Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yahoo/Google redirects, Axwin Frame PopUps


  • This topic is locked This topic is locked
2 replies to this topic

#1 MyComputerIsSick

MyComputerIsSick

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:TEXAS
  • Local time:02:51 AM

Posted 09 February 2010 - 10:08 PM

Referred from here: http://www.bleepingcomputer.com/forums/t/289151/axwin-frame-window-popup-svchostexe-application-error/ ~ OB

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/25/2009 7:04:41 PM
System Uptime: 2/8/2010 5:16:35 PM (4 hours ago)

Motherboard: ASUSTek Computer INC. | | NAGAMI2L
Processor: AMD Athlon™ 64 Processor 3700+ | Socket 939 | 2204/199mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 178 GiB total, 148.976 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 0.504 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP13: 11/11/2009 4:00:14 PM - Software Distribution Service 3.0
RP14: 11/11/2009 7:28:36 PM - Software Distribution Service 3.0
RP15: 11/11/2009 7:35:53 PM - Software Distribution Service 3.0
RP16: 11/12/2009 11:19:32 PM - System Checkpoint
RP17: 11/13/2009 5:24:40 PM - Software Distribution Service 3.0
RP18: 11/13/2009 10:49:05 PM - Software Distribution Service 3.0
RP19: 11/14/2009 1:23:03 AM - Software Distribution Service 3.0
RP20: 11/15/2009 1:57:31 AM - System Checkpoint
RP21: 11/15/2009 3:40:50 AM - Software Distribution Service 3.0
RP22: 11/16/2009 6:37:10 PM - System Checkpoint
RP23: 11/17/2009 7:29:59 PM - System Checkpoint
RP24: 11/18/2009 9:49:50 PM - System Checkpoint
RP25: 11/19/2009 10:25:37 PM - System Checkpoint
RP26: 11/20/2009 10:44:21 PM - System Checkpoint
RP27: 11/22/2009 12:21:59 AM - System Checkpoint
RP28: 11/23/2009 8:00:23 PM - System Checkpoint
RP29: 11/25/2009 2:42:41 AM - System Checkpoint
RP30: 11/25/2009 3:32:35 AM - Software Distribution Service 3.0
RP31: 11/29/2009 8:32:34 PM - System Checkpoint
RP32: 11/30/2009 8:33:42 PM - System Checkpoint
RP33: 12/1/2009 4:00:19 PM - Software Distribution Service 3.0
RP34: 12/2/2009 8:22:15 PM - System Checkpoint
RP35: 12/3/2009 11:38:28 PM - System Checkpoint
RP36: 12/5/2009 12:28:47 AM - System Checkpoint
RP37: 12/6/2009 2:35:42 AM - System Checkpoint
RP38: 12/6/2009 10:43:18 PM - Restore Operation
RP39: 12/9/2009 3:34:26 PM - System Checkpoint
RP40: 12/9/2009 11:58:24 PM - Software Distribution Service 3.0
RP41: 12/11/2009 12:05:46 AM - Restore Operation
RP42: 12/11/2009 12:14:43 AM - Software Distribution Service 3.0
RP43: 12/12/2009 9:19:09 PM - System Checkpoint
RP44: 12/14/2009 1:21:04 AM - System Checkpoint
RP45: 12/15/2009 2:51:58 AM - System Checkpoint
RP46: 12/16/2009 4:22:57 AM - System Checkpoint
RP47: 12/17/2009 4:28:56 AM - System Checkpoint
RP48: 12/18/2009 4:13:32 AM - Restore Operation
RP49: 12/18/2009 4:26:06 AM - Avira AntiVir Personal - 12/18/2009 4:25
RP50: 12/18/2009 11:49:40 PM - Software Distribution Service 3.0
RP51: 12/19/2009 12:24:37 AM - Installed Windows Media Player 10
RP52: 12/19/2009 12:25:25 AM - Software Distribution Service 3.0
RP53: 12/19/2009 1:42:55 AM - Restore Operation
RP54: 12/19/2009 2:12:28 AM - Software Distribution Service 3.0
RP55: 12/19/2009 2:17:17 AM - Software Distribution Service 3.0
RP56: 1/17/2010 8:03:51 PM - System Checkpoint
RP57: 1/19/2010 5:32:37 PM - Avira AntiVir Personal - 1/19/2010 17:32
RP58: 1/20/2010 12:05:36 AM - Software Distribution Service 3.0
RP59: 1/20/2010 11:08:49 PM - Software Distribution Service 3.0
RP60: 1/21/2010 2:38:31 PM - Restore Operation
RP61: 1/21/2010 2:44:34 PM - Software Distribution Service 3.0
