Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Evaluation of DDS log, possible connection to computer malfunction?


  • This topic is locked This topic is locked
6 replies to this topic

#1 Jarquafelmu

Jarquafelmu

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Santa Maria, CA
  • Local time:01:24 AM

Posted 28 June 2009 - 01:39 AM

Hi guys, my problem is:

Recently when I boot up my computer sometimes the XP loading splash will go through the loading sequence but then after the computer will just seem to hang on a blank screen.

I have tried to boot to safe mode to see if I could get through this hang, but it would stop after the file I think "MUP.something" it might have been a SYS or it might have been an exe, not 100% sure at the moment. It seems to be related to the computer failing a normal shutdown. If for any reason the computer does not go through its normal shutdown sequence this will happen. It happened the first time a few days ago, Im not sure what I might have done before that. When it hangs, I give it a while, but then I am forced to manually reset it by holding in the power button. If I try to boot it back up, then it hangs again. However, if I leave it alone for a few hours then it sometimes works again. When I shut it down the right way, then it came back up fine after that. Yesterday my computer was shutdown because of a power outage, and again the blank screen happened. It persisted for a while, until it seemingly sorted itself out and decided to load the user screen.

I have tried restoring to last best settings, and that doesn't seem to help. I am not sure if this could be a sign of my HDD failing, or if something more sinister is at work. I do moderate IT work around in my area, but this is getting beyond me because its not letting me affect it at all. I ran an avast scan and it got rid of a Win32 worm. I knew I should have wrote the name down but I didn't.

I did a DDS scan, wanting to know if there is anything in there that jumps out at you guys for the reason behind this weird behavior.

So, I was reading the attach portion of the and this really jumped at me:

6/24/2009 3:01:14 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the 

following update with error 0x80070643: Update to .NET Framework 3.5 Service Pack 1 for the .NET Framework 

Assistant 1.0 x86 (KB963707).

That is about the day that all of this started happening. I thought I would throw that out there as a possible cause. Here is the DDS log, and I am standing by to attach the rest of the attach log. Thanks for the help guys!


DDS (Ver_09-06-26.01) - NTFSx86
Run by Sam at 23:17:24.99 on Sat 06/27/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.616 [GMT -7:00]

AV: avast! antivirus 4.8.1296 [VPS 090627-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
D:\Program Files\MATCO\BuzzSawService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\PC Magazine Utilities\Startup Cop Pro\StartupCopPro.exe
D:\wamp\wampmanager.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
d:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
D:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
d:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Documents and Settings\Sam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Sam\Desktop\Downloads\Sims 2\dds.pif

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [Startup Cop Pro Startup Launcher] d:\program files\pc magazine utilities\startup cop pro\StartupCopPro.exe /startup
uRun: [wampmanager.exe] d:\wamp\wampmanager.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Ask and Record FLV Service] "c:\program files\ask & record toolbar\FLVSrvc.exe" /run
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
IE: E&xport to Microsoft Excel - d:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.DLL
Notify: WBSrv - c:\progra~1\stardock\object~1\window~1\wbsrv.dll
AppInit_DLLs: wbsys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,zpasspc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sam\applic~1\mozilla\firefox\profiles\yh9mkzyt.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com | www.facebook.com | https://web.byui.edu/services/Login/?Redire...ui.edu/exchange
FF - plugin: c:\documents and settings\sam\application data\mozilla\firefox\profiles\yh9mkzyt.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\sam\application

data\mozilla\firefox\profiles\yh9mkzyt.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\sam\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\sam\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: d:\program files\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: d:\program files\divx\divx web player\npdivx32.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation

foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-8-17 111184]
R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2009-1-13 72992]
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\SASDIFSV.SYS [2008-9-3 9968]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2008-9-3 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-8-17 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-8-17 155160]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\blue coat k9 web protection\k9filter.exe [2009-1-13 1078560]
R2 Buzzsaw_Defragmentation;Buzzsaw_Defragmentation;d:\program files\matco\BuzzSawService.exe [2007-7-23 327680]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-9-5 24652]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-8-17 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-8-17 352920]
S3 cdiskdun;cdiskdun;\??\c:\docume~1\sam\locals~1\temp\cdiskdun.sys --> c:\docume~1\sam\locals~1\temp\cdiskdun.sys [?]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-6-18 66048]
S3 SASENUM;SASENUM;d:\program files\superantispyware\SASENUM.SYS [2008-9-3 7408]

