|
Answer» I have a BAD virus on my computer that I have been trying to get rid of for 3 days now.
It is blocking, and redirecting web sites. It will automaticaly start the web sometimes. It is blocking things from running, and some from downloading.
I ran CCleaner. I ran a-squared. AVG did not and is not detecting anything.
Here is the Hijackthis log.
[attachment deleted by admin]
Try the renamer download for Malwarbytes.
http://kixhelp.com/wr/files/mb/randmbam.exe
The randmbam.exe will try to create random names and shortcuts for Malwarebytes Anti Malware (MBAM) if you have it installed already.
If it installs then use this link to download the updates.
Download Malwarebytes' Anti-Malware Database - GT500.org
Just download it to the desktop and run the exe then run Malwarebytes.EVIL, Thanks, that worked and I ran the program.
It found 9 things. I removed them and the computer restarted.
Here is the log.
[attachment deleted by admin]Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.
Link #1
Link #2
**Note: It is important that it is saved directly to your Desktop
Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your antivirus and any ANTISPYWARE real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
Double click combofix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.
Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.
If you have problems with ComboFix usage, see How to use ComboFixI had some trouble with that one.
I had to download combofix from both links.
Here is the log file...
[attachment deleted by admin]Download DDS by sUBs and save it to your desktop. Alternate DDS download link
Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)
* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
1) DDS.txt
2) Attach.txt
* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.
Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.Here are the two logs you requested.
DDS (Ver_09-05-14.01) - NTFSx86
Run by Rick Carter at 17:28:23.14 on Mon 05/25/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.323 [GMT -5:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Outpost Firewall *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\SYSTEM32\bgsvcgen.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\Rick Carter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Rick Carter\Desktop\dds.pif
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636 f6d2f
mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636 f6d2f
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*http://www.yahoo.com
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [OutpostMonitor] c:\progra~1\agnitum\outpost firewall\op_mon.exe /tray /noservice
mRun: [OutpostFeedBack] "c:\program files\agnitum\outpost firewall\feedback.exe" /dump:os_startup
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237408782187
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1243121770955&h=e2d453289e8d1f26f4a2bdddc5879e09/&filename=jinstall-6u13-windows-i586-jc.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-30 325896]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2006-12-7 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-30 108552]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2009-5-24 704384]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-14 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-14 72944]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-5-22 717320]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\agnitum\outpost firewall\acs.exe [2009-5-24 1195008]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-5 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-5 298776]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2009-5-24 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009-5-24 257432]
R3 XIRLINK;IBM PC Camera;c:\windows\system32\drivers\C-itnt.sys [2008-9-10 453475]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-14 7408]
=============== Created Last 30 ================
2009-05-25 16:4450,176a-------c:\windows\system32\proquota.exe
2009-05-25 16:4450,176a-------c:\windows\system32\dllcache\proquota.exe
2009-05-25 16:08a-dshr--C:\cmdcons
2009-05-25 16:00161,792a-------c:\windows\SWREG.exe
2009-05-25 16:00154,624a-------c:\windows\PEV.exe
2009-05-25 16:0098,816a-------c:\windows\sed.exe
2009-05-25 14:5115,504a-------c:\windows\system32\drivers\mbam.sys
2009-05-25 14:5138,496a-------c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-25 14:51--d-----c:\program files\MAM
2009-05-24 18:35704,384a-------c:\windows\system32\drivers\SandBox.sys
2009-05-24 18:35257,432a-------c:\windows\system32\drivers\afwcore.sys
2009-05-24 18:3349a-------c:\windows\transp.gif
2009-05-24 18:3331,128a-------c:\windows\system32\drivers\afw.sys
2009-05-24 18:33--d-----c:\program files\Agnitum
2009-05-24 18:33--d-----c:\docume~1\alluse~1\applic~1\Agnitum
2009-05-23 21:42--d-----c:\program files\Trend Micro
2009-05-23 21:27--d-----c:\program files\MbAM
2009-05-23 19:33--d-----c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-05-23 19:32--d-----c:\program files\SUPERAntiSpyware
2009-05-23 19:32--d-----c:\docume~1\rickca~1\applic~1\SUPERAntiSpyware.com
2009-05-23 19:32--d-----c:\program files\common files\Wise Installation Wizard
2009-05-23 18:38410,984a-------c:\windows\system32\deploytk.dll
2009-05-22 20:03--d-----c:\program files\a-squared Free
2009-05-22 19:57--d-----c:\program files\CCleaner
2009-05-21 22:57116,224a-------c:\windows\system32\dllcache\xrxwiadr.dll
2009-05-21 22:5723,040a-------c:\windows\system32\dllcache\xrxwbtmp.dll
2009-05-21 22:5718,944a-------c:\windows\system32\dllcache\xrxscnui.dll
2009-05-21 22:5727,648a-------c:\windows\system32\dllcache\xrxftplt.exe
2009-05-21 22:574,608a-------c:\windows\system32\dllcache\xrxflnch.exe
2009-05-21 22:5799,865a-------c:\windows\system32\dllcache\xlog.exe
2009-05-21 22:5728,288a-------c:\windows\system32\dllcache\xjis.nls
2009-05-21 22:5716,970a-------c:\windows\system32\dllcache\xem336n5.sys
2009-05-21 22:5719,455a-------c:\windows\system32\dllcache\wvchntxx.sys
2009-05-21 22:5612,063a-------c:\windows\system32\dllcache\wsiintxx.sys
2009-05-21 22:568,192a-------c:\windows\system32\dllcache\wshirda.dll
2009-05-21 22:568,832a-------c:\windows\system32\dllcache\wmiacpi.sys
2009-05-21 22:56154,624a-------c:\windows\system32\dllcache\wlluc48.sys
2009-05-21 22:5634,890a-------c:\windows\system32\dllcache\wlandrv2.sys
2009-05-21 22:5464,605a-------c:\windows\system32\dllcache\vvoice.sys
2009-05-21 22:54397,502a-------c:\windows\system32\dllcache\vpctcom.sys
2009-05-21 22:54604,253a-------c:\windows\system32\dllcache\vmodem.sys
2009-05-21 22:54249,402a-------c:\windows\system32\dllcache\vinwm.sys
2009-05-21 22:5424,576a-------c:\windows\system32\dllcache\viairda.sys
2009-05-21 22:54687,999a-------c:\windows\system32\dllcache\usrwdxjs.sys
2009-05-21 22:54765,884a-------c:\windows\system32\dllcache\usrti.sys
2009-05-21 22:54113,762a-------c:\windows\system32\dllcache\usrpda.sys
2009-05-21 22:547,556a-------c:\windows\system32\dllcache\usroslba.sys
2009-05-21 22:54224,802a-------c:\windows\system32\dllcache\usr1807a.sys
2009-05-21 22:54794,399a-------c:\windows\system32\dllcache\usr1806v.sys
2009-05-21 22:52216,064a-------c:\windows\system32\dllcache\um34scan.dll
2009-05-21 22:51241,664a-------c:\windows\system32\dllcache\tosdvd02.sys
2009-05-21 22:50103,936a-------c:\windows\system32\dllcache\sx.sys
2009-05-21 22:503,968a-------c:\windows\system32\dllcache\swusbflt.sys
2009-05-21 22:5010,240a-------c:\windows\system32\dllcache\swpidflt.dll
2009-05-21 22:5010,240a-------c:\windows\system32\dllcache\swpdflt2.dll
2009-05-21 22:5053,760a-------c:\windows\system32\dllcache\sw_wheel.dll
2009-05-21 22:5041,472a-------c:\windows\system32\dllcache\sw_effct.dll
2009-05-21 22:50155,648a-------c:\windows\system32\dllcache\stlnprop.dll
2009-05-21 22:5053,248a-------c:\windows\system32\dllcache\stlncoin.dll
2009-05-21 22:50285,760a-------c:\windows\system32\dllcache\stlnata.sys
2009-05-21 22:5016,896a-------c:\windows\system32\dllcache\stcusb.sys
2009-05-21 22:5048,736a-------c:\windows\system32\dllcache\srwlnd5.sys
2009-05-21 22:50101,376a-------c:\windows\system32\dllcache\srusbusd.dll
2009-05-21 22:5099,328a-------c:\windows\system32\dllcache\srusd.dll
2009-05-21 22:4815,872a-------c:\windows\system32\dllcache\smierrsm.dll
2009-05-21 22:4794,698a-------c:\windows\system32\dllcache\sk98xwin.sys
2009-05-21 22:47157,696a-------c:\windows\system32\dllcache\sisv256.dll
2009-05-21 22:4750,432a-------c:\windows\system32\dllcache\sisv.sys
2009-05-21 22:4732,768a-------c:\windows\system32\dllcache\sisnic.sys
2009-05-21 22:47238,592a-------c:\windows\system32\dllcache\sisgrv.dll
2009-05-21 22:47104,064a-------c:\windows\system32\dllcache\sisgrp.sys
2009-05-21 22:47150,144a-------c:\windows\system32\dllcache\sis6306v.dll
2009-05-21 22:4768,608a-------c:\windows\system32\dllcache\sis6306p.sys
2009-05-21 22:47252,032a-------c:\windows\system32\dllcache\sis300iv.dll
2009-05-21 22:47101,760a-------c:\windows\system32\dllcache\sis300ip.sys
2009-05-21 22:4718,944a-------c:\windows\system32\dllcache\simptcp.dll
2009-05-21 22:45495,616a-------c:\windows\system32\dllcache\sblfx.dll
2009-05-21 22:4575,392a-------c:\windows\system32\dllcache\s3savmxm.sys
2009-05-21 22:45245,632a-------c:\windows\system32\dllcache\s3savmx.dll
2009-05-21 22:4577,824a-------c:\windows\system32\dllcache\s3sav4m.sys
2009-05-21 22:45198,400a-------c:\windows\system32\dllcache\s3sav4.dll
2009-05-21 22:4561,504a-------c:\windows\system32\dllcache\s3sav3dm.sys
2009-05-21 22:45179,264a-------c:\windows\system32\dllcache\s3sav3d.dll
2009-05-21 22:45210,496a-------c:\windows\system32\dllcache\s3mvirge.dll
2009-05-21 22:4562,496a-------c:\windows\system32\dllcache\s3mtrio.dll
2009-05-21 22:4541,216a-------c:\windows\system32\dllcache\s3mt3d.sys
2009-05-21 22:45182,272a-------c:\windows\system32\dllcache\s3mt3d.dll
2009-05-21 22:45166,720a-------c:\windows\system32\dllcache\s3m.sys
2009-05-21 22:4565,664a-------c:\windows\system32\dllcache\s3legacy.sys
2009-05-21 22:43899,146a-------c:\windows\system32\dllcache\r2mdkxga.sys
2009-05-21 22:4217,664a-------c:\windows\system32\dllcache\ppa3.sys
2009-05-21 22:4129,769a-------c:\windows\system32\dllcache\pcntn5m.sys
2009-05-21 22:4025,088a-------c:\windows\system32\dllcache\ovca.sys
2009-05-21 22:4054,186a-------c:\windows\system32\dllcache\otcsercb.sys
2009-05-21 22:4043,689a-------c:\windows\system32\dllcache\otceth5.sys
2009-05-21 22:4027,209a-------c:\windows\system32\dllcache\otc06x5.sys
2009-05-21 22:4054,528a-------c:\windows\system32\dllcache\opl3sax.sys
2009-05-21 22:4061,696a-------c:\windows\system32\dllcache\ohci1394.sys
2009-05-21 22:40198,144a-------c:\windows\system32\dllcache\nv3.sys
2009-05-21 22:40123,776a-------c:\windows\system32\dllcache\nv3.dll
2009-05-21 22:4051,552a-------c:\windows\system32\dllcache\ntgrip.sys
2009-05-21 22:4038,912a-------c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2009-05-21 22:409,344a-------c:\windows\system32\dllcache\ntapm.sys
2009-05-21 22:3835,392a-------c:\windows\system32\dllcache\n9i128.dll
2009-05-21 22:3735,200a-------c:\windows\system32\dllcache\msgame.sys
2009-05-21 22:3658,880a-------c:\windows\system32\dllcache\m3092dc.dll
2009-05-21 22:355,632a-------c:\windows\system32\dllcache\kbdusa.dll
2009-05-21 22:3490,200a-------c:\windows\system32\dllcache\io8ports.dll
2009-05-21 22:33100,936a-------c:\windows\system32\dllcache\ibmtok.sys
2009-05-21 22:3267,167a-------c:\windows\system32\dllcache\hsf_bsc2.sys
2009-05-21 22:3120,352a-------c:\windows\system32\dllcache\hidbatt.sys
2009-05-21 22:3071,680a-------c:\windows\system32\dllcache\fnfilter.dll
2009-05-21 22:2937,120a-------c:\windows\system32\dllcache\es1370mp.sys
2009-05-21 22:2850,719a-------c:\windows\system32\dllcache\e1000nt5.sys
2009-05-21 22:2724,648a-------c:\windows\system32\dllcache\dfe650.sys
2009-05-21 22:2639,936a-------c:\windows\system32\dllcache\cnxt1803.sys
2009-05-21 22:2566,082a-------c:\windows\system32\dllcache\c_20106.nls
2009-05-21 22:2417,152a-------c:\windows\system32\dllcache\atitvsnd.sys
2009-05-21 22:2366,048a-------c:\windows\system32\dllcache\s3legacy.dll
2009-05-21 16:55--d-----c:\docume~1\alluse~1\applic~1\SITEguard
2009-05-21 16:53--d-----c:\program files\common files\iS3
2009-05-21 16:53--d-----c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-05-21 00:5454,156a---h---c:\windows\QTFont.qfn
2009-05-21 00:541,409a-------c:\windows\QTFont.for
2009-05-17 14:08--d-----c:\docume~1\rickca~1\applic~1\Malwarebytes
2009-05-17 14:08--d-----c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-02 22:32--d-----c:\program files\Lavasoft
2009-05-01 17:16--d-----c:\documents and settings\rick carter\Tracing
2009-05-01 16:03--d-----c:\program files\Microsoft SQL Server Compact Edition
2009-05-01 16:01--d-----c:\program files\Microsoft
2009-05-01 15:36--d-----c:\program files\common files\Windows Live
2009-05-01 14:46608,448a-------c:\windows\system32\comctl32.ocx
2009-05-01 14:46--d-----c:\program files\AML Products
2009-05-01 14:12--d-----c:\program files\iXi Tools
==================== Find3M ====================
2009-05-16 11:52325,896a-------c:\windows\system32\drivers\avgldx86.sys
2009-05-16 11:5211,952a-------c:\windows\system32\avgrsstx.dll
2009-05-16 11:52108,552a-------c:\windows\system32\drivers\avgtdix.sys
2009-03-21 09:06989,696a-------c:\windows\system32\dllcache\kernel32.dll
2009-03-18 17:45348,160a-------c:\windows\system32\msvcr71.dll
2009-03-18 17:45499,712a-------c:\windows\system32\msvcp71.dll
2009-03-08 14:09638,816a-------c:\windows\system32\dllcache\iexplore.exe
2009-03-08 14:09391,536a-------c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 04:415,937,152a-------c:\windows\system32\dllcache\mshtml.dll
2009-03-08 04:3911,063,808a-------c:\windows\system32\dllcache\ieframe.dll
2009-03-08 04:34914,944a-------c:\windows\system32\wininet.dll
2009-03-08 04:34914,944a-------c:\windows\system32\dllcache\wininet.dll
2009-03-08 04:341,206,784a-------c:\windows\system32\dllcache\urlmon.dll
2009-03-08 04:34236,544a-------c:\windows\system32\dllcache\webcheck.dll
2009-03-08 04:3443,008a-------c:\windows\system32\licmgr10.dll
2009-03-08 04:3443,008a-------c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 04:34105,984a-------c:\windows\system32\dllcache\url.dll
2009-03-08 04:34193,536a-------c:\windows\system32\dllcache\msrating.dll
2009-03-08 04:34109,568a-------c:\windows\system32\dllcache\occache.dll
2009-03-08 04:33759,296a-------c:\windows\system32\dllcache\vgx.dll
2009-03-08 04:3318,944a-------c:\windows\system32\dllcache\corpol.dll
2009-03-08 04:3318,944a-------c:\windows\system32\corpol.dll
2009-03-08 04:3325,600a-------c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 04:33726,528a-------c:\windows\system32\dllcache\jscript.dll
2009-03-08 04:33229,376a-------c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 04:33420,352a-------c:\windows\system32\vbscript.dll
2009-03-08 04:33420,352a-------c:\windows\system32\dllcache\vbscript.dll
2009-03-08 04:33125,952a-------c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 04:3272,704a-------c:\windows\system32\dllcache\admparse.dll
2009-03-08 04:3272,704a-------c:\windows\system32\admparse.dll
2009-03-08 04:32173,056a-------c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 04:32163,840a-------c:\windows\system32\dllcache\ieakui.dll
2009-03-08 04:3271,680a-------c:\windows\system32\iesetup.dll
2009-03-08 04:3271,680a-------c:\windows\system32\dllcache\iesetup.dll
2009-03-08 04:3255,808a-------c:\windows\system32\dllcache\iernonce.dll
2009-03-08 04:32128,512a-------c:\windows\system32\dllcache\advpack.dll
2009-03-08 04:3294,720a-------c:\windows\system32\dllcache\inseng.dll
2009-03-08 04:32594,432a-------c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 04:321,985,024a-------c:\windows\system32\dllcache\iertutil.dll
2009-03-08 04:32611,840a-------c:\windows\system32\dllcache\mstime.dll
2009-03-08 04:2468,608a-------c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 04:22156,160a-------c:\windows\system32\msls31.dll
2009-03-08 04:22156,160a-------c:\windows\system32\dllcache\msls31.dll
2009-03-08 04:11445,952a-------c:\windows\system32\dllcache\ieapfltr.dll
2009-03-06 09:22284,160a-------c:\windows\system32\pdh.dll
2009-03-06 09:22284,160a-------c:\windows\system32\dllcache\pdh.dll
2009-02-27 23:55105,984--------c:\windows\system32\dllcache\iecompat.dll
2005-11-07 21:052,855,080ac------c:\program files\aawsepersonal.exe
2008-11-09 12:4532,768ac-sh---c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008110920081110\index.dat
============= FINISH: 17:29:16.53 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-05-14.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/17/2005 5:56:32 PM
System Uptime: 5/25/2009 4:50:01 PM (1 hours ago)
Motherboard: Dell Computer Corp. | | 0K8980
Processor: Intel(R) Celeron(R) CPU 2.40GHz | Microprocessor | 2394/533mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 34 GiB total, 19.463 GiB free.
D: is CDROM ()
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1: 5/25/2009 5:16:03 PM - System Checkpoint
==== Installed Programs ======================
a-squared Free 4.5
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Illustrator 10
Adobe Photoshop 7.0
Adobe Reader 7.0
Adobe SVG Viewer 3.0
Advanced SystemCare 3
American Greetings® Art & More Store
AML Free Registry Cleaner 4.16
AVG Free 8.5
CCleaner (remove only)
Choice Guard
Content Transfer
Google Chrome
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
IncrediMail
Java(TM) 6 Update 13
Junk Mail filter update
LivePix 1.1 SE
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Excel Viewer 97
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Web Publishing Wizard 1.52
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
OpenOffice.org 2.4
Oregon Trail II
Outpost Firewall 2009
Panda Labels 2.0
Picasa 2
PrintMaster 7.00
PrintMaster Gold 4.00
Prison Tycoon 4
RealPlayer
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Segoe UI
Small Business Legal Pro 3
Smart Attorney 8.0
SUPERAntiSpyware Free Edition
Undelete Plus 2.98
Update for Windows Internet Explorer 8 (KB968220)
Virtools 3D Life Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Walmart MP3 Music Downloads
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
Yahoo! Software Update
==== Event Viewer Messages From Past Week ========
5/25/2009 4:26:04 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
5/25/2009 4:09:41 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
5/23/2009 8:54:37 PM, error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
5/23/2009 7:04:53 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
5/22/2009 8:36:25 PM, information: Windows File Protection [64018] - Windows File Protection file scan was cancelled by user interaction, user name is Rick Carter.
5/22/2009 6:36:51 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
5/22/2009 6:36:51 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
5/22/2009 6:36:51 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/22/2009 6:36:51 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/22/2009 6:36:51 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/22/2009 6:36:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/21/2009 7:40:48 PM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
5/21/2009 4:05:59 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
5/21/2009 4:05:59 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/21/2009 4:05:39 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/21/2009 10:58:41 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
5/21/2009 10:57:35 PM, information: Windows File Protection [64017] - Windows File Protection file scan completed successfully.
5/21/2009 10:57:13 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service.
5/21/2009 10:56:45 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the szserver service.
5/21/2009 10:23:21 PM, information: Windows File Protection [64016] - Windows File Protection file scan was started.
==== End Of File ===========================Delete these files/folders, as follows:
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C
Code: [Select]KillAll::
DDS::
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*http://www.yahoo.com
Folder::
c:\docume~1\alluse~1\applic~1\SITEguard
c:\program files\common files\iS3
c:\docume~1\alluse~1\applic~1\STOPzilla!
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this INSTRUCTION carefully!
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freezeI did that and it ran.....
here is the log you needed..
ComboFix 09-05-25.03 - Rick Carter 05/25/2009 18:07.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.376 [GMT -5:00]
Running from: c:\documents and settings\Rick Carter\Desktop\CF.exe
Command switches used :: c:\documents and settings\Rick Carter\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Outpost Firewall *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\alluse~1\applic~1\SITEguard
c:\docume~1\alluse~1\applic~1\SITEguard\siteguard.db
c:\docume~1\alluse~1\applic~1\STOPzilla!
c:\docume~1\alluse~1\applic~1\STOPzilla!\modules_scanned.db
c:\docume~1\alluse~1\applic~1\STOPzilla!\modules_scanned.db.bak
c:\docume~1\alluse~1\applic~1\STOPzilla!\sgdefs.db
c:\docume~1\alluse~1\applic~1\STOPzilla!\sgdwc.db
c:\docume~1\alluse~1\applic~1\STOPzilla!\userdata.db
c:\program files\common files\iS3
c:\program files\common files\iS3\Anti-Spyware\sgdfull.rsf
c:\program files\messenger\msmsgs.exe
.
((((((((((((((((((((((((( Files Created from 2009-04-25 to 2009-05-25 )))))))))))))))))))))))))))))))
.
2009-05-25 21:44 . 2004-08-04 10:0050176----a-wc:\windows\system32\proquota.exe
2009-05-25 21:44 . 2004-08-04 10:0050176----a-wc:\windows\system32\dllcache\proquota.exe
2009-05-25 19:51 . 2009-04-06 20:3215504----a-wc:\windows\system32\drivers\mbam.sys
2009-05-25 19:51 . 2009-04-06 20:3238496----a-wc:\windows\system32\drivers\mbamswissarmy.sys
2009-05-25 19:51 . 2009-05-25 19:53--------d-----wc:\program files\MAM
2009-05-24 23:35 . 2009-04-06 16:37704384----a-wc:\windows\system32\drivers\SandBox.sys
2009-05-24 23:35 . 2009-02-10 21:15257432----a-wc:\windows\system32\drivers\afwcore.sys
2009-05-24 23:33 . 2009-02-18 22:3031128----a-wc:\windows\system32\drivers\afw.sys
2009-05-24 23:33 . 2009-05-24 23:33--------d-----wc:\program files\Agnitum
2009-05-24 23:33 . 2009-05-24 23:33--------d-----wc:\documents and settings\All Users\Application Data\Agnitum
2009-05-24 02:42 . 2009-05-24 02:42--------d-----wc:\program files\Trend Micro
2009-05-24 02:27 . 2009-05-24 02:37--------d-----wc:\program files\MbAM
2009-05-24 00:33 . 2009-05-24 00:33--------d-----wc:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-24 00:32 . 2009-05-25 02:22--------d-----wc:\program files\SUPERAntiSpyware
2009-05-24 00:32 . 2009-05-24 00:32--------d-----wc:\docume~1\RICKCA~1\APPLIC~1\SUPERAntiSpyware.com
2009-05-24 00:32 . 2009-05-24 00:32--------d-----wc:\program files\Common Files\Wise Installation Wizard
2009-05-23 23:38 . 2009-05-23 23:37410984----a-wc:\windows\system32\deploytk.dll
2009-05-23 01:03 . 2009-05-23 01:56--------d-----wc:\program files\a-squared Free
2009-05-23 00:57 . 2009-05-23 00:57--------d-----wc:\program files\CCleaner
2009-05-22 03:57 . 2008-04-13 23:12116224----a-wc:\windows\system32\dllcache\xrxwiadr.dll
2009-05-22 03:57 . 2001-08-18 03:3623040----a-wc:\windows\system32\dllcache\xrxwbtmp.dll
2009-05-22 03:57 . 2008-04-13 23:1218944----a-wc:\windows\system32\dllcache\xrxscnui.dll
2009-05-22 03:57 . 2001-08-18 03:3727648----a-wc:\windows\system32\dllcache\xrxftplt.exe
2009-05-22 03:57 . 2001-08-18 03:374608----a-wc:\windows\system32\dllcache\xrxflnch.exe
2009-05-22 03:57 . 2001-08-18 03:3799865----a-wc:\windows\system32\dllcache\xlog.exe
2009-05-22 03:57 . 2001-08-17 17:1116970----a-wc:\windows\system32\dllcache\xem336n5.sys
2009-05-22 03:57 . 2004-08-04 02:2919455----a-wc:\windows\system32\dllcache\wvchntxx.sys
2009-05-22 03:56 . 2004-08-04 02:2912063----a-wc:\windows\system32\dllcache\wsiintxx.sys
2009-05-22 03:56 . 2008-04-13 23:128192----a-wc:\windows\system32\dllcache\wshirda.dll
2009-05-22 03:56 . 2008-04-13 17:368832----a-wc:\windows\system32\dllcache\wmiacpi.sys
2009-05-22 03:56 . 2004-08-04 02:31154624----a-wc:\windows\system32\dllcache\wlluc48.sys
2009-05-22 03:56 . 2001-08-17 17:1234890----a-wc:\windows\system32\dllcache\wlandrv2.sys
2009-05-22 03:54 . 2001-08-17 18:2864605----a-wc:\windows\system32\dllcache\vvoice.sys
2009-05-22 03:54 . 2001-08-17 18:28397502----a-wc:\windows\system32\dllcache\vpctcom.sys
2009-05-22 03:54 . 2001-08-17 18:28604253----a-wc:\windows\system32\dllcache\vmodem.sys
2009-05-22 03:54 . 2001-08-17 17:14249402----a-wc:\windows\system32\dllcache\vinwm.sys
2009-05-22 03:54 . 2001-08-17 18:4924576----a-wc:\windows\system32\dllcache\viairda.sys
2009-05-22 03:54 . 2001-08-17 18:28687999----a-wc:\windows\system32\dllcache\usrwdxjs.sys
2009-05-22 03:54 . 2001-08-17 18:28765884----a-wc:\windows\system32\dllcache\usrti.sys
2009-05-22 03:54 . 2001-08-17 18:28113762----a-wc:\windows\system32\dllcache\usrpda.sys
2009-05-22 03:54 . 2001-08-17 18:287556----a-wc:\windows\system32\dllcache\usroslba.sys
2009-05-22 03:54 . 2001-08-17 18:28224802----a-wc:\windows\system32\dllcache\usr1807a.sys
2009-05-22 03:54 . 2001-08-17 18:28794399----a-wc:\windows\system32\dllcache\usr1806v.sys
2009-05-22 03:52 . 2001-08-18 03:36216064----a-wc:\windows\system32\dllcache\um34scan.dll
2009-05-22 03:51 . 2001-08-17 19:01241664----a-wc:\windows\system32\dllcache\tosdvd02.sys
2009-05-22 03:50 . 2001-08-17 18:50103936----a-wc:\windows\system32\dllcache\sx.sys
2009-05-22 03:50 . 2001-08-17 19:023968----a-wc:\windows\system32\dllcache\swusbflt.sys
2009-05-22 03:50 . 2001-08-18 03:3610240----a-wc:\windows\system32\dllcache\swpidflt.dll
2009-05-22 03:50 . 2001-08-18 03:3610240----a-wc:\windows\system32\dllcache\swpdflt2.dll
2009-05-22 03:50 . 2001-08-18 03:3653760----a-wc:\windows\system32\dllcache\sw_wheel.dll
2009-05-22 03:50 . 2001-08-18 03:3641472----a-wc:\windows\system32\dllcache\sw_effct.dll
2009-05-22 03:50 . 2001-08-18 03:36155648----a-wc:\windows\system32\dllcache\stlnprop.dll
2009-05-22 03:50 . 2001-08-18 03:3653248----a-wc:\windows\system32\dllcache\stlncoin.dll
2009-05-22 03:50 . 2001-08-17 17:18285760----a-wc:\windows\system32\dllcache\stlnata.sys
2009-05-22 03:50 . 2001-08-17 18:5116896----a-wc:\windows\system32\dllcache\stcusb.sys
2009-05-22 03:50 . 2001-08-17 17:1148736----a-wc:\windows\system32\dllcache\srwlnd5.sys
2009-05-22 03:50 . 2004-08-04 10:00101376----a-wc:\windows\system32\dllcache\srusbusd.dll
2009-05-22 03:50 . 2001-08-18 03:3699328----a-wc:\windows\system32\dllcache\srusd.dll
2009-05-22 03:48 . 2004-08-04 10:0015872----a-wc:\windows\system32\dllcache\smierrsm.dll
2009-05-22 03:47 . 2001-08-17 17:1294698----a-wc:\windows\system32\dllcache\sk98xwin.sys
2009-05-22 03:47 . 2001-08-17 19:56157696----a-wc:\windows\system32\dllcache\sisv256.dll
2009-05-22 03:47 . 2001-08-17 17:5050432----a-wc:\windows\system32\dllcache\sisv.sys
2009-05-22 03:47 . 2004-08-04 02:3132768----a-wc:\windows\system32\dllcache\sisnic.sys
2009-05-22 03:47 . 2001-08-18 03:36238592----a-wc:\windows\system32\dllcache\sisgrv.dll
2009-05-22 03:47 . 2001-08-17 17:50104064----a-wc:\windows\system32\dllcache\sisgrp.sys
2009-05-22 03:47 . 2001-08-17 19:56150144----a-wc:\windows\system32\dllcache\sis6306v.dll
2009-05-22 03:47 . 2001-08-17 17:5068608----a-wc:\windows\system32\dllcache\sis6306p.sys
2009-05-22 03:47 . 2001-08-17 19:56252032----a-wc:\windows\system32\dllcache\sis300iv.dll
2009-05-22 03:47 . 2001-08-17 17:50101760----a-wc:\windows\system32\dllcache\sis300ip.sys
2009-05-22 03:47 . 2004-08-04 10:0018944----a-wc:\windows\system32\dllcache\simptcp.dll
2009-05-22 03:45 . 2001-08-18 03:36495616----a-wc:\windows\system32\dllcache\sblfx.dll
2009-05-22 03:45 . 2001-08-17 17:5075392----a-wc:\windows\system32\dllcache\s3savmxm.sys
2009-05-22 03:45 . 2001-08-17 19:56245632----a-wc:\windows\system32\dllcache\s3savmx.dll
2009-05-22 03:45 . 2001-08-17 17:5077824----a-wc:\windows\system32\dllcache\s3sav4m.sys
2009-05-22 03:45 . 2001-08-17 19:56198400----a-wc:\windows\system32\dllcache\s3sav4.dll
2009-05-22 03:45 . 2001-08-17 17:5061504----a-wc:\windows\system32\dllcache\s3sav3dm.sys
2009-05-22 03:45 . 2001-08-17 19:56179264----a-wc:\windows\system32\dllcache\s3sav3d.dll
2009-05-22 03:45 . 2001-08-17 19:56210496----a-wc:\windows\system32\dllcache\s3mvirge.dll
2009-05-22 03:45 . 2001-08-18 03:3662496----a-wc:\windows\system32\dllcache\s3mtrio.dll
2009-05-22 03:45 . 2001-08-17 17:5041216----a-wc:\windows\system32\dllcache\s3mt3d.sys
2009-05-22 03:45 . 2001-08-17 19:56182272----a-wc:\windows\system32\dllcache\s3mt3d.dll
2009-05-22 03:45 . 2001-08-17 17:50166720----a-wc:\windows\system32\dllcache\s3m.sys
2009-05-22 03:45 . 2001-08-17 18:5765664----a-wc:\windows\system32\dllcache\s3legacy.sys
2009-05-22 03:43 . 2001-08-17 18:28899146----a-wc:\windows\system32\dllcache\r2mdkxga.sys
2009-05-22 03:42 . 2008-04-13 17:4117664----a-wc:\windows\system32\dllcache\ppa3.sys
2009-05-22 03:41 . 2001-08-17 17:1129769----a-wc:\windows\system32\dllcache\pcntn5m.sys
2009-05-22 03:40 . 2001-08-17 19:0525088----a-wc:\windows\system32\dllcache\ovca.sys
2009-05-22 03:40 . 2001-08-17 18:2854186----a-wc:\windows\system32\dllcache\otcsercb.sys
2009-05-22 03:40 . 2001-08-17 17:1243689----a-wc:\windows\system32\dllcache\otceth5.sys
2009-05-22 03:40 . 2001-08-17 17:1227209----a-wc:\windows\system32\dllcache\otc06x5.sys
2009-05-22 03:40 . 2001-08-17 17:2054528----a-wc:\windows\system32\dllcache\opl3sax.sys
2009-05-22 03:40 . 2008-04-13 17:4661696----a-wc:\windows\system32\dllcache\ohci1394.sys
2009-05-22 03:40 . 2001-08-17 17:50198144----a-wc:\windows\system32\dllcache\nv3.sys
2009-05-22 03:40 . 2001-08-18 03:36123776----a-wc:\windows\system32\dllcache\nv3.dll
2009-05-22 03:40 . 2001-08-17 17:4951552----a-wc:\windows\system32\dllcache\ntgrip.sys
2009-05-22 03:40 . 2001-08-18 03:3638912----a-wc:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2009-05-22 03:40 . 2001-08-17 18:479344----a-wc:\windows\system32\dllcache\ntapm.sys
2009-05-22 03:38 . 2001-08-17 19:5635392----a-wc:\windows\system32\dllcache\n9i128.dll
2009-05-22 03:37 . 2001-08-17 19:0235200----a-wc:\windows\system32\dllcache\msgame.sys
2009-05-22 03:36 . 2001-08-18 03:3658880----a-wc:\windows\system32\dllcache\m3092dc.dll
2009-05-22 03:35 . 2004-08-04 10:005632----a-wc:\windows\system32\dllcache\kbdusa.dll
2009-05-22 03:34 . 2001-08-18 03:3690200----a-wc:\windows\system32\dllcache\io8ports.dll
2009-05-22 03:33 . 2001-08-17 17:12100936----a-wc:\windows\system32\dllcache\ibmtok.sys
2009-05-22 03:32 . 2001-08-17 18:2867167----a-wc:\windows\system32\dllcache\hsf_bsc2.sys
2009-05-22 03:31 . 2008-04-13 17:3620352----a-wc:\windows\system32\dllcache\hidbatt.sys
2009-05-22 03:30 . 2001-08-18 03:3671680----a-wc:\windows\system32\dllcache\fnfilter.dll
2009-05-22 03:29 . 2001-08-17 17:1937120----a-wc:\windows\system32\dllcache\es1370mp.sys
2009-05-22 03:28 . 2001-08-17 17:1250719----a-wc:\windows\system32\dllcache\e1000nt5.sys
2009-05-22 03:27 . 2001-08-17 17:1124648----a-wc:\windows\system32\dllcache\dfe650.sys
2009-05-22 03:26 . 2001-08-17 17:1139936----a-wc:\windows\system32\dllcache\cnxt1803.sys
2009-05-22 03:25 . 2001-08-17 18:5113824----a-wc:\windows\system32\dllcache\bulltlp3.sys
2009-05-22 03:24 . 2001-08-17 17:4917152----a-wc:\windows\system32\dllcache\atitvsnd.sys
2009-05-22 03:23 . 2001-08-17 19:5666048----a-wc:\windows\system32\dllcache\s3legacy.dll
2009-05-21 17:20 . 2009-05-21 17:20--------d-sh--wc:\windows\system32\config\systemprofile\IETldCache
2009-05-17 19:08 . 2009-05-17 19:08--------d-----wc:\docume~1\RICKCA~1\APPLIC~1\Malwarebytes
2009-05-17 19:08 . 2009-05-17 19:08--------d-----wc:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-03 03:32 . 2009-05-03 18:11--------d-----wc:\program files\Lavasoft
2009-05-03 03:32 . 2009-05-03 18:11--------d-----wc:\documents and settings\All Users\Application Data\Lavasoft
2009-05-01 22:16 . 2009-05-03 18:13--------d-----wc:\documents and settings\Rick Carter\Tracing
2009-05-01 21:04 . 2009-05-01 21:04--------d-----wc:\program files\Microsoft Sync Framework
2009-05-01 21:03 . 2009-05-01 21:03--------d-----wc:\program files\Microsoft SQL Server Compact Edition
2009-05-01 21:01 . 2009-05-01 21:01--------d-----wc:\program files\Microsoft
2009-05-01 21:01 . 2009-05-03 18:53--------d-----wc:\program files\Windows Live
2009-05-01 20:36 . 2009-05-01 20:36--------d-----wc:\program files\Common Files\Windows Live
2009-05-01 19:46 . 2009-05-01 19:46--------d-----wc:\program files\AML Products
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-24 03:23 . 2005-04-13 13:38--------d-----wc:\program files\Java
2009-05-24 00:19 . 2005-11-08 02:35--------d-----wc:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-23 01:35 . 2007-06-24 03:17--------d-----wc:\program files\ScanSuite
2009-05-21 20:05 . 2008-05-30 10:44--------d-----wc:\documents and settings\All Users\Application Data\avg8
2009-05-18 04:24 . 2008-09-19 14:45--------d-----wc:\docume~1\RICKCA~1\APPLIC~1\OpenOffice.org2
2009-05-17 17:46 . 2007-06-22 02:16--------d-----wc:\program files\FinePixViewer
2009-05-16 16:52 . 2008-05-30 10:4411952----a-wc:\windows\system32\avgrsstx.dll
2009-05-16 16:52 . 2008-05-30 10:44325896----a-wc:\windows\system32\drivers\avgldx86.sys
2009-05-16 16:52 . 2006-12-08 02:4127784----a-wc:\windows\system32\drivers\avgmfx86.sys
2009-05-16 16:52 . 2008-05-30 10:44108552----a-wc:\windows\system32\drivers\avgtdix.sys
2009-05-03 18:09 . 2009-03-17 23:40--------d-----wc:\docume~1\RICKCA~1\APPLIC~1\IObit
2009-05-01 22:15 . 2005-04-18 17:0021008-c--a-wc:\documents and settings\Rick Carter\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-01 19:51 . 2008-02-27 22:32--------d-----wc:\program files\XLView
2009-04-19 03:48 . 2009-04-19 03:48--------d-----wc:\docume~1\RICKCA~1\APPLIC~1\ValuSoft
2009-04-19 03:44 . 2009-04-19 03:44--------d-----wc:\program files\Prison Tycoon 4
2009-04-19 03:44 . 2005-04-13 13:39--------d--h--wc:\program files\InstallShield Installation Information
2009-04-16 02:39 . 2005-09-03 20:49--------d-----wc:\docume~1\RICKCA~1\APPLIC~1\AdobeUM
2009-04-16 01:46 . 2005-04-13 13:53--------d-----wc:\program files\QuickTime
2009-04-15 11:07 . 2007-06-17 19:54--------d-----wc:\program files\Yahoo!
2009-04-14 04:00 . 2009-04-14 04:00--------d-----wc:\program files\TouchStoneSoftware
2009-04-05 18:48 . 2009-04-05 18:48--------d-----wc:\docume~1\RICKCA~1\APPLIC~1\Windows Search
2009-03-18 22:45 . 2007-03-06 15:15348160----a-wc:\windows\system32\msvcr71.dll
2009-03-18 22:45 . 2007-03-06 15:15499712----a-wc:\windows\system32\msvcp71.dll
2009-03-08 09:34 . 2004-08-04 10:00914944----a-wc:\windows\system32\wininet.dll
2009-03-08 09:34 . 2004-08-04 10:0043008----a-wc:\windows\system32\licmgr10.dll
2009-03-08 09:33 . 2004-08-04 10:0018944----a-wc:\windows\system32\corpol.dll
2009-03-08 09:33 . 2004-08-04 10:00420352----a-wc:\windows\system32\vbscript.dll
2009-03-08 09:32 . 2004-08-04 10:0072704----a-wc:\windows\system32\admparse.dll
2009-03-08 09:32 . 2004-08-04 10:0071680----a-wc:\windows\system32\iesetup.dll
2009-03-08 09:31 . 2004-08-04 10:0034816----a-wc:\windows\system32\imgutil.dll
2009-03-08 09:31 . 2004-08-04 10:0048128----a-wc:\windows\system32\mshtmler.dll
2009-03-08 09:31 . 2004-08-04 10:0045568----a-wc:\windows\system32\mshta.exe
2009-03-08 09:22 . 2004-08-04 10:00156160----a-wc:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-04 10:00284160----a-wc:\windows\system32\pdh.dll
2005-11-08 02:05 . 2005-11-08 02:002855080-c--a-wc:\program files\aawsepersonal.exe
.
((((((((((((((((((((((((((((( [emailprotected]_21.44.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-25 23:12 . 2009-05-25 23:1216384 c:\windows\Temp\usgthrsvc\Perflib_Perfdata_180.dat
+ 2009-05-25 23:12 . 2009-05-25 23:1216384 c:\windows\Temp\Perflib_Perfdata_408.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-16 1947928]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-16 1947928]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-18 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-23 148888]
"OutpostMonitor"="c:\progra~1\Agnitum\Outpost Firewall\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05356352----a-wc:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-16 16:5211952----a-wc:\windows\SYSTEM32\avgrsstx.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [5/30/2008 5:44 AM 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [5/30/2008 5:44 AM 108552]
R1 SandBox;SandBox;c:\windows\SYSTEM32\DRIVERS\SandBox.sys [5/24/2009 6:35 PM 704384]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/14/2009 2:22 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/14/2009 2:22 PM 72944]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\Outpost Firewall\acs.exe [5/24/2009 6:33 PM 1195008]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/5/2008 10:41 AM 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/5/2008 10:41 AM 298776]
R3 afw;Agnitum firewall driver;c:\windows\SYSTEM32\DRIVERS\afw.sys [5/24/2009 6:33 PM 31128]
R3 afwcore;afwcore;c:\windows\SYSTEM32\DRIVERS\afwcore.sys [5/24/2009 6:35 PM 257432]
R3 XIRLINK;IBM PC Camera;c:\windows\SYSTEM32\DRIVERS\C-itnt.sys [9/10/2008 5:53 PM 453475]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/14/2009 2:22 PM 7408]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder
2009-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1056457592-2306923782-1649441779-1006.job
- c:\documents and settings\Rick Carter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 14:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636 f6d2f
mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636 f6d2f
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*http://www.yahoo.com
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-25 18:12
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1164)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
- - - - - - - > 'explorer.exe'(3240)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\a-squared Free\a2service.exe
c:\windows\SYSTEM32\bgsvcgen.exe
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SYSTEM32\DRIVERS\KodakCCS.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\SYSTEM32\searchindexer.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\SYSTEM32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-05-25 18:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-25 23:17
ComboFix2.txt 2009-05-25 21:47
Pre-Run: 20,890,476,544 bytes free
Post-Run: 20,872,675,328 bytes free
310--- E O F ---2009-05-13 11:31 OK moving along....
- Click START then RUN
- Now type Combofix /u in the runbox
- Make sure there's a space between Combofix and /u
- Then hit Enter.
.
- The above procedure will:
- Delete the following:
- ComboFix and its associated files and folders.
- Reset the clock settings.
- HIDE file extensions, if required.
- Hide System/Hidden files, if required.
- Set a new, clean Restore Point.
.
----------
Use the Kaspersky Lab Online Scanner
In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.
- Click on SCAN NOW
- Click Accept.
- The program will then begin downloading the latest definition files.
- Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
- The scan will take a while, so be patient and let it finish.
When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As- Next, in the Save as prompt, Save in area, select: Desktop.
- In the File name area use KScan, or something similar.
- In Save as type: click the drop arrow and select: Text file [*.txt]
- Then, click: Save
Copy and paste the Kaspersky Online Scanner Report in your next reply.
Note for Internet Explorer 7 and 8 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
If needed, this animation will guide you through the process.OK, finaly got that done,,,,it did take a while..
It didn't find any malware or anything.
here is the log report.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Monday, May 25, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, May 26, 2009 02:21:06
Records in database: 2246292
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Files scanned: 75975
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 02:50:39
No malware has been detected. The scan area is clean.
The selected area was scanned.Looks good.
Use the Secunia Software Inspector to check for out of date software.
- Click Start Now
- Check the box next to Enable thorough system inspection.
- Click Start
- Allow the scan to finish and scroll down to see if any updates are needed.
- Update anything listed.
.
----------
Go to Microsoft Windows Update and get all critical updates.
----------
I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here
Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Thank you sooooo much Evil....
You have been a life saver, I coul'nt have done it without ya..
Your welcome.
Safe surfing....
|