RP62: 1/21/2010 2:54:53 PM - Avira AntiVir Personal - 1/21/2010 14:54
RP63: 1/21/2010 3:00:35 PM - Avira AntiVir Personal - 1/21/2010 15:00
RP64: 1/21/2010 5:35:07 PM - Software Distribution Service 3.0
RP65: 1/22/2010 11:43:45 PM - System Checkpoint
RP66: 1/23/2010 4:00:16 PM - Software Distribution Service 3.0
RP67: 1/23/2010 10:59:01 PM - Restore Operation
RP68: 1/23/2010 11:08:37 PM - Restore Operation
RP69: 1/25/2010 8:55:41 PM - Revo Uninstaller Pro's restore point - Avira AntiVir Personal - Free Antivirus
RP70: 1/25/2010 8:56:12 PM - Revo Uninstaller Pro's restore point - Avira AntiVir Personal - Free Antivirus
RP71: 1/25/2010 8:56:41 PM - Revo Uninstaller Pro's restore point - Avira AntiVir Personal - Free Antivirus
RP72: 1/26/2010 8:17:03 PM - Software Distribution Service 3.0
RP73: 1/27/2010 1:08:48 AM - Restore Operation
RP74: 1/27/2010 1:36:52 AM - Restore Operation
RP75: 1/28/2010 2:00:38 AM - System Checkpoint
RP76: 1/29/2010 2:11:31 AM - System Checkpoint
RP77: 1/30/2010 9:41:28 PM - System Checkpoint
RP78: 2/2/2010 12:30:37 AM - Restore Operation
RP79: 2/3/2010 2:12:05 AM - System Checkpoint
RP80: 2/3/2010 8:38:45 PM - Avira AntiVir Personal - 2/3/2010 20:38
RP81: 2/3/2010 9:04:55 PM - Avira AntiVir Personal - 2/3/2010 21:04
RP82: 2/5/2010 1:36:14 AM - System Checkpoint
RP83: 2/7/2010 8:54:09 PM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.5
Alien Outbreak 2
Ancient Sudoku
Avira AntiVir Personal - Free Antivirus
Bejeweled 2 Deluxe
Big Kahuna Reef
Blackhawk Striker 2
Blasterball 2 Remix
Blasterball 2 Revolution
Bookworm Deluxe
Bounce Symphony
BufferChm
Celebrity Toolbar
Chuzzle Deluxe
Compaq Connections (remove only)
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CueTour
Customer Experience Enhancement
Data Fax SoftModem with SmartCP
Destinations
DeviceManagementQFolder
Diner Dash
DISCover
Easy Internet Sign-up
Enhanced Multimedia Keyboard Solution
Fairies
Family Feud
FATE
Flip Words
FullDPAppQFolder
GemMaster Mystic
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Boot Optimizer
HP DVD Play 2.1
HP Game Console
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Rhapsody
HP Software Update
HP Support Overview
HP Web Helper
HPPhotoSmartExpress
HpSdpAppCoreApp
Insaniquarium Deluxe
InstantShareDevices
J2SE Runtime Environment 5.0 Update 5
Java™ 6 Update 17
Jewel Quest
LightScribe 1.4.84.1
Mah Jong Quest
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Away Mode
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Money 2006
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Case Files
Netscape Browser (remove only)
NVIDIA Drivers
OptionalContentQFolder
Otto
PhotoGallery
Poker Superstars
Polar Bowler
Polar Golfer
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
RandMap
RealPlayer
Realtek High Definition Audio Driver
Ricochet Lost Worlds
SCRABBLE
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SkinsHP1
SlideShow
SlideShowMusic
Slingo Deluxe
Snowy The Bears Adventure
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Super Granny
Tennis Titans
Tornado Jockey
Tradewinds
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb977839)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

2/4/2010 1:45:36 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
2/2/2010 7:31:28 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
2/2/2010 7:31:28 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
2/1/2010 9:55:34 PM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
2/1/2010 9:55:34 PM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

==== End Of File ===========================



DS (Ver_09-12-01.01) - NTFSx86
Run by Compaq_Administrator at 21:47:10.74 on Mon 02/08/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.383 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Local Settings\Temporary Internet Files\Content.IE5\947MTU63\Defogger[1].exe
C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.pvamu.edu/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
uURLSearchHooks: MHURLSearchHook Class: {1c4ab6a5-595f-4e86-b15f-f93cce2bbd48} - c:\program files\celebrity toolbar\tbhelper.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: MHTBPos00 Class: {0c37b053-fd68-456a-82e1-d788ee342e6f} - c:\program files\celebrity toolbar\tbcore3.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: CMySite Class: {d62ec836-bf1e-4cac-81be-fb9179835d8e} - c:\program files\celebrity toolbar\mhxpcomi.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: Celebrity Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - c:\program files\celebrity toolbar\tbcore3.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: trymedia.com
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257989487812
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - c:\program files\celebrity toolbar\mhxpcomi.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-18 11608]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-18 55656]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-12-18 108289]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-18 185089]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-1-25 27064]

=============== Created Last 30 ================

2010-02-09 03:44:32 0 ----a-w- c:\documents and settings\compaq_administrator.your-4dacd0ea75\defogger_reenable
2010-02-08 23:39:29 3249 ----a-w- c:\windows\system32\wbem\Outlook_01caa917f551afd6.mof
2010-02-05 08:05:16 0 d-----w- c:\program files\Celebrity Toolbar
2010-02-02 06:49:17 0 d-----w- C:\838b9ef5257c42cb3d383c7a
2010-01-27 07:44:11 0 d-----w- c:\windows\system32\wbem\Repository
2010-01-26 03:13:47 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-01-22 05:28:59 0 d-----w- c:\docume~1\compaq~1.you\applic~1\SUPERAntiSpyware.com
2010-01-21 20:38:42 8212 ----a-w- c:\windows\mfebcdata
2010-01-20 06:05:03 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-20 05:29:20 9817 ----a-w- c:\windows\system32\Config.MPF
2010-01-20 05:28:38 0 d-----w- c:\program files\SiteAdvisor
2010-01-20 05:26:51 0 d-----w- c:\program files\McAfee.com
2010-01-20 05:26:46 0 d-----w- c:\program files\common files\McAfee
2010-01-20 05:26:38 0 d-----w- c:\program files\McAfee
2010-01-18 00:57:23 0 d-----w- c:\docume~1\compaq~1.you\applic~1\CiscoCAA
2010-01-18 00:57:16 0 d-----w- c:\program files\Cisco Systems

==================== Find3M ====================

2010-02-08 02:52:08 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-02-08 02:52:08 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2010-01-07 22:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-21 13:19:18 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2006-09-07 04:31:14 251 ----a-w- c:\program files\wt3d.ini

============= FINISH: 21:48:47.71 ===============






GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-09 01:18:40
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\COMPAQ~1.YOU\LOCALS~1\Temp\kfdyrpoc.sys


---- System - GMER 1.0.15 ----

SSDT EE8061C6 ZwCreateKey
SSDT EE8061BC ZwCreateThread
SSDT EE8061CB ZwDeleteKey
SSDT EE8061D5 ZwDeleteValueKey
SSDT EE8061DA ZwLoadKey
SSDT EE8061A8 ZwOpenProcess
SSDT EE8061AD ZwOpenThread
SSDT EE8061E4 ZwReplaceKey
SSDT EE8061DF ZwRestoreKey
SSDT EE8061D0 ZwSetValueKey
SSDT EE8061B7 ZwTerminateProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 8649A618

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Edited by Orange Blossom, 10 February 2010 - 10:16 PM.

If you have to sneak and do it, Then you dont need to do it!

BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:51 AM

Posted 16 February 2010 - 06:35 PM

Hello,

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


  1. Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  2. Disconnect from the Internet and close all running programs, as this process may crash your computer.
  3. Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  4. Double click on Gmer to run it.
  5. Allow the gmer.sys driver to load if asked.
  6. You may see a rootkit warning window, If you do, click No.
  7. Untick the following boxes on the right side of the Gmer screen.
    Sections
    IAT/EAT
    Files
    Show All
  8. Click on and wait for the scan to finish.
  9. If you see a rootkit warning window, click OK.
  10. Push and save the logfile to your desktop.
  11. Copy and Paste the contents of that file in your next post.



Then please post back here with the following:
  • log.txt
  • info.txt
  • Gmer log

Thanks

unite.jpg


#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:51 AM

Posted 22 February 2010 - 11:33 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users