows\system32\drivers\mferkdk.sys
2009-01-17 01:03 <DIR> --d----- c:\docume~1\hollya~1\applic~1\Windows Desktop Search
2009-01-17 01:02 <DIR> --d----- c:\windows\system32\GroupPolicy
2009-01-17 01:02 <DIR> --d----- c:\program files\Windows Desktop Search
2009-01-17 01:00 98,304 -c------ c:\windows\system32\dllcache\nlhtml.dll
2009-01-17 01:00 29,696 -c------ c:\windows\system32\dllcache\mimefilt.dll
2009-01-17 01:00 192,000 -c------ c:\windows\system32\dllcache\offfilt.dll
2009-01-17 00:14 1,119 a------- c:\windows\system32\win32hlp.cnf
2009-01-16 21:04 161,792 a------- c:\windows\SWREG.exe
2009-01-16 21:04 98,816 a------- c:\windows\sed.exe
2009-01-16 19:01 <DIR> --d----- c:\program files\Trend Micro
2009-01-16 18:39 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-01-16 18:39 <DIR> --d----- c:\docume~1\hollya~1\applic~1\SUPERAntiSpyware.com
2009-01-16 18:39 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-01-16 18:27 <DIR> --d----- c:\docume~1\hollya~1\applic~1\Malwarebytes
2009-01-16 18:27 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-16 18:27 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-16 18:27 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-16 18:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

==================== Find3M ====================

2009-01-17 10:53 155,648 a------- c:\windows\euuqw.exe
2008-12-11 02:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-02 06:05 118,656 a------- c:\windows\system32\drivers\Rtnicxp.sys
2008-11-27 11:47 10,240 a------- c:\windows\system32\RtNicProp32.dll
2008-11-10 08:21 77,607 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-02-29 07:58 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2004-04-09 22:22 180,416 a------- c:\docume~1\hollya~1\applic~1\GDIPFONTCACHEV1.DAT
2003-11-30 18:21 184,048 a------- c:\documents and settings\holly adair\ei-askbar-BUNDLEWARE.exe

============= FINISH: 19:42:02.79 ===============

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,462 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:23 AM

Posted 26 January 2009 - 11:04 AM

Download GMER Rootkit Scanner from here.
  • Extract the contents of the zipped file to the desktop.
  • Double click GMER.exe and if you are asked if you want to allow gmer.sys driver to load, please allow it to do so.
  • If it gives you a warning about rootkit activity and asks if you want to run scan, please click on NO.
  • In the right panel you will see several boxes that have been checked. Uncheck the following the following checkboxes:
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Now click on the Scan button and wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in ark.txt and save it to your desktop.
Then,


Please visit the following link and use the instructions there to post a ComboFix log as a reply to this topic:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

After running ComboFix, please post the ComboFix log and the ark.txt log as a reply to this




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users