=============== Created Last 30 ================

2009-06-26 22:30 14,592 ac------ c:\windows\system32\dllcache\kbdhid.sys
2009-06-26 22:30 14,592 a------- c:\windows\system32\drivers\kbdhid.sys
2009-06-17 23:05 <DIR> --d----- c:\docume~1\sam\applic~1\IObit
2009-06-17 22:55 <DIR> --d----- c:\program files\Blue Coat K9 Web Protection
2009-06-14 17:56 <DIR> --d----- c:\program files\ViGlance
2009-06-11 15:29 41,808 a------- c:\windows\system32\xfcodec.dll
2009-06-11 09:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Firefly Studios
2009-06-09 14:15 <DIR> --d----- c:\docume~1\sam\applic~1\Bit9
2009-06-09 14:05 <DIR> --d----- c:\docume~1\sam\applic~1\ColorSchemer
2009-06-09 14:05 1,706,800 a------- c:\windows\system32\gdiplus.dll
2009-06-09 14:05 303,104 a------- c:\windows\system32\lcms.dll
2009-06-09 07:18 <DIR> --d----- c:\documents and settings\sam\.netbeans
2009-06-09 07:18 <DIR> --d----- c:\documents and settings\sam\.netbeans-registration
2009-06-09 07:16 <DIR> --d----- c:\documents and settings\sam\.nbi
2009-06-07 22:20 <DIR> --d----- c:\docume~1\sam\applic~1\Malwarebytes
2009-06-07 22:20 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-07 22:20 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-07 22:20 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-07 22:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-07 16:10 <DIR> --d----- c:\program files\Trend Micro
2009-06-07 15:54 36,864 a------- c:\windows\system32\MD5.ocx
2009-06-07 15:54 <DIR> --d----- c:\program files\XP_Key_Changer
2009-06-06 11:05 17,664 ac------ c:\windows\system32\dllcache\sermouse.sys
2009-06-06 11:05 17,664 a------- c:\windows\system32\drivers\sermouse.sys
2009-06-06 11:03 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-05-29 21:12 <DIR> --d----- c:\program files\Zero G Registry

==================== Find3M ====================

2009-06-11 08:46 3,532 a------- C:\drmHeader.bin
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-01 14:02 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-05-01 14:02 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-05-01 14:02 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-05-01 14:02 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-05-01 14:02 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-05-01 14:02 685,056 a------- c:\windows\system32\DivX.dll
2009-04-28 21:46 666,624 a------- c:\windows\system32\wininet.dll
2009-04-28 21:46 81,920 a------- c:\windows\system32\ieencode.dll
2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 13:25 129,784 -------- c:\windows\system32\pxafs.dll
2009-04-15 13:25 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-04-15 13:25 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-04-15 13:24 90,112 a------- c:\windows\system32\dpl100.dll
2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2008-09-17 08:13 700 a------- c:\program files\INSTALL.LOG
2003-12-18 11:33 20,102 a------- c:\program files\Readme.txt
2003-09-03 07:46 10,960 a------- c:\program files\EULA.txt

============= FINISH: 23:18:08.13 ===============
--
If you don't have honor what do you have?
"Too early old, too late smart" - Indian Proverb.

