Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible im infected again! ugggh!!


  • This topic is locked This topic is locked
34 replies to this topic

#1 lindaga35

lindaga35

  • Members
  • 384 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:52 PM

Posted 21 May 2009 - 11:30 PM

DDS (Ver_09-05-14.01) - NTFSx86
Run by DAN at 0:25:35.14 on Fri 05/22/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.703.259 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\WINDOWS\system32\lxdxcoms.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\DAN\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [QuickenBillminder] c:\program files\quicken\Billmind.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [lxdxamon] "c:\program files\lexmark 3600-4600 series\lxdxamon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\docume~1\dan\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mri_di~1\miniey~1.lnk - c:\program files\infinite mind lc\eyeq\ARLaunch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mri_di~1\quicke~1.lnk - c:\program files\quicken\bagent.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242006968593
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dan\applic~1\mozilla\firefox\profiles\uudntwys.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-16 11608]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-5-16 353672]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-5-17 717320]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2009-5-16 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-16 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-16 185089]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2009-5-16 432897]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-16 55640]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-3-24 7808]
S2 mrtRate;mrtRate; [x]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2007-8-16 13824]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2007-10-12 99200]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913D.sys [2009-5-12 29824]

=============== Created Last 30 ================

2009-05-19 15:51 <DIR> --d----- c:\windows\system32\Adobe
2009-05-17 22:06 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-05-17 22:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-05-17 21:59 <DIR> --d----- c:\program files\Bonjour
2009-05-17 15:29 <DIR> --d----- c:\program files\a-squared Free
2009-05-17 15:26 <DIR> --d----- c:\program files\SpywareBlaster
2009-05-17 15:07 <DIR> --d----- c:\program files\Secunia
2009-05-17 02:13 <DIR> --d----- c:\docume~1\dan\applic~1\Avira
2009-05-16 15:13 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-05-16 15:13 1,221,512 a------- c:\windows\system32\zpeng25.dll
2009-05-16 15:13 <DIR> --d----- c:\windows\system32\ZoneLabs
2009-05-16 15:13 <DIR> --d----- c:\program files\Zone Labs
2009-05-16 15:13 350,192 a------- c:\windows\system32\vsconfig.xml
2009-05-16 15:10 <DIR> --d----- c:\windows\Internet Logs
2009-05-16 15:08 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-05-16 13:00 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-05-16 13:00 <DIR> --d----- c:\program files\Avira
2009-05-16 13:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-05-16 10:25 <DIR> --d----- C:\6816f988ef6df77e5a
2009-05-16 10:24 <DIR> --d----- c:\windows\SxsCaPendDel
2009-05-15 15:09 <DIR> --d----- c:\windows\system32\scripting
2009-05-15 15:09 <DIR> --d----- c:\windows\l2schemas
2009-05-15 15:09 <DIR> --d----- c:\windows\system32\en
2009-05-15 14:57 <DIR> --d----- c:\windows\network diagnostic
2009-05-15 00:08 <DIR> --d----- c:\program files\Windows Live Toolbar
2009-05-15 00:07 <DIR> --d----- c:\program files\Windows SteadyState
2009-05-13 06:57 <DIR> --d----- c:\docume~1\dan\applic~1\GetRightToGo
2009-05-12 21:15 <DIR> --d----- c:\program files\Yahoo!
2009-05-12 20:49 35 a------- c:\windows\Pt.dll
2009-05-12 20:45 0 a------- c:\windows\PTWebCam.INI
2009-05-12 20:39 29,824 a------- c:\windows\system32\drivers\Capt913D.sys
2009-05-12 20:39 24,832 a------- c:\windows\system32\drivers\Camd913D.sys
2009-05-12 20:39 <DIR> --d----- c:\program files\913D Camera
2009-05-12 18:56 <DIR> --d----- c:\program files\trend micro
2009-05-12 07:06 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-05-12 07:06 268,648 a------- c:\windows\system32\mucltui.dll
2009-05-11 21:29 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-11 21:29 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-11 21:18 <DIR> --d----- c:\program files\filehippo.com
2009-05-11 13:41 <DIR> -cd-h--- c:\windows\ie8
2009-05-11 09:59 2,544 a------- c:\windows\system32\OEMINFO.PNF
2009-05-11 05:21 <DIR> --d----- c:\program files\Defraggler
2009-05-11 00:42 <DIR> --dsh--- c:\documents and settings\dan\IECompatCache
2009-05-11 00:39 <DIR> --d----- c:\docume~1\dan\applic~1\Malwarebytes
2009-05-11 00:39 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-11 00:39 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-11 00:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-11 00:39 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-11 00:37 <DIR> --d----- c:\program files\CCleaner
2009-05-10 23:08 <DIR> --dsh--- c:\documents and settings\dan\PrivacIE
2009-05-10 23:05 <DIR> --dsh--- c:\documents and settings\dan\IETldCache
2009-05-10 23:00 <DIR> --d----- c:\windows\ie8updates
2009-05-10 22:53 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-05-10 22:49 102,400 -------- c:\windows\system32\dllcache\iecompat.dll
2009-05-10 22:24 <DIR> --d----- c:\docume~1\dan\applic~1\Lexmark Productivity Studio
2009-05-10 21:51 69,120 -------- c:\windows\system32\wlanapi.dll
2009-05-10 21:50 50,688 -------- c:\windows\system32\tspkg.dll
2009-05-10 21:50 53,248 -------- c:\windows\system32\tsgqec.dll
2009-05-10 21:50 32,768 -------- c:\windows\system32\setupn.exe
2009-05-10 21:50 10,240 -------- c:\windows\system32\drivers\sffp_mmc.sys
2009-05-10 21:50 290,304 -------- c:\windows\system32\rhttpaa.dll
2009-05-10 21:49 61,952 -------- c:\windows\system32\rasqec.dll
2009-05-10 21:49 76,800 -------- c:\windows\system32\qutil.dll
2009-05-10 21:49 291,328 -------- c:\windows\system32\qagentrt.dll
2009-05-10 21:49 62,464 -------- c:\windows\system32\qcliprov.dll
2009-05-10 21:49 150,528 -------- c:\windows\system32\qagent.dll
2009-05-10 21:49 144,384 -------- c:\windows\system32\onex.dll
2009-05-10 21:48 176,640 -------- c:\windows\system32\napstat.exe
2009-05-10 21:48 193,024 -------- c:\windows\system32\napmontr.dll
2009-05-10 21:48 30,208 -------- c:\windows\system32\napipsec.dll
2009-05-10 21:48 79,872 a------- c:\windows\system32\msxml6r.dll
2009-05-10 21:48 79,872 -------- c:\windows\system32\dllcache\msxml6r.dll
2009-05-10 21:48 1,306,624 -------- c:\windows\system32\dllcache\msxml6.dll
2009-05-10 21:48 155,136 -------- c:\windows\system32\mssha.dll
2009-05-10 21:48 76,800 -------- c:\windows\system32\msshavmsg.dll
2009-05-10 21:48 33,792 -------- c:\windows\system32\mmcperf.exe
2009-05-10 21:48 397,312 -------- c:\windows\system32\mmcex.dll
2009-05-10 21:48 106,496 -------- c:\windows\system32\mmcfxcommon.dll
2009-05-10 21:48 184,320 -------- c:\windows\system32\microsoft.managementconsole.dll
2009-05-10 21:46 650,752 -------- c:\windows\system32\dot3ui.dll
2009-05-10 21:46 132,096 -------- c:\windows\system32\dot3svc.dll
2009-05-10 21:46 57,856 -------- c:\windows\system32\dot3cfg.dll
2009-05-10 21:46 56,320 -------- c:\windows\system32\dot3msm.dll
2009-05-10 21:46 39,936 -------- c:\windows\system32\dot3gpclnt.dll
2009-05-10 21:46 26,112 -------- c:\windows\system32\dot3api.dll
2009-05-10 21:46 9,216 -------- c:\windows\system32\dot3dlg.dll
2009-05-10 21:46 39,936 -------- c:\windows\system32\dimsroam.dll
2009-05-10 21:46 19,456 -------- c:\windows\system32\dimsntfy.dll
2009-05-10 21:46 48,640 -------- c:\windows\system32\dhcpqec.dll
2009-05-10 21:46 12,800 -------- c:\windows\system32\credssp.dll
2009-05-10 21:46 233,472 -------- c:\windows\system32\azroles.dll
2009-05-10 21:46 136,192 -------- c:\windows\system32\aaclient.dll
2009-05-10 21:44 <DIR> --d----- C:\logs
2009-05-10 21:43 40,960 a------- c:\windows\system32\lxdxvs.dll
2009-05-10 21:43 360,448 a------- c:\windows\system32\lxdxcoin.dll
2009-05-10 21:42 60,996 a------- c:\windows\system32\lxdxprpr.chm
2009-05-10 21:41 782,336 a------- c:\windows\system32\lxdxdrs.dll
2009-05-10 21:41 81,920 a------- c:\windows\system32\lxdxcaps.dll
2009-05-10 21:41 69,632 a------- c:\windows\system32\lxdxcnv4.dll
2009-05-10 21:39 <DIR> --d----- c:\program files\Abbyy FineReader 6.0 Sprint
2009-05-10 21:35 <DIR> --d----- c:\program files\Lexmark Toolbar
2009-05-10 21:35 44 a------- c:\windows\system32\lxdxrwrd.ini
2009-05-10 21:33 376,832 a------- c:\windows\system32\lxdxcomm.dll
2009-05-10 21:33 851,968 a------- c:\windows\system32\lxdxcomc.dll
2009-05-10 21:33 365,224 a------- c:\windows\system32\lxdxcfg.exe
2009-05-10 21:33 77,906 a------- c:\windows\system32\LXDXcfg.dll
2009-05-10 21:33 1,875 a------- c:\windows\system32\lxdx.loc
2009-05-10 21:33 76,481 a------- c:\windows\system32\LexFiles.ulf
2009-05-10 21:33 <DIR> --d----- c:\program files\Lexmark 3600-4600 Series
2009-05-10 21:05 504 a------- c:\windows\intuprof.ini
2009-05-10 20:34 74,240 -------- c:\windows\system32\dllcache\mscms.dll
2009-05-10 20:34 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2009-05-10 20:34 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-05-10 20:33 253,952 -------- c:\windows\system32\dllcache\es.dll
2009-05-10 20:33 7,168 -------- c:\windows\system32\bitsprx4.dll
2009-05-10 20:32 144,896 -------- c:\windows\system32\dllcache\schannel.dll
2009-05-10 20:27 161,792 -------- c:\windows\system32\dllcache\msdtcuiu.dll
2009-05-10 20:27 91,648 -------- c:\windows\system32\dllcache\mtxoci.dll
2009-05-10 20:27 66,560 -------- c:\windows\system32\dllcache\mtxclu.dll
2009-05-10 20:27 956,928 -------- c:\windows\system32\dllcache\msdtctm.dll
2009-05-10 20:27 58,880 -------- c:\windows\system32\dllcache\msdtclog.dll
2009-05-10 20:27 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-05-10 20:26 8,461,312 -------- c:\windows\system32\dllcache\shell32.dll
2009-05-10 20:26 333,952 -------- c:\windows\system32\dllcache\srv.sys
2009-05-10 20:26 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-05-10 20:26 331,776 -------- c:\windows\system32\dllcache\msadce.dll
2009-05-10 20:26 691,712 -------- c:\windows\system32\dllcache\inetcomm.dll
2009-05-10 20:25 138,496 -------- c:\windows\system32\dllcache\afd.sys
2009-05-10 20:25 361,600 -------- c:\windows\system32\dllcache\tcpip.sys
2009-05-10 20:25 245,248 -------- c:\windows\system32\dllcache\mswsock.dll
2009-05-10 20:25 225,856 -------- c:\windows\system32\dllcache\tcpip6.sys
2009-05-10 20:25 147,968 -------- c:\windows\system32\dllcache\dnsapi.dll
2009-05-10 20:25 354,304 -------- c:\windows\system32\dllcache\winhttp.dll
2009-05-10 20:24 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2009-05-10 20:24 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2009-05-10 20:21 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-05-10 20:21 215,552 -------- c:\windows\system32\dllcache\wordpad.exe

==================== Find3M ====================

2009-05-15 15:14 82,763 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-24 07:03 7,808 a------- c:\windows\system32\drivers\psi_mf.sys
2009-03-08 14:09 638,816 a------- c:\windows\system32\dllcache\iexplore.exe
2009-03-08 14:09 391,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 04:41 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-03-08 04:39 11,063,808 a------- c:\windows\system32\dllcache\ieframe.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\dllcache\wininet.dll
2009-03-08 04:34 1,206,784 a------- c:\windows\system32\dllcache\urlmon.dll
2009-03-08 04:34 236,544 a------- c:\windows\system32\dllcache\webcheck.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 04:34 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-03-08 04:34 193,536 a------- c:\windows\system32\dllcache\msrating.dll
2009-03-08 04:34 109,568 a------- c:\windows\system32\dllcache\occache.dll
2009-03-08 04:33 759,296 a------- c:\windows\system32\dllcache\VGX.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\dllcache\corpol.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 04:33 726,528 a------- c:\windows\system32\dllcache\jscript.dll
2009-03-08 04:33 229,376 a------- c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\dllcache\vbscript.dll
2009-03-08 04:33 125,952 a------- c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\dllcache\admparse.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 04:32 163,840 a------- c:\windows\system32\dllcache\ieakui.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\dllcache\iesetup.dll
2009-03-08 04:32 55,808 a------- c:\windows\system32\dllcache\iernonce.dll
2009-03-08 04:32 128,512 a------- c:\windows\system32\dllcache\advpack.dll
2009-03-08 04:32 94,720 a------- c:\windows\system32\dllcache\inseng.dll
2009-03-08 04:32 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 04:32 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-03-08 04:32 611,840 a------- c:\windows\system32\dllcache\mstime.dll
2009-03-08 04:24 68,608 a------- c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\dllcache\msls31.dll
2009-03-08 04:11 445,952 a------- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 10:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll

============= FINISH: 0:26:50.18 ===============

BC AdBot (Login to Remove)

 


m

#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:02:52 PM

Posted 04 June 2009 - 07:24 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 lindaga35

lindaga35
  • Topic Starter

  • Members
  • 384 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:52 PM

Posted 04 June 2009 - 10:16 PM

DDS (Ver_09-05-14.01) - NTFSx86
Run by DAN at 23:10:44.45 on Thu 06/04/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.703.307 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdxcoms.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\DAN\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [QuickenBillminder] c:\program files\quicken\Billmind.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [lxdxamon] "c:\program files\lexmark 3600-4600 series\lxdxamon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
StartupFolder: c:\docume~1\dan\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mri_di~1\miniey~1.lnk - c:\program files\infinite mind lc\eyeq\ARLaunch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mri_di~1\quicke~1.lnk - c:\program files\quicken\bagent.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242006968593
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} - hxxps://care.windstream.com/lwp/static/installers/WebflowActiveXInstaller_3-0-0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} - hxxps://care.windstream.com/lwp/static/installers/ALLTELControls.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dan\applic~1\mozilla\firefox\profiles\uudntwys.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-16 11608]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-5-16 353672]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-5-17 717320]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2009-5-16 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-16 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-16 185089]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2009-5-16 432897]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-16 55640]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S2 mrtRate;mrtRate; [x]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2007-8-16 13824]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2007-10-12 99200]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913D.sys [2009-5-12 29824]

=============== Created Last 30 ================

2009-05-28 07:31 50 a------- c:\windows\cdplayer.ini
2009-05-24 20:33 589,824 a------- c:\windows\system32\MCCDNSHLP_1-0-0_DSR.dll
2009-05-24 20:33 <DIR> --d----- c:\program files\common files\Motive
2009-05-23 09:23 <DIR> --d----- c:\program files\common files\xing shared
2009-05-19 15:51 <DIR> --d----- c:\windows\system32\Adobe
2009-05-17 22:06 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-05-17 22:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-05-17 21:59 <DIR> --d----- c:\program files\Bonjour
2009-05-17 15:29 <DIR> --d----- c:\program files\a-squared Free
2009-05-17 15:26 <DIR> --d----- c:\program files\SpywareBlaster
2009-05-17 02:13 <DIR> --d----- c:\docume~1\dan\applic~1\Avira
2009-05-16 15:13 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-05-16 15:13 1,221,512 a------- c:\windows\system32\zpeng25.dll
2009-05-16 15:13 <DIR> --d----- c:\windows\system32\ZoneLabs
2009-05-16 15:13 <DIR> --d----- c:\program files\Zone Labs
2009-05-16 15:13 350,192 a------- c:\windows\system32\vsconfig.xml
2009-05-16 15:10 <DIR> --d----- c:\windows\Internet Logs
2009-05-16 15:08 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-05-16 13:00 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-05-16 13:00 <DIR> --d----- c:\program files\Avira
2009-05-16 13:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-05-16 10:25 <DIR> --d----- C:\6816f988ef6df77e5a
2009-05-16 10:24 <DIR> --d----- c:\windows\SxsCaPendDel
2009-05-15 15:09 <DIR> --d----- c:\windows\system32\scripting
2009-05-15 15:09 <DIR> --d----- c:\windows\l2schemas
2009-05-15 15:09 <DIR> --d----- c:\windows\system32\en
2009-05-15 14:57 <DIR> --d----- c:\windows\network diagnostic
2009-05-15 06:52 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-05-15 00:08 <DIR> --d----- c:\program files\Windows Live Toolbar
2009-05-15 00:07 <DIR> --d----- c:\program files\Windows SteadyState
2009-05-13 06:57 <DIR> --d----- c:\docume~1\dan\applic~1\GetRightToGo
2009-05-12 21:15 <DIR> --d----- c:\program files\Yahoo!
2009-05-12 20:49 35 a------- c:\windows\Pt.dll
2009-05-12 20:45 0 a------- c:\windows\PTWebCam.INI
2009-05-12 20:39 29,824 a------- c:\windows\system32\drivers\Capt913D.sys
2009-05-12 20:39 24,832 a------- c:\windows\system32\drivers\Camd913D.sys
2009-05-12 20:39 <DIR> --d----- c:\program files\913D Camera
2009-05-12 18:56 <DIR> --d----- c:\program files\trend micro
2009-05-12 07:06 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-05-12 07:06 268,648 a------- c:\windows\system32\mucltui.dll
2009-05-11 21:29 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-11 21:29 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-11 21:18 <DIR> --d----- c:\program files\filehippo.com
2009-05-11 13:41 <DIR> -cd-h--- c:\windows\ie8
2009-05-11 09:59 2,544 a------- c:\windows\system32\OEMINFO.PNF
2009-05-11 05:21 <DIR> --d----- c:\program files\Defraggler
2009-05-11 00:42 <DIR> --dsh--- c:\documents and settings\dan\IECompatCache
2009-05-11 00:39 <DIR> --d----- c:\docume~1\dan\applic~1\Malwarebytes
2009-05-11 00:39 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-11 00:39 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-11 00:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-11 00:39 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-11 00:37 <DIR> --d----- c:\program files\CCleaner
2009-05-10 23:08 <DIR> --dsh--- c:\documents and settings\dan\PrivacIE
2009-05-10 23:05 <DIR> --dsh--- c:\documents and settings\dan\IETldCache
2009-05-10 23:00 <DIR> --d----- c:\windows\ie8updates
2009-05-10 22:53 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-05-10 22:49 102,400 -------- c:\windows\system32\dllcache\iecompat.dll
2009-05-10 22:24 <DIR> --d----- c:\docume~1\dan\applic~1\Lexmark Productivity Studio
2009-05-10 21:51 69,120 -------- c:\windows\system32\wlanapi.dll
2009-05-10 21:50 50,688 -------- c:\windows\system32\tspkg.dll
2009-05-10 21:50 53,248 -------- c:\windows\system32\tsgqec.dll
2009-05-10 21:50 32,768 -------- c:\windows\system32\setupn.exe
2009-05-10 21:50 10,240 -------- c:\windows\system32\drivers\sffp_mmc.sys
2009-05-10 21:50 290,304 -------- c:\windows\system32\rhttpaa.dll
2009-05-10 21:49 61,952 -------- c:\windows\system32\rasqec.dll
2009-05-10 21:49 76,800 -------- c:\windows\system32\qutil.dll
2009-05-10 21:49 291,328 -------- c:\windows\system32\qagentrt.dll
2009-05-10 21:49 62,464 -------- c:\windows\system32\qcliprov.dll
2009-05-10 21:49 150,528 -------- c:\windows\system32\qagent.dll
2009-05-10 21:49 144,384 -------- c:\windows\system32\onex.dll
2009-05-10 21:47 37,376 -------- c:\windows\system32\l2gpstore.dll
2009-05-10 21:46 650,752 -------- c:\windows\system32\dot3ui.dll
2009-05-10 21:46 132,096 -------- c:\windows\system32\dot3svc.dll
2009-05-10 21:46 57,856 -------- c:\windows\system32\dot3cfg.dll
2009-05-10 21:46 56,320 -------- c:\windows\system32\dot3msm.dll
2009-05-10 21:46 39,936 -------- c:\windows\system32\dot3gpclnt.dll
2009-05-10 21:46 26,112 -------- c:\windows\system32\dot3api.dll
2009-05-10 21:46 9,216 -------- c:\windows\system32\dot3dlg.dll
2009-05-10 21:46 39,936 -------- c:\windows\system32\dimsroam.dll
2009-05-10 21:46 19,456 -------- c:\windows\system32\dimsntfy.dll
2009-05-10 21:46 48,640 -------- c:\windows\system32\dhcpqec.dll
2009-05-10 21:46 12,800 -------- c:\windows\system32\credssp.dll
2009-05-10 21:46 233,472 -------- c:\windows\system32\azroles.dll
2009-05-10 21:46 136,192 -------- c:\windows\system32\aaclient.dll
2009-05-10 21:44 <DIR> --d----- C:\logs
2009-05-10 21:43 40,960 a------- c:\windows\system32\lxdxvs.dll
2009-05-10 21:43 360,448 a------- c:\windows\system32\lxdxcoin.dll
2009-05-10 21:42 60,996 a------- c:\windows\system32\lxdxprpr.chm
2009-05-10 21:41 782,336 a------- c:\windows\system32\lxdxdrs.dll
2009-05-10 21:41 81,920 a------- c:\windows\system32\lxdxcaps.dll
2009-05-10 21:41 69,632 a------- c:\windows\system32\lxdxcnv4.dll
2009-05-10 21:39 <DIR> --d----- c:\program files\Abbyy FineReader 6.0 Sprint
2009-05-10 21:35 <DIR> --d----- c:\program files\Lexmark Toolbar
2009-05-10 21:35 44 a------- c:\windows\system32\lxdxrwrd.ini
2009-05-10 21:33 376,832 a------- c:\windows\system32\lxdxcomm.dll
2009-05-10 21:33 851,968 a------- c:\windows\system32\lxdxcomc.dll
2009-05-10 21:33 365,224 a------- c:\windows\system32\lxdxcfg.exe
2009-05-10 21:33 77,906 a------- c:\windows\system32\LXDXcfg.dll
2009-05-10 21:33 1,875 a------- c:\windows\system32\lxdx.loc
2009-05-10 21:33 76,481 a------- c:\windows\system32\LexFiles.ulf
2009-05-10 21:33 <DIR> --d----- c:\program files\Lexmark 3600-4600 Series
2009-05-10 21:05 504 a------- c:\windows\intuprof.ini
2009-05-10 20:34 74,240 -------- c:\windows\system32\dllcache\mscms.dll
2009-05-10 20:34 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2009-05-10 20:34 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-05-10 20:33 253,952 -------- c:\windows\system32\dllcache\es.dll
2009-05-10 20:33 7,168 -------- c:\windows\system32\bitsprx4.dll
2009-05-10 20:32 144,896 -------- c:\windows\system32\dllcache\schannel.dll
2009-05-10 20:27 161,792 -------- c:\windows\system32\dllcache\msdtcuiu.dll
2009-05-10 20:27 91,648 -------- c:\windows\system32\dllcache\mtxoci.dll
2009-05-10 20:27 66,560 -------- c:\windows\system32\dllcache\mtxclu.dll
2009-05-10 20:27 956,928 -------- c:\windows\system32\dllcache\msdtctm.dll
2009-05-10 20:27 58,880 -------- c:\windows\system32\dllcache\msdtclog.dll
2009-05-10 20:27 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-05-10 20:26 8,461,312 -------- c:\windows\system32\dllcache\shell32.dll
2009-05-10 20:26 333,952 -------- c:\windows\system32\dllcache\srv.sys
2009-05-10 20:26 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-05-10 20:26 331,776 -------- c:\windows\system32\dllcache\msadce.dll
2009-05-10 20:26 691,712 -------- c:\windows\system32\dllcache\inetcomm.dll
2009-05-10 20:25 138,496 -------- c:\windows\system32\dllcache\afd.sys
2009-05-10 20:25 361,600 -------- c:\windows\system32\dllcache\tcpip.sys
2009-05-10 20:25 245,248 -------- c:\windows\system32\dllcache\mswsock.dll
2009-05-10 20:25 225,856 -------- c:\windows\system32\dllcache\tcpip6.sys
2009-05-10 20:25 147,968 -------- c:\windows\system32\dllcache\dnsapi.dll
2009-05-10 20:25 354,304 -------- c:\windows\system32\dllcache\winhttp.dll
2009-05-10 20:24 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2009-05-10 20:24 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2009-05-10 20:21 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-05-10 20:21 215,552 -------- c:\windows\system32\dllcache\wordpad.exe

==================== Find3M ====================

2009-05-23 09:22 348,160 a------- c:\windows\system32\msvcr71.dll
2009-05-23 09:22 499,712 a------- c:\windows\system32\msvcp71.dll
2009-05-15 15:14 82,763 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-13 22:10 524,288 a------- c:\windows\opuc.dll
2009-03-08 14:09 638,816 a------- c:\windows\system32\dllcache\iexplore.exe
2009-03-08 14:09 391,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 04:41 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-03-08 04:39 11,063,808 a------- c:\windows\system32\dllcache\ieframe.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\dllcache\wininet.dll
2009-03-08 04:34 1,206,784 a------- c:\windows\system32\dllcache\urlmon.dll
2009-03-08 04:34 236,544 a------- c:\windows\system32\dllcache\webcheck.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 04:34 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-03-08 04:34 193,536 a------- c:\windows\system32\dllcache\msrating.dll
2009-03-08 04:34 109,568 a------- c:\windows\system32\dllcache\occache.dll
2009-03-08 04:33 759,296 a------- c:\windows\system32\dllcache\VGX.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\dllcache\corpol.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 04:33 726,528 a------- c:\windows\system32\dllcache\jscript.dll
2009-03-08 04:33 229,376 a------- c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\dllcache\vbscript.dll
2009-03-08 04:33 125,952 a------- c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\dllcache\admparse.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 04:32 163,840 a------- c:\windows\system32\dllcache\ieakui.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\dllcache\iesetup.dll
2009-03-08 04:32 55,808 a------- c:\windows\system32\dllcache\iernonce.dll
2009-03-08 04:32 128,512 a------- c:\windows\system32\dllcache\advpack.dll
2009-03-08 04:32 94,720 a------- c:\windows\system32\dllcache\inseng.dll
2009-03-08 04:32 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 04:32 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-03-08 04:32 611,840 a------- c:\windows\system32\dllcache\mstime.dll
2009-03-08 04:24 68,608 a------- c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\dllcache\msls31.dll
2009-03-08 04:11 445,952 a------- c:\windows\system32\dllcache\ieapfltr.dll

============= FINISH: 23:12:11.84 ===============


there was a hidden object item that was found in a earlier scan.

Linda

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:52 PM

Posted 06 June 2009 - 07:36 PM

Hello.

there was a hidden object item that was found in a earlier scan.

What was that hidden object?

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Download and Run Scan with GMER

We will use GMER to scan for rootkits.This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • When you have done this, close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program. Right-click and select Run As Administrator... if you are using Vista
  • Allow the gmer.sys driver to load if asked.
    If it detects rootkit activity, you will receive a prompt (refer below) to run a full scan. Click NO..
    Posted Image
  • In the right panel, you will see several boxes that have been checked. Please UNCHECK the following:
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show all (Don't miss this one!)
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

If GMER doesn't work in Normal Mode try running it in Safe Mode

Note: Do Not run any program while GMER is running
*Note*: Rootkit scans often produce false positives. Do NOT take any actions on "<--- ROOKIT" entries

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 lindaga35

lindaga35
  • Topic Starter

  • Members
  • 384 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:52 PM

Posted 07 June 2009 - 09:30 AM

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-07 10:11:00
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xF1673FC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xF1670C80]
SSDT F85EDCB6 ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xF1674580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xF1688900]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xF1688B10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xF168CB10]
SSDT F85EDCAC ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xF1674670]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xF1671210]
SSDT F85EDCBB ZwDeleteKey
SSDT F85EDCC5 ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xF1688280]
SSDT F85EDCCA ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xF168BF90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xF1671070]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xF168A180]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xF1689F40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xF168C6F0]
SSDT F85EDCD4 ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xF1673BE0]
SSDT F85EDCCF ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xF1674190]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xF1671440]
SSDT F85EDCC0 ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xF1689200]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xF1689080]

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- EOF - GMER 1.0.15 ----


Malwarebytes' Anti-Malware 1.37
Database version: 2243
Windows 5.1.2600 Service Pack 3

6/7/2009 10:24:57 AM
mbam-log-2009-06-07 (10-24-57).txt

Scan type: Quick Scan
Objects scanned: 100699
Time elapsed: 6 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:52 PM

Posted 07 June 2009 - 03:10 PM

Hello.

What was that hidden object?


Also, let me know what problems or symtpoms you still have on this computer.

Take a New DDS log for me as well.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 lindaga35

lindaga35
  • Topic Starter

  • Members
  • 384 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:52 PM

Posted 08 June 2009 - 05:27 PM

im so sorry i dont remember what the hidden file was it just showed it was hidden.

its running ok now, maybe it was just a glitch. who knows.

thanks,

Linda



DDS (Ver_09-05-14.01) - NTFSx86
Run by DAN at 18:15:58.09 on Mon 06/08/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.703.339 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdxcoms.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\DAN\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [QuickenBillminder] c:\program files\quicken\Billmind.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [lxdxamon] "c:\program files\lexmark 3600-4600 series\lxdxamon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
StartupFolder: c:\docume~1\dan\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mri_di~1\miniey~1.lnk - c:\program files\infinite mind lc\eyeq\ARLaunch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mri_di~1\quicke~1.lnk - c:\program files\quicken\bagent.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242006968593
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} - hxxps://care.windstream.com/lwp/static/installers/WebflowActiveXInstaller_3-0-0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} - hxxps://care.windstream.com/lwp/static/installers/ALLTELControls.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dan\applic~1\mozilla\firefox\profiles\uudntwys.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-16 11608]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-5-16 353672]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-5-17 717320]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2009-5-16 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-16 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-16 185089]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2009-5-16 432897]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-16 55640]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S2 mrtRate;mrtRate; [x]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2007-8-16 13824]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2007-10-12 99200]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913D.sys [2009-5-12 29824]

=============== Created Last 30 ================

2009-06-07 17:18 3,245 a------- c:\windows\system32\wbem\Outlook_01c9e7b58d5425ae.mof
2009-06-05 20:43 94 a------- c:\windows\family.ini
2009-06-05 07:29 16,640 a----r-- c:\windows\system32\drivers\PalmUSBD.sys
2009-06-05 07:25 <DIR> --d----- c:\program files\Palm
2009-05-28 07:31 50 a------- c:\windows\cdplayer.ini
2009-05-24 20:33 589,824 a------- c:\windows\system32\MCCDNSHLP_1-0-0_DSR.dll
2009-05-24 20:33 <DIR> --d----- c:\program files\common files\Motive
2009-05-23 09:23 <DIR> --d----- c:\program files\common files\xing shared
2009-05-19 15:51 <DIR> --d----- c:\windows\system32\Adobe
2009-05-17 22:06 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-05-17 22:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-05-17 21:59 <DIR> --d----- c:\program files\Bonjour
2009-05-17 15:29 <DIR> --d----- c:\program files\a-squared Free
2009-05-17 15:26 <DIR> --d----- c:\program files\SpywareBlaster
2009-05-17 02:13 <DIR> --d----- c:\docume~1\dan\applic~1\Avira
2009-05-16 15:13 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-05-16 15:13 1,221,512 a------- c:\windows\system32\zpeng25.dll
2009-05-16 15:13 <DIR> --d----- c:\windows\system32\ZoneLabs
2009-05-16 15:13 <DIR> --d----- c:\program files\Zone Labs
2009-05-16 15:13 350,192 a------- c:\windows\system32\vsconfig.xml
2009-05-16 15:10 <DIR> --d----- c:\windows\Internet Logs
2009-05-16 15:08 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-05-16 13:00 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-05-16 13:00 <DIR> --d----- c:\program files\Avira
2009-05-16 13:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-05-16 10:25 <DIR> --d----- C:\6816f988ef6df77e5a
2009-05-16 10:24 <DIR> --d----- c:\windows\SxsCaPendDel
2009-05-15 15:09 <DIR> --d----- c:\windows\system32\scripting
2009-05-15 15:09 <DIR> --d----- c:\windows\l2schemas
2009-05-15 15:09 <DIR> --d----- c:\windows\system32\en
2009-05-15 14:57 <DIR> --d----- c:\windows\network diagnostic
2009-05-15 06:52 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-05-15 00:08 <DIR> --d----- c:\program files\Windows Live Toolbar
2009-05-15 00:07 <DIR> --d----- c:\program files\Windows SteadyState
2009-05-13 06:57 <DIR> --d----- c:\docume~1\dan\applic~1\GetRightToGo
2009-05-12 21:15 <DIR> --d----- c:\program files\Yahoo!
2009-05-12 20:49 35 a------- c:\windows\Pt.dll
2009-05-12 20:45 0 a------- c:\windows\PTWebCam.INI
2009-05-12 20:39 29,824 a------- c:\windows\system32\drivers\Capt913D.sys
2009-05-12 20:39 24,832 a------- c:\windows\system32\drivers\Camd913D.sys
2009-05-12 20:39 <DIR> --d----- c:\program files\913D Camera
2009-05-12 18:56 <DIR> --d----- c:\program files\trend micro
2009-05-12 07:06 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-05-12 07:06 268,648 a------- c:\windows\system32\mucltui.dll
2009-05-11 21:29 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-11 21:29 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-11 21:18 <DIR> --d----- c:\program files\filehippo.com
2009-05-11 13:41 <DIR> -cd-h--- c:\windows\ie8
2009-05-11 09:59 2,544 a------- c:\windows\system32\OEMINFO.PNF
2009-05-11 05:21 <DIR> --d----- c:\program files\Defraggler
2009-05-11 00:42 <DIR> --dsh--- c:\documents and settings\dan\IECompatCache
2009-05-11 00:39 <DIR> --d----- c:\docume~1\dan\applic~1\Malwarebytes
2009-05-11 00:39 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-11 00:39 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-11 00:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-11 00:39 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-11 00:37 <DIR> --d----- c:\program files\CCleaner
2009-05-10 23:08 <DIR> --dsh--- c:\documents and settings\dan\PrivacIE
2009-05-10 23:05 <DIR> --dsh--- c:\documents and settings\dan\IETldCache
2009-05-10 23:00 <DIR> --d----- c:\windows\ie8updates
2009-05-10 22:53 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-05-10 22:49 102,400 -------- c:\windows\system32\dllcache\iecompat.dll
2009-05-10 22:24 <DIR> --d----- c:\docume~1\dan\applic~1\Lexmark Productivity Studio
2009-05-10 21:51 69,120 -------- c:\windows\system32\wlanapi.dll
2009-05-10 21:50 50,688 -------- c:\windows\system32\tspkg.dll
2009-05-10 21:50 53,248 -------- c:\windows\system32\tsgqec.dll
2009-05-10 21:50 32,768 -------- c:\windows\system32\setupn.exe
2009-05-10 21:50 10,240 -------- c:\windows\system32\drivers\sffp_mmc.sys
2009-05-10 21:50 290,304 -------- c:\windows\system32\rhttpaa.dll
2009-05-10 21:49 61,952 -------- c:\windows\system32\rasqec.dll
2009-05-10 21:49 76,800 -------- c:\windows\system32\qutil.dll
2009-05-10 21:49 291,328 -------- c:\windows\system32\qagentrt.dll
2009-05-10 21:49 62,464 -------- c:\windows\system32\qcliprov.dll
2009-05-10 21:49 150,528 -------- c:\windows\system32\qagent.dll
2009-05-10 21:49 144,384 -------- c:\windows\system32\onex.dll
2009-05-10 21:47 37,376 -------- c:\windows\system32\l2gpstore.dll
2009-05-10 21:46 650,752 -------- c:\windows\system32\dot3ui.dll
2009-05-10 21:46 132,096 -------- c:\windows\system32\dot3svc.dll
2009-05-10 21:46 57,856 -------- c:\windows\system32\dot3cfg.dll
2009-05-10 21:46 56,320 -------- c:\windows\system32\dot3msm.dll
2009-05-10 21:46 39,936 -------- c:\windows\system32\dot3gpclnt.dll
2009-05-10 21:46 26,112 -------- c:\windows\system32\dot3api.dll
2009-05-10 21:46 9,216 -------- c:\windows\system32\dot3dlg.dll
2009-05-10 21:46 39,936 -------- c:\windows\system32\dimsroam.dll
2009-05-10 21:46 19,456 -------- c:\windows\system32\dimsntfy.dll
2009-05-10 21:46 48,640 -------- c:\windows\system32\dhcpqec.dll
2009-05-10 21:46 12,800 -------- c:\windows\system32\credssp.dll
2009-05-10 21:46 233,472 -------- c:\windows\system32\azroles.dll
2009-05-10 21:46 136,192 -------- c:\windows\system32\aaclient.dll
2009-05-10 21:44 <DIR> --d----- C:\logs
2009-05-10 21:43 40,960 a------- c:\windows\system32\lxdxvs.dll
2009-05-10 21:43 360,448 a------- c:\windows\system32\lxdxcoin.dll
2009-05-10 21:42 60,996 a------- c:\windows\system32\lxdxprpr.chm
2009-05-10 21:41 782,336 a------- c:\windows\system32\lxdxdrs.dll
2009-05-10 21:41 81,920 a------- c:\windows\system32\lxdxcaps.dll
2009-05-10 21:41 69,632 a------- c:\windows\system32\lxdxcnv4.dll
2009-05-10 21:39 <DIR> --d----- c:\program files\Abbyy FineReader 6.0 Sprint
2009-05-10 21:35 <DIR> --d----- c:\program files\Lexmark Toolbar
2009-05-10 21:35 44 a------- c:\windows\system32\lxdxrwrd.ini
2009-05-10 21:33 376,832 a------- c:\windows\system32\lxdxcomm.dll
2009-05-10 21:33 851,968 a------- c:\windows\system32\lxdxcomc.dll
2009-05-10 21:33 365,224 a------- c:\windows\system32\lxdxcfg.exe
2009-05-10 21:33 77,906 a------- c:\windows\system32\LXDXcfg.dll
2009-05-10 21:33 1,875 a------- c:\windows\system32\lxdx.loc
2009-05-10 21:33 76,481 a------- c:\windows\system32\LexFiles.ulf
2009-05-10 21:33 <DIR> --d----- c:\program files\Lexmark 3600-4600 Series
2009-05-10 21:05 504 a------- c:\windows\intuprof.ini
2009-05-10 20:34 74,240 -------- c:\windows\system32\dllcache\mscms.dll
2009-05-10 20:34 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2009-05-10 20:34 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-05-10 20:33 253,952 -------- c:\windows\system32\dllcache\es.dll
2009-05-10 20:33 7,168 -------- c:\windows\system32\bitsprx4.dll
2009-05-10 20:32 144,896 -------- c:\windows\system32\dllcache\schannel.dll
2009-05-10 20:27 161,792 -------- c:\windows\system32\dllcache\msdtcuiu.dll
2009-05-10 20:27 91,648 -------- c:\windows\system32\dllcache\mtxoci.dll
2009-05-10 20:27 66,560 -------- c:\windows\system32\dllcache\mtxclu.dll
2009-05-10 20:27 956,928 -------- c:\windows\system32\dllcache\msdtctm.dll
2009-05-10 20:27 58,880 -------- c:\windows\system32\dllcache\msdtclog.dll
2009-05-10 20:27 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-05-10 20:26 8,461,312 -------- c:\windows\system32\dllcache\shell32.dll
2009-05-10 20:26 333,952 -------- c:\windows\system32\dllcache\srv.sys
2009-05-10 20:26 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-05-10 20:26 331,776 -------- c:\windows\system32\dllcache\msadce.dll
2009-05-10 20:26 691,712 -------- c:\windows\system32\dllcache\inetcomm.dll
2009-05-10 20:25 138,496 -------- c:\windows\system32\dllcache\afd.sys
2009-05-10 20:25 361,600 -------- c:\windows\system32\dllcache\tcpip.sys
2009-05-10 20:25 245,248 -------- c:\windows\system32\dllcache\mswsock.dll
2009-05-10 20:25 225,856 -------- c:\windows\system32\dllcache\tcpip6.sys
2009-05-10 20:25 147,968 -------- c:\windows\system32\dllcache\dnsapi.dll
2009-05-10 20:25 354,304 -------- c:\windows\system32\dllcache\winhttp.dll
2009-05-10 20:24 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2009-05-10 20:24 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2009-05-10 20:21 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-05-10 20:21 215,552 -------- c:\windows\system32\dllcache\wordpad.exe

==================== Find3M ====================

2009-05-23 09:22 348,160 a------- c:\windows\system32\msvcr71.dll
2009-05-23 09:22 499,712 a------- c:\windows\system32\msvcp71.dll
2009-05-15 15:14 82,763 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-13 22:10 524,288 a------- c:\windows\opuc.dll

============= FINISH: 18:17:22.03 ===============

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:52 PM

Posted 08 June 2009 - 07:39 PM

Don't worry about it.

Let's update Java and run an online scan.

Update Java to Version 6 Update 14

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for Java Runtime Environment (JRE) JRE 6 Update 14.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Open the Kaspersky WebScanner
    page.
  • Click on the Posted Image button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Posted Image button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis if needed.

Take a new DDS run for me. Post both ATTACH and DDS log.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 lindaga35

lindaga35
  • Topic Starter

  • Members
  • 384 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:52 PM

Posted 09 June 2009 - 05:24 PM

DDS (Ver_09-05-14.01) - NTFSx86
Run by DAN at 18:15:58.09 on Mon 06/08/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.703.339 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdxcoms.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\DAN\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [QuickenBillminder] c:\program files\quicken\Billmind.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [lxdxamon] "c:\program files\lexmark 3600-4600 series\lxdxamon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
StartupFolder: c:\docume~1\dan\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mri_di~1\miniey~1.lnk - c:\program files\infinite mind lc\eyeq\ARLaunch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mri_di~1\quicke~1.lnk - c:\program files\quicken\bagent.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242006968593
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} - hxxps://care.windstream.com/lwp/static/installers/WebflowActiveXInstaller_3-0-0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} - hxxps://care.windstream.com/lwp/static/installers/ALLTELControls.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dan\applic~1\mozilla\firefox\profiles\uudntwys.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-16 11608]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-5-16 353672]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-5-17 717320]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2009-5-16 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-16 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-16 185089]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2009-5-16 432897]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-16 55640]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S2 mrtRate;mrtRate; [x]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2007-8-16 13824]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2007-10-12 99200]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913D.sys [2009-5-12 29824]

=============== Created Last 30 ================

2009-06-07 17:18 3,245 a------- c:\windows\system32\wbem\Outlook_01c9e7b58d5425ae.mof
2009-06-05 20:43 94 a------- c:\windows\family.ini
2009-06-05 07:29 16,640 a----r-- c:\windows\system32\drivers\PalmUSBD.sys
2009-06-05 07:25 <DIR> --d----- c:\program files\Palm
2009-05-28 07:31 50 a------- c:\windows\cdplayer.ini
2009-05-24 20:33 589,824 a------- c:\windows\system32\MCCDNSHLP_1-0-0_DSR.dll
2009-05-24 20:33 <DIR> --d----- c:\program files\common files\Motive
2009-05-23 09:23 <DIR> --d----- c:\program files\common files\xing shared
2009-05-19 15:51 <DIR> --d----- c:\windows\system32\Adobe
2009-05-17 22:06 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-05-17 22:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-05-17 21:59 <DIR> --d----- c:\program files\Bonjour
2009-05-17 15:29 <DIR> --d----- c:\program files\a-squared Free
2009-05-17 15:26 <DIR> --d----- c:\program files\SpywareBlaster
2009-05-17 02:13 <DIR> --d----- c:\docume~1\dan\applic~1\Avira
2009-05-16 15:13 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-05-16 15:13 1,221,512 a------- c:\windows\system32\zpeng25.dll
2009-05-16 15:13 <DIR> --d----- c:\windows\system32\ZoneLabs
2009-05-16 15:13 <DIR> --d----- c:\program files\Zone Labs
2009-05-16 15:13 350,192 a------- c:\windows\system32\vsconfig.xml
2009-05-16 15:10 <DIR> --d----- c:\windows\Internet Logs
2009-05-16 15:08 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-05-16 13:00 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-05-16 13:00 <DIR> --d----- c:\program files\Avira
2009-05-16 13:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-05-16 10:25 <DIR> --d----- C:\6816f988ef6df77e5a
2009-05-16 10:24 <DIR> --d----- c:\windows\SxsCaