Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with multiple trojans Generic10.A0SN,G


  • Please log in to reply
3 replies to this topic

#1 cainst

cainst

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 21 February 2009 - 09:26 PM

I'm trying clean up a laptop that previously wasn't running any antimalware software and was infected with multiple items. I have been able to install and run Spybot, AVG8(Full Internet Suite), CCleaner, and Ad-Aware resulting in multiple detections, removals, and re-infections. However, it is still infected. The desktop icons and taskbar will not load normally or in safemode leaving just the blank background on screen. The three items listed in the title above continue to return after each removal and reboot and I don't know what else to do. Please advise.


DDS (Ver_09-02-01.01) - NTFSx86
Run by HURK at 17:15:54.37 on Sat 02/21/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.107 [GMT -6:00]

AV: CyberDefender Internet Security *On-access scanning enabled* (Updated)
AV: AVG Internet Security *On-access scanning enabled* (Updated)
FW: AVG Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HURK\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/dell?hl=en
uSearch Page = hxxp://www.google.com/hws/sb/dell/en/side.html
uSearch Bar = hxxp://www.google.com/hws/sb/dell/en/side.html
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Hurk's Internet Browser
mWindow Title = Hurk's Internet Browser
mWinlogon: shell=Lynn.exe
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [CyberDefender Early Detection Center] "c:\program files\cyberdefender\antispyware\cdasd.exe" /minimize
uRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [SpybotDeletingD6295] cmd.exe /c del "c:\windows\system32\twain32\local.ds"
uRunOnce: [SpybotDeletingB1478] command.com /c del "c:\windows\system32\twain32\local.ds"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [CyberDefender Early Detection Center] "c:\program files\cyberdefender\antispyware\ISSIntro.exe"
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C}
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234905804250
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234987969531
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: edpglib - edpglib.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL wpcben.dll
STS: {C5BF49A2-94F3-42BD-F434-3604812C8955} - No File
STS: c:\windows\system32\osm3of8s3njd.dll: {c5af42a3-94f3-42bd-f634-3604832c897d} - c:\windows\system32\osm3of8s3njd.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\geBrsTmK

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hurk\applic~1\mozilla\firefox\profiles\ukmy0ezl.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 ati0nuxx;ati0nuxx;c:\windows\system32\drivers\ati0nuxx.sys [2009-2-17 32768]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-2-19 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-19 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-19 27656]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-19 107272]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-2-19 29208]
R3 tcpsr;tcpsr;\??\c:\windows\system32\drivers\tcpsr.sys --> c:\windows\system32\drivers\tcpsr.sys [?]
S0 ati0wdxx;ati0wdxx;c:\windows\system32\drivers\ati0wdxx.sys --> c:\windows\system32\drivers\ati0wdxx.sys [?]
S0 ati1msxx;ati1msxx;c:\windows\system32\drivers\ati1msxx.sys --> c:\windows\system32\drivers\ati1msxx.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-2-19 29208]
S3 CDAVFS;CDAVFS;c:\windows\system32\drivers\CDAVFS.sys [2009-2-21 67424]

=============== Created Last 30 ================

2009-02-21 16:17 16,896 a------- c:\windows\system32\edpglib.dll
2009-02-21 09:41 43 a------- c:\windows\av_affiliate.ini
2009-02-21 09:40 43 a------- c:\windows\as_affiliate.ini
2009-02-21 09:18 67,424 a------- c:\windows\system32\drivers\CDAVFS.sys
2009-02-21 09:17 <DIR> --d----- c:\program files\CyberDefender
2009-02-21 00:13 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-02-20 23:55 1,033,728 a------- c:\windows\Lynn.exe.exe
2009-02-20 21:54 <DIR> --d----- c:\docume~1\hurk\applic~1\Symantec
2009-02-20 21:54 <DIR> --d----- c:\docume~1\hurk\applic~1\Intel
2009-02-20 21:54 <DIR> --d----- c:\documents and settings\HURK
2009-02-20 21:12 <DIR> --d----- c:\windows\system32\NtmsData
2009-02-20 08:20 2 a------- c:\windows\msoffice.ini
2009-02-19 22:12 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-02-19 18:39 0 a------- c:\windows\system32\icf.exe.exe
2009-02-19 17:49 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-19 17:49 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-02-19 17:49 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-02-19 17:49 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-19 17:48 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-02-19 17:45 50,968 a------- c:\windows\system32\avgfwdx.dll
2009-02-19 17:45 29,208 a------- c:\windows\system32\drivers\avgfwdx.sys
2009-02-19 17:45 <DIR> --d----- c:\program files\AVG
2009-02-19 16:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCPitstop
2009-02-19 13:13 <DIR> --d----- c:\windows\system32\scripting
2009-02-19 13:13 <DIR> --d----- c:\windows\l2schemas
2009-02-19 13:13 <DIR> --d----- c:\windows\system32\en
2009-02-19 13:13 <DIR> --d----- c:\windows\system32\bits
2009-02-19 13:02 <DIR> --d----- c:\windows\ServicePackFiles
2009-02-19 09:35 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-19 02:38 276,992 -------- c:\windows\system32\wmphoto.dll
2009-02-19 02:38 69,120 -------- c:\windows\system32\wlanapi.dll
2009-02-19 02:38 346,112 -------- c:\windows\system32\windowscodecsext.dll
2009-02-19 02:38 712,704 -------- c:\windows\system32\windowscodecs.dll
2009-02-19 02:38 25,471 -------- c:\windows\system32\drivers\watv10nt.sys
2009-02-19 02:38 22,271 -------- c:\windows\system32\drivers\watv06nt.sys
2009-02-19 02:38 11,935 -------- c:\windows\system32\drivers\wadv11nt.sys
2009-02-19 02:38 11,871 -------- c:\windows\system32\drivers\wadv09nt.sys
2009-02-19 02:38 11,807 -------- c:\windows\system32\drivers\wadv07nt.sys
2009-02-19 02:38 11,295 -------- c:\windows\system32\drivers\wadv08nt.sys
2009-02-19 02:37 14,208 -------- c:\windows\system32\drivers\wacompen.sys
2009-02-19 02:37 28,672 -------- c:\windows\system32\vidcap.ax
2009-02-19 02:37 11,325 -------- c:\windows\system32\drivers\vchnt5.dll
2009-02-19 02:37 121,984 -------- c:\windows\system32\drivers\usbvideo.sys
2009-02-19 02:37 44,672 -------- c:\windows\system32\drivers\uagp35.sys
2009-02-19 02:36 50,688 -------- c:\windows\system32\tspkg.dll
2009-02-19 02:36 53,248 -------- c:\windows\system32\tsgqec.dll
2009-02-19 02:35 20,992 -------- c:\windows\system32\spupdwxp.exe
2009-02-19 02:33 397,056 -------- c:\windows\system32\s3gnb.dll
2009-02-19 02:33 166,912 -------- c:\windows\system32\drivers\s3gnbm.sys
2009-02-19 02:33 290,304 -------- c:\windows\system32\rhttpaa.dll
2009-02-19 02:33 59,136 -------- c:\windows\system32\drivers\rfcomm.sys
2009-02-19 02:32 13,776 -------- c:\windows\system32\drivers\recagent.sys
2009-02-19 02:32 61,952 -------- c:\windows\system32\rasqec.dll
2009-02-19 02:32 76,800 -------- c:\windows\system32\qutil.dll
2009-02-19 02:31 62,464 -------- c:\windows\system32\qcliprov.dll
2009-02-19 02:31 291,328 -------- c:\windows\system32\qagentrt.dll
2009-02-19 02:31 150,528 -------- c:\windows\system32\qagent.dll
2009-02-19 02:31 412,160 -------- c:\windows\system32\photometadatahandler.dll
2009-02-19 02:30 144,384 -------- c:\windows\system32\onex.dll
2009-02-19 02:29 180,360 -------- c:\windows\system32\drivers\ntmtlfax.sys
2009-02-19 02:29 67,866 -------- c:\windows\system32\drivers\netwlan5.img
2009-02-19 02:28 176,640 -------- c:\windows\system32\napstat.exe
2009-02-19 02:28 193,024 -------- c:\windows\system32\napmontr.dll
2009-02-19 02:28 30,208 -------- c:\windows\system32\napipsec.dll
2009-02-19 02:28 12,672 -------- c:\windows\system32\drivers\mutohpen.sys
2009-02-19 02:28 452,736 -------- c:\windows\system32\drivers\mtxparhm.sys
2009-02-19 02:28 1,737,856 -------- c:\windows\system32\mtxparhd.dll
2009-02-19 02:28 1,309,184 -------- c:\windows\system32\drivers\mtlstrm.sys
2009-02-19 02:28 126,686 -------- c:\windows\system32\drivers\mtlmnt5.sys
2009-02-19 02:28 79,872 -------- c:\windows\system32\msxml6r.dll
2009-02-19 02:28 79,872 -------- c:\windows\system32\dllcache\msxml6r.dll
2009-02-19 02:28 1,307,648 -------- c:\windows\system32\msxml6.dll
2009-02-19 02:28 1,307,648 -------- c:\windows\system32\dllcache\msxml6.dll
2009-02-19 02:27 76,800 -------- c:\windows\system32\msshavmsg.dll
2009-02-19 02:27 155,136 -------- c:\windows\system32\mssha.dll
2009-02-19 02:25 33,792 -------- c:\windows\system32\mmcperf.exe
2009-02-19 02:25 106,496 -------- c:\windows\system32\mmcfxcommon.dll
2009-02-19 02:25 397,312 -------- c:\windows\system32\mmcex.dll
2009-02-19 02:25 184,320 -------- c:\windows\system32\microsoft.managementconsole.dll
2009-02-19 02:23 37,376 -------- c:\windows\system32\l2gpstore.dll
2009-02-19 02:23 61,440 -------- c:\windows\system32\kmsvc.dll
2009-02-19 02:23 6,144 -------- c:\windows\system32\kbdpash.dll
2009-02-19 02:23 6,144 -------- c:\windows\system32\kbdnepr.dll
2009-02-19 02:23 6,144 -------- c:\windows\system32\kbdiultn.dll
2009-02-19 02:23 6,144 -------- c:\windows\system32\kbdbhc.dll
2009-02-19 02:21 10,752 -------- c:\windows\system32\smtpapi.dll
2009-02-19 02:21 9,728 -------- c:\windows\system32\rwnh.dll
2009-02-19 02:21 974 -------- c:\windows\system32\pid.inf
2009-02-19 02:21 9,728 -------- c:\windows\system32\comsdupd.exe
2009-02-19 02:20 1,041,536 -------- c:\windows\system32\drivers\hsfdpsp2.sys
2009-02-19 02:20 685,056 -------- c:\windows\system32\drivers\hsfcxts2.sys
2009-02-19 02:20 220,032 -------- c:\windows\system32\drivers\hsfbs2s2.sys
2009-02-19 02:20 32,285 -------- c:\windows\system32\hsfcisp2.dll
2009-02-19 02:20 25,600 -------- c:\windows\system32\drivers\hidbth.sys
2009-02-19 02:20 144,384 -------- c:\windows\system32\drivers\hdaudbus.sys
2009-02-19 02:19 46,464 -------- c:\windows\system32\drivers\gagp30kx.sys
2009-02-19 02:18 19,569 a------- c:\windows\002997_.tmp
2009-02-19 02:18 20,992 -------- c:\windows\system32\faxpatch.exe
2009-02-19 02:18 59,392 -------- c:\windows\system32\eapqec.dll
2009-02-19 02:18 40,960 -------- c:\windows\system32\eappprxy.dll
2009-02-19 02:18 33,792 -------- c:\windows\system32\eapsvc.dll
2009-02-19 02:18 180,224 -------- c:\windows\system32\eapphost.dll
2009-02-19 02:18 126,976 -------- c:\windows\system32\eappcfg.dll
2009-02-19 02:18 94,208 -------- c:\windows\system32\eappgnui.dll
2009-02-19 02:18 184,832 -------- c:\windows\system32\eapp3hst.dll
2009-02-19 02:18 30,720 -------- c:\windows\system32\eapolqec.dll
2009-02-19 02:17 650,752 -------- c:\windows\system32\dot3ui.dll
2009-02-19 02:17 132,096 -------- c:\windows\system32\dot3svc.dll
2009-02-19 02:17 56,320 -------- c:\windows\system32\dot3msm.dll
2009-02-19 02:17 9,216 -------- c:\windows\system32\dot3dlg.dll
2009-02-19 02:17 57,856 -------- c:\windows\system32\dot3cfg.dll
2009-02-19 02:17 39,936 -------- c:\windows\system32\dot3gpclnt.dll
2009-02-19 02:17 26,112 -------- c:\windows\system32\dot3api.dll
2009-02-19 02:17 39,936 -------- c:\windows\system32\dimsroam.dll
2009-02-19 02:17 19,456 -------- c:\windows\system32\dimsntfy.dll
2009-02-19 02:17 48,640 -------- c:\windows\system32\dhcpqec.dll
2009-02-19 02:17 129,045 -------- c:\windows\system32\drivers\cxthsfs2.cty
2009-02-19 02:17 12,800 -------- c:\windows\system32\credssp.dll
2009-02-19 02:14 870,784 -------- c:\windows\system32\ati3d1ag.dll
2009-02-19 02:13 136,192 -------- c:\windows\system32\aaclient.dll
2009-02-19 02:11 <DIR> --d----- c:\program files\Lavasoft
2009-02-18 15:52 <DIR> --d----- c:\program files\Microsoft Common
2009-02-18 15:08 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-18 14:58 <DIR> --d----- c:\program files\CCleaner
2009-02-18 14:39 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-02-18 14:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-02-18 14:29 <DIR> --d----- c:\program files\PCPitstop
2009-02-18 13:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-02-17 18:26 15,000 a------- c:\windows\system32\osm3of8s3njd.dll
2009-02-17 18:23 32,768 a------- c:\windows\system32\drivers\ati0nuxx.sys
2009-02-17 17:52 869 a------- c:\windows\system32\MRT.INI
2009-02-17 17:52 <DIR> --d----- c:\windows\system32\MpEngineStore
2009-02-17 17:33 <DIR> --d----- C:\57d790400756180c770af9538a2fcdfd
2009-02-17 16:06 459,264 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-02-17 16:06 52,224 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-17 16:06 267,776 -------- c:\windows\system32\dllcache\iertutil.dll
2009-02-17 16:06 63,488 -------- c:\windows\system32\dllcache\icardie.dll
2009-02-17 16:06 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-17 16:06 383,488 -------- c:\windows\system32\dllcache\ieapfltr.dll
2009-02-17 16:06 2,455,488 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-02-17 16:05 991,232 -------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-17 16:05 6,066,688 -------- c:\windows\system32\dllcache\ieframe.dll
2009-02-17 16:04 333,952 -------- c:\windows\system32\dllcache\srv.sys
2009-02-17 16:00 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-17 15:59 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2009-02-17 15:59 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-17 15:59 2,189,184 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-17 15:59 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-17 15:59 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-17 15:58 1,846,400 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-17 15:58 331,776 -------- c:\windows\system32\dllcache\msadce.dll
2009-02-17 15:56 691,712 -------- c:\windows\system32\dllcache\inetcomm.dll
2009-02-17 15:54 272,128 -------- c:\windows\system32\dllcache\bthport.sys
2009-02-17 15:54 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-02-17 15:53 203,136 -------- c:\windows\system32\dllcache\rmcast.sys
2009-02-17 15:25 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-02-17 14:38 0 a------- C:\604079565
2009-02-17 14:38 8,704 a------- C:\jttgds.exe
2009-02-17 14:34 3,200 a--sh--- c:\windows\system32\KmTsrBeg.ini
2009-02-17 11:52 121 ---sh--- c:\windows\system32\rcoupocj.ini
2009-02-17 11:31 <DIR> --d----- c:\program files\common files\?racle
2009-02-15 13:53 143 a------- c:\windows\system32\mcrh.tmp
2009-02-15 08:55 <DIR> --d----- c:\windows\pss

==================== Find3M ====================

2009-02-21 04:05 14,336 a------- c:\windows\system32\svchost.exe
2009-02-21 04:05 14,336 a------- c:\windows\system32\dllcache\svchost.exe
2009-02-19 16:17 182,678 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2009-02-19 13:21 88,859 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-17 17:52 1,310 a------- C:\xcrashdump.dat
2009-01-16 21:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-19 03:10 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-18 23:25 634,024 -------- c:\windows\system32\dllcache\iexplore.exe
2008-12-18 23:23 161,792 -------- c:\windows\system32\dllcache\ieakui.dll

============= FINISH: 17:17:17.73 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/13/2006 9:10:24 AM
System Uptime: 2/21/2009 4:15:43 PM (1 hours ago)

Motherboard: Dell Inc. | | 0UF414
Processor: Intel® Pentium® M processor 1.70GHz | Microprocessor | 1695/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 70 GiB total, 57.747 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: WAN Miniport (L2TP)
Device ID: ROOT\MS_L2TPMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (L2TP)
PNP Device ID: ROOT\MS_L2TPMINIPORT\0000
Service: Rasl2tp

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================


Ad-Aware
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0
ALPS Touch Pad Driver
AOL Toolbar
AOLIcon
ArcSoft PhotoImpression 5
ATI Control Panel
ATI Display Driver
AVG 8.0
Broadcom Management Programs 2
CCleaner (remove only)
Conexant D110 MDC V.9x Modem
CyberDefender Early Detection Center
Dell Driver Reset Tool
Dell Support Center
Dell System Restore
DellSupport
Digital Content Portal
Digital Line Detect
Digital Video
EarthLink setup files
EducateU
ELIcon
EPSON CX6000 Series User's Guide
EPSON Printer Software
EPSON Scan
EPSON Stylus CX6000 Scanner Driver Update
ESPNMotion
GemMaster Mystic
Get High Speed Internet!
Google AFE
Google Desktop
Google Toolbar for Internet Explorer
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Intel® PROSet/Wireless Software
Internal Network Card Power Management
Java 2 Runtime Environment, SE v1.4.2_03
Learn2 Player (Uninstall Only)
LiveUpdate 2.7 (Symantec Corporation)
Macromedia Shockwave Player
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft ActiveSync 4.0
Microsoft Creative Writer 2
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Standard 2006
Microsoft Digital Image Standard 2006 Editor
Microsoft Digital Image Standard 2006 Library
Microsoft Encarta Encyclopedia Standard 2006
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Outlook 2002
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Streets & Trips 2006
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.0.6)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
mToolkit
Musicmatch for Windows Media Player
mWlsSafe
mXML
mZConfig
NetWaiting
NetZeroInstallers
Otto
PC Pitstop Exterminate2 2.0
PowerDVD 5.5
Qualxserve Service Agreement
QuickSet
QuickTime
RealPlayer Basic
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Shockwave
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy
The Print Shop 20
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Wal-Mart Digital Photo Manager
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB908250
Windows XP Service Pack 3
Works Upgrade

==== Event Viewer Messages From Past Week ========

2/17/2009 6:08:04 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Windows Malicious Software Removal Tool - February 2009 (KB890830).
2/17/2009 5:57:07 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Security Update for Internet Explorer 7 for Windows XP (KB938127).
2/17/2009 12:49:45 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}
2/17/2009 12:07:09 PM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s).
2/17/2009 12:04:40 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.
2/17/2009 12:01:09 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
2/17/2009 12:00:31 PM, error: Service Control Manager [7034] - The AOL Antivirus Update Service service terminated unexpectedly. It has done this 1 time(s).
2/17/2009 12:00:11 PM, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
2/17/2009 11:42:28 AM, error: Service Control Manager [7000] - The Terminal Services service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/17/2009 11:42:28 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the TermService service.
2/17/2009 11:28:37 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/17/2009 11:28:37 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
2/17/2009 11:20:40 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
2/17/2009 11:20:39 AM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
2/17/2009 11:20:38 AM, error: Dhcp [1002] - The IP address lease 192.168.100.2 for the Network Card with network address 001422EBC3CE has been denied by the DHCP server 69.1.30.42 (The DHCP Server sent a DHCPNACK message).
2/17/2009 11:16:20 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
2/15/2009 2:34:17 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
2/15/2009 2:04:16 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
2/17/2009 6:25:14 PM, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
2/17/2009 6:25:54 PM, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
2/17/2009 6:26:02 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 3 time(s).
2/17/2009 6:41:18 PM, error: Service Control Manager [7034] - The NICCONFIGSVC service terminated unexpectedly. It has done this 1 time(s).
2/17/2009 7:12:51 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ICF service to connect.
2/17/2009 7:30:03 PM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
2/17/2009 7:30:03 PM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
2/17/2009 7:35:17 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the FCI service to connect.
2/17/2009 7:35:17 PM, error: Service Control Manager [7000] - The FCI service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/17/2009 9:00:03 PM, error: Service Control Manager [7000] - The Microsoft Kernel Acoustic Echo Canceller service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/17/2009 9:18:44 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/17/2009 9:19:17 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV Fips intelppm
2/17/2009 9:19:23 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000098' while processing the file 'TDPIPE.sys' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
2/17/2009 9:43:54 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
2/17/2009 9:43:54 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/17/2009 9:43:54 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
2/17/2009 9:43:54 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/17/2009 9:43:54 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV Fips intelppm IPSec MPFIREWL MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
2/17/2009 9:44:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
2/17/2009 9:54:55 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}
2/17/2009 10:08:07 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
2/17/2009 10:15:04 PM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/17/2009 11:17:25 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000098' while processing the file 'Afc.sys' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
2/18/2009 1:45:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
2/18/2009 1:47:31 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
2/18/2009 1:47:31 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. .
2/18/2009 1:47:31 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\AVG\AVG8\avgssie.dll. Reference error message: The operation completed successfully. .
2/18/2009 1:47:33 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\AVG\AVG8\avgpp.dll. Reference error message: The operation completed successfully. .
2/18/2009 1:48:03 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\AVG\AVG8\Firefox\components\avgssff.dll. Reference error message: The operation completed successfully. .
2/18/2009 1:48:10 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\AVG\AVG8\avgtbapi.dll. Reference error message: The operation completed successfully. .
2/18/2009 1:50:04 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\AVG\AVG8\avgfrw.exe. Reference error message: The operation completed successfully. .
2/18/2009 1:50:11 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\AVG\AVG8\avgui.exe. Reference error message: The operation completed successfully. .
2/18/2009 1:52:14 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\AVG\AVG8\avgse.dll. Reference error message: The operation completed successfully. .
2/18/2009 1:55:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2/18/2009 2:12:54 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\AVG\AVG8\avgoff2k.dll. Reference error message: The operation completed successfully. .
2/18/2009 3:51:46 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\avgrsstx.dll. Reference error message: The operation completed successfully. .
2/18/2009 3:52:08 PM, error: SideBySide [59] - Generate Activation Context failed for C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe. Reference error message: The operation completed successfully. .
2/18/2009 3:52:08 PM, error: SideBySide [59] - Generate Activation Context failed for C:\PROGRA~1\AVG\AVG8\avgfws8.exe. Reference error message: The operation completed successfully. .
2/18/2009 3:50:47 PM, error: Service Control Manager [7000] - The AVG8 WatchDog service failed to start due to the following error: This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem.
2/18/2009 3:50:47 PM, error: Service Control Manager [7000] - The AVG8 Firewall service failed to start due to the following error: This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem.
2/18/2009 5:49:29 PM, error: SideBySide [59] - Generate Activation Context failed for C:\PROGRA~1\AVG\AVG8\avgtray.exe. Reference error message: The operation completed successfully. .
2/18/2009 6:53:17 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV AvgLdx86 AvgMfx86 Fips intelppm
2/19/2009 10:39:23 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
2/19/2009 6:11:22 PM, error: Service Control Manager [7000] - The Microsoft Kernel Acoustic Echo Canceller service failed to start due to the following error: Access is denied.
2/19/2009 6:41:39 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Media Center Receiver Service service to connect.
2/19/2009 7:10:20 PM, error: Service Control Manager [7000] - The ICF service failed to start due to the following error: Access is denied.
2/19/2009 9:58:41 PM, error: Service Control Manager [7034] - The Media Center Scheduler Service service terminated unexpectedly. It has done this 1 time(s).
2/20/2009 8:47:13 AM, error: Service Control Manager [7034] - The EvtEng service terminated unexpectedly. It has done this 1 time(s).
2/20/2009 8:47:18 AM, error: Service Control Manager [7034] - The Spectrum24 Event Monitor service terminated unexpectedly. It has done this 1 time(s).
2/20/2009 8:47:23 AM, error: Service Control Manager [7034] - The WLANKEEPER service terminated unexpectedly. It has done this 1 time(s).
2/20/2009 9:11:48 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
2/21/2009 8:35:23 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the w32time service.
2/21/2009 8:35:23 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the wuauserv service.
2/17/2009 8:59:23 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\drivers\aec.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2601.2180.
2/19/2009 12:07:00 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\drivers\mskssrv.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.3.2600.2180.
2/19/2009 12:07:02 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file rasl2tp.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.2180.
2/20/2009 10:08:13 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file explorer.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5512.

==== End Of File ===========================

Attached Files



BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:06:53 PM

Posted 04 March 2009 - 03:37 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 cainst

cainst
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 04 March 2009 - 04:53 PM

Thanks,
I am glad to be here and I'm looking forward to gaining the advice from the BC community.
At first I had a computer that was just overwhelmed by spyware, trojans, and viruses. After reading several threads and using various anti-malware programs from malwarebytes to hijackthis I haven't discovered any remaining or new threats. However, either the malware or the anti-malware programs resulted in a damaged system. When I boot into normal or safemode the only thing that comes up is the "my documents" folder. I don't have a taskbar, start menu, desktop icons, or the ability to drag icons to the desktop. The new logs are below.



DDS LOG
DDS (Ver_09-02-01.01) - NTFSx86
Run by HURK at 15:19:32.28 on Wed 03/04/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.166 [GMT -6:00]

AV: AVG Internet Security *On-access scanning disabled* (Updated)
FW: AVG Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\EHTray.exe
C:\Documents and Settings\HURK\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [HostManager] c:\program files\common files\aol\1169351415\ee\AOLSoftware.exe
mRun: [EPSON Stylus CX6000 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibia.exe /fu "c:\windows\temp\E_SA3.tmp" /EF "HKLM"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [%PROVIDERID%] "bin\sprtcmd.exe" /P %PROVIDERID%
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: &Google Search
IE: &Translate English Word
IE: Backward Links
IE: Cached Snapshot of Page
IE: Similar Pages
IE: Translate Page into English
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234905804250
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234987969531
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hurk\applic~1\mozilla\firefox\profiles\ukmy0ezl.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - component: c:\documents and settings\hurk\application data\mozilla\firefox\profiles\ukmy0ezl.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-2-19 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-19 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-19 27656]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-19 107272]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-19 298264]
R2 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe [2009-2-19 1339600]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-2-19 29208]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-2-19 29208]
S3 CDAVFS;CDAVFS;c:\windows\system32\drivers\CDAVFS.sys [2009-2-21 67424]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-2-21 33752]

=============== Created Last 30 ================

2009-03-02 15:58 <DIR> --d----- c:\program files\common files\supportsoft
2009-03-02 15:31 <DIR> --d----- c:\program files\PCCheckupOnline
2009-03-02 15:25 0 a------- c:\windows\system32\null
2009-03-02 13:09 7,168 -c------ c:\windows\system32\dllcache\bitsprx4.dll
2009-03-02 13:09 7,168 -------- c:\windows\system32\bitsprx4.dll
2009-03-01 00:33 <DIR> --d----- C:\Security
2009-03-01 00:26 <DIR> --d----- c:\program files\Microsoft
2009-03-01 00:15 288,768 -------- c:\windows\system32\rhttpaa.dll
2009-03-01 00:15 36,352 -------- c:\windows\system32\tsgqec.dll
2009-03-01 00:15 116,736 -------- c:\windows\system32\aaclient.dll
2009-02-28 20:18 161,792 a------- c:\windows\SWREG.exe
2009-02-28 20:18 98,816 a------- c:\windows\sed.exe
2009-02-28 03:32 268,648 a------- c:\windows\system32\mucltui.dll
2009-02-28 03:32 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-02-28 03:28 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-28 03:28 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-02-28 03:28 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-02-28 03:28 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-28 03:28 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-02-28 03:28 6,066,688 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-02-28 03:28 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-02-28 03:28 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-02-28 03:28 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-02-28 00:55 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-02-27 23:12 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-02-27 19:41 1,852,416 a------- c:\windows\system32\dllcache\acgenral.dll
2009-02-27 19:40 561,664 a------- c:\windows\system32\dllcache\msobmain.dll
2009-02-27 19:39 384,000 a------- c:\windows\system32\dllcache\ipsmsnap.dll
2009-02-27 19:38 385,024 a------- c:\windows\system32\dllcache\qdvd.dll
2009-02-27 19:37 574,464 ac------ c:\windows\system32\dllcache\ntfs.sys
2009-02-27 15:03 <DIR> --d----- C:\8f7f47fa79a1ca64c3066b6febb63558
2009-02-27 06:56 483,840 a------- c:\windows\system32\SET148.tmp
2009-02-27 06:56 52,736 a------- c:\windows\system32\SET149.tmp
2009-02-27 06:56 6,656 a------- c:\windows\system32\SET11D6.tmp
2009-02-27 06:56 18,432 a------- c:\windows\system32\SET14B.tmp
2009-02-27 06:56 22,528 a------- c:\windows\system32\SET14D.tmp
2009-02-27 06:56 19,456 a------- c:\windows\system32\SET14F.tmp
2009-02-27 06:56 82,432 a------- c:\windows\system32\SET157.tmp
2009-02-27 06:56 80,896 a------- c:\windows\system32\SET11DB.tmp
2009-02-27 06:56 19,968 a------- c:\windows\system32\SET156.tmp
2009-02-27 06:56 264,192 a------- c:\windows\system32\SET15A.tmp
2009-02-27 06:54 18,944 a------- c:\windows\system32\SET1D1.tmp
2009-02-27 06:53 247,808 a------- c:\windows\system32\SET27C.tmp
2009-02-27 06:52 18,944 a------- c:\windows\system32\SET308.tmp
2009-02-27 06:52 981,760 a------- c:\windows\system32\SET30A.tmp
2009-02-27 06:52 118,272 a------- c:\windows\system32\SET30E.tmp
2009-02-27 06:52 13,312 a------- c:\windows\system32\SET316.tmp
2009-02-27 06:52 97,280 a------- c:\windows\system32\SET31D.tmp
2009-02-27 06:52 33,280 a------- c:\windows\system32\SET326.tmp
2009-02-27 06:52 299,520 a------- c:\windows\system32\SET328.tmp
2009-02-27 06:52 512,000 a------- c:\windows\system32\SET32C.tmp
2009-02-27 06:51 183,808 a------- c:\windows\system32\SET33B.tmp
2009-02-27 06:51 331,264 a------- c:\windows\system32\SET33F.tmp
2009-02-27 06:51 94,720 a------- c:\windows\system32\SET341.tmp
2009-02-27 06:51 17,408 a------- c:\windows\system32\SET343.tmp
2009-02-27 06:51 75,264 a------- c:\windows\system32\SET34A.tmp
2009-02-27 06:51 110,080 a------- c:\windows\system32\SET34F.tmp
2009-02-27 06:51 251,904 a------- c:\windows\system32\SET35A.tmp
2009-02-27 06:49 59,904 a------- c:\windows\system32\SET3E6.tmp
2009-02-27 03:37 262,535,200 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-02-27 03:37 3,077,660 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-02-27 03:36 <DIR> --d----- c:\program files\Virus Removal Tool
2009-02-26 22:26 73,728 ac------ c:\windows\system32\dllcache\ehresja.dll
2009-02-26 22:26 69,632 ac------ c:\windows\system32\dllcache\ehresko.dll
2009-02-26 22:26 69,632 ac------ c:\windows\system32\dllcache\ehresfr.dll
2009-02-26 22:26 69,632 ac------ c:\windows\system32\dllcache\ehresde.dll
2009-02-26 22:24 12,288 ac------ c:\windows\system32\dllcache\EXCH_smtpctrs.dll
2009-02-26 22:23 92,416 ac------ c:\windows\system32\dllcache\mga.sys
2009-02-26 22:22 7,680 ac------ c:\windows\system32\dllcache\ftpctrs2.dll
2009-02-26 22:21 10,240 a------- c:\windows\system32\dllcache\npwmsdrm.dll
2009-02-26 22:21 364,544 a------- c:\windows\system32\dllcache\npdsplay.dll
2009-02-26 22:21 4,639 a------- c:\windows\system32\dllcache\mplayer2.exe
2009-02-26 22:21 7,168 ac------ c:\windows\system32\dllcache\wamregps.dll
2009-02-26 22:21 19,968 ac------ c:\windows\system32\dllcache\inetsloc.dll
2009-02-26 22:21 7,680 ac------ c:\windows\system32\dllcache\inetmgr.exe
2009-02-26 22:21 169,984 ac------ c:\windows\system32\dllcache\iisui.dll
2009-02-26 22:21 14,336 ac------ c:\windows\system32\dllcache\iisreset.exe
2009-02-26 22:21 5,632 ac------ c:\windows\system32\dllcache\iisrstap.dll
2009-02-26 22:21 6,144 ac------ c:\windows\system32\dllcache\ftpsapi2.dll
2009-02-26 22:21 94,720 ac------ c:\windows\system32\dllcache\certmap.ocx
2009-02-26 22:13 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-02-26 22:13 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-02-26 22:13 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-02-26 22:13 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-02-26 22:12 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-02-26 22:12 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-02-26 22:12 16,384 ac------ c:\windows\system32\dllcache\isignup.exe
2009-02-26 21:02 24,661 ac------ c:\windows\system32\dllcache\spxcoins.dll
2009-02-26 21:02 13,312 ac------ c:\windows\system32\dllcache\irclass.dll
2009-02-26 21:02 24,661 a------- c:\windows\system32\spxcoins.dll
2009-02-26 21:02 13,312 a------- c:\windows\system32\irclass.dll
2009-02-26 14:45 <DIR> --d----- c:\windows\dell
2009-02-25 20:05 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-02-25 18:44 90,327 a------- c:\windows\setupapi.old
2009-02-25 13:45 <DIR> --d----- c:\program files\Trend Micro
2009-02-24 12:56 7,680 a--sh--- c:\windows\system32\Thumbs.db
2009-02-24 11:13 <DIR> --d----- c:\docume~1\hurk\applic~1\IObit
2009-02-24 00:16 <DIR> --d----- c:\docume~1\hurk\applic~1\Malwarebytes
2009-02-24 00:16 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-24 00:16 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-24 00:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-24 00:16 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-21 21:39 21,504 a------- c:\windows\system32\drivers\hidserv.dll
2009-02-21 21:30 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-02-21 09:18 67,424 a------- c:\windows\system32\drivers\CDAVFS.sys
2009-02-21 00:13 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-02-20 23:55 1,033,728 a------- c:\windows\explorer3.exe
2009-02-20 21:54 <DIR> --d----- c:\docume~1\hurk\applic~1\Symantec
2009-02-20 21:54 <DIR> --d----- c:\docume~1\hurk\applic~1\Intel
2009-02-20 21:54 <DIR> --d----- c:\documents and settings\HURK
2009-02-20 21:12 <DIR> --d----- c:\windows\system32\NtmsData
2009-02-20 08:20 2 a------- c:\windows\msoffice.ini
2009-02-19 22:12 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-02-19 17:49 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-19 17:49 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-02-19 17:49 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-02-19 17:49 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-19 17:48 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-02-19 17:45 50,968 a------- c:\windows\system32\avgfwdx.dll
2009-02-19 17:45 29,208 a------- c:\windows\system32\drivers\avgfwdx.sys
2009-02-19 17:45 <DIR> --d----- c:\program files\AVG
2009-02-19 16:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCPitstop
2009-02-19 13:13 <DIR> --d----- c:\windows\system32\scripting
2009-02-19 13:13 <DIR> --d----- c:\windows\l2schemas
2009-02-19 13:13 <DIR> --d----- c:\windows\system32\en
2009-02-19 13:13 <DIR> --d----- c:\windows\system32\bits
2009-02-19 02:34 7,680 a------- c:\windows\system32\spdwnwxp.exe
2009-02-19 02:18 19,569 a------- c:\windows\002997_.tmp
2009-02-18 14:39 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-02-18 14:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-02-18 13:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-02-17 17:52 869 a------- c:\windows\system32\MRT.INI
2009-02-17 17:52 <DIR> --d----- c:\windows\system32\MpEngineStore
2009-02-17 17:33 <DIR> --d----- C:\57d790400756180c770af9538a2fcdfd
2009-02-17 15:25 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-02-17 14:38 0 a------- C:\604079565
2009-02-15 08:55 <DIR> --d----- c:\windows\pss

==================== Find3M ====================

2009-02-27 16:38 88,859 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-26 22:09 34,380 a------- c:\windows\system32\emptyregdb.dat
2008-12-20 17:15 826,368 a------- c:\windows\system32\wininet.dll
2008-12-11 05:57 333,184 a------- c:\windows\system32\dllcache\srv.sys

============= FINISH: 15:20:38.79 ===============

Attached Files



#4 cainst

cainst
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 05 March 2009 - 02:27 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K



KoanYorel,
Thanks for getting back to me on this issue. Before this issue I had no idea how prevalent the need existed for such advice. You guys here and on other sites as well are doing everyone a great service. Unfortunately, in my case time has become a critical factor and I have decided to do a pc restore to return everything back to how it was on day1. Thanks again for your help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users