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,114 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:24 PM

Posted 02 July 2009 - 04:31 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Jarquafelmu

Jarquafelmu
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Santa Maria, CA
  • Local time:01:24 AM

Posted 02 July 2009 - 08:30 AM

Hi Guys, thanks for the reply. Today I was backing up what I wanted on my system for a Reformat/Reload. I thought I would check back here like I do every day, and you guys were looking :thumbup2:. Thanks. Anyways, here is my new DDS, Im very interested if we can find a solution to this. Again, the attach.txt is very interesting in the Event viewer section. It just screams "hey look at me! I am the problem!!!" But... I'll defer to your guy's judgment and hold off posting it till you guys ask. Thanks again!


DDS (Ver_09-06-26.01) - NTFSx86
Run by Sam at 6:23:23.34 on Thu 07/02/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.466 [GMT -7:00]

AV: avast! antivirus 4.8.1296 [VPS 090701-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
svchost.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
D:\Program Files\Driver Checker\DriverChecker.exe
D:\Program Files\Winamp\winamp.exe
D:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sam\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Sam\Desktop\Downloads\Sims 2\dds.pif

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Ask and Record FLV Service] "c:\program files\ask & record toolbar\FLVSrvc.exe" /run
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
IE: E&xport to Microsoft Excel - d:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,zpasspc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sam\applic~1\mozilla\firefox\profiles\yh9mkzyt.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com | www.facebook.com | https://web.byui.edu/services/Login/?Redire...ui.edu/exchange
FF - plugin: c:\documents and settings\sam\application data\mozilla\firefox\profiles\yh9mkzyt.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\sam\application data\mozilla\firefox\profiles\yh9mkzyt.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\sam\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\sam\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: d:\program files\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: d:\program files\divx\divx web player\npdivx32.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-8-17 111184]
R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2009-1-13 72992]
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\SASDIFSV.SYS [2008-9-3 9968]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2008-9-3 55024]
R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;d:\program files\astra32\astra32.sys [2007-2-22 30864]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-8-17 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-8-17 155160]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\blue coat k9 web protection\k9filter.exe [2009-1-13 1078560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-9-5 24652]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-8-17 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-8-17 352920]
S3 cdiskdun;cdiskdun;\??\c:\docume~1\sam\locals~1\temp\cdiskdun.sys --> c:\docume~1\sam\locals~1\temp\cdiskdun.sys [?]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-6-18 66048]
S3 SASENUM;SASENUM;d:\program files\superantispyware\SASENUM.SYS [2008-9-3 7408]

=============== Created Last 30 ================

2009-06-30 23:01 2,560 a------- c:\windows\_MSRSTRT.EXE
2009-06-26 22:30 14,592 ac------ c:\windows\system32\dllcache\kbdhid.sys
2009-06-26 22:30 14,592 a------- c:\windows\system32\drivers\kbdhid.sys
2009-06-17 23:05 <DIR> --d----- c:\docume~1\sam\applic~1\IObit
2009-06-17 22:55 <DIR> --d----- c:\program files\Blue Coat K9 Web Protection
2009-06-14 17:56 <DIR> --d----- c:\program files\ViGlance
2009-06-11 15:29 41,808 a------- c:\windows\system32\xfcodec.dll
2009-06-11 09:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Firefly Studios
2009-06-09 14:15 <DIR> --d----- c:\docume~1\sam\applic~1\Bit9
2009-06-09 14:05 <DIR> --d----- c:\docume~1\sam\applic~1\ColorSchemer
2009-06-09 14:05 1,706,800 a------- c:\windows\system32\gdiplus.dll
2009-06-09 14:05 303,104 a------- c:\windows\system32\lcms.dll
2009-06-09 07:18 <DIR> --d----- c:\documents and settings\sam\.netbeans
2009-06-09 07:18 <DIR> --d----- c:\documents and settings\sam\.netbeans-registration
2009-06-09 07:16 <DIR> --d----- c:\documents and settings\sam\.nbi
2009-06-07 22:20 <DIR> --d----- c:\docume~1\sam\applic~1\Malwarebytes
2009-06-07 22:20 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-07 22:20 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-07 22:20 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-07 22:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-07 16:10 <DIR> --d----- c:\program files\Trend Micro
2009-06-07 15:54 36,864 a------- c:\windows\system32\MD5.ocx
2009-06-07 15:54 <DIR> --d----- c:\program files\XP_Key_Changer
2009-06-06 11:05 17,664 ac------ c:\windows\system32\dllcache\sermouse.sys
2009-06-06 11:05 17,664 a------- c:\windows\system32\drivers\sermouse.sys
2009-06-06 11:03 <DIR> --d----- c:\windows\system32\wbem\Repository

==================== Find3M ====================

2009-06-11 08:46 3,532 a------- C:\drmHeader.bin
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-01 14:02 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-05-01 14:02 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-05-01 14:02 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-05-01 14:02 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-05-01 14:02 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-05-01 14:02 685,056 a------- c:\windows\system32\DivX.dll
2009-04-28 21:46 666,624 a------- c:\windows\system32\wininet.dll
2009-04-28 21:46 81,920 a------- c:\windows\system32\ieencode.dll
2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 13:25 129,784 -------- c:\windows\system32\pxafs.dll
2009-04-15 13:25 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-04-15 13:25 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-04-15 13:24 90,112 a------- c:\windows\system32\dpl100.dll
2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2008-09-17 08:13 700 a------- c:\program files\INSTALL.LOG
2003-12-18 11:33 20,102 a------- c:\program files\Readme.txt
2003-09-03 07:46 10,960 a------- c:\program files\EULA.txt

============= FINISH: 6:23:57.50 ===============
--
If you don't have honor what do you have?
"Too early old, too late smart" - Indian Proverb.

#4 Jarquafelmu

Jarquafelmu
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Santa Maria, CA
  • Local time:01:24 AM

Posted 03 July 2009 - 12:28 AM

Well, I suppose you guys can move on to another client. I'll still lurk here, but I ended up reformating my computer after having to put up with not knowing if every time I shut down it would be the last time. Glad to say that everything is working fine now. But I still would be interested to know if there was anything in those DDS logs which told you guys any serious problems. Thanks again for reading them.
--
If you don't have honor what do you have?
"Too early old, too late smart" - Indian Proverb.

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:24 AM

Posted 04 July 2009 - 06:05 AM

Hi Jarquafelmu,

Glad you resolved the issue.

To answer your question I see a couple of Ask Toolbar entries. The Toolbar is more adware related and not a serious or malicious one. But nowadays viruses and malware use the rootkit components we can't see on the DDS log. We need to dig deeper for that type of malware. So it remains unsure about the malware part.

The failure to install some Windows components could sometime lead to serious startup issues as it creates a mismatch between the registry entries and the system files so they will not get pass the Checksum control. A forced shutting down or a sudden power loss can also have the same effect and cause corruption. The system definitely needed a disk check (chkdsk) and was set to do so as the entry on the DDS indicates.

Doing a reformat was healthy step. :thumbup2:

Thanks for letting us know.

Regards,

farbar

#6 Jarquafelmu

Jarquafelmu
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Santa Maria, CA
  • Local time:01:24 AM

Posted 04 July 2009 - 03:23 PM

Hi farbar

Thanks for the response to my problem. I had installed the ask toolbar a bit ago as a way to grab animation files (*.swf's) from the internet. I just left it disabled until I needed it, so it never cluttered my screen.

I guess it would have been good for a chkdisk to have happened. Well the issue isn't there anymore, the reformat cleaned that up nicely. Take care guys, this thread can be closed.
--
If you don't have honor what do you have?
"Too early old, too late smart" - Indian Proverb.

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:24 AM

Posted 04 July 2009 - 04:54 PM

This thread will now be closed since the issue seems to be resolved.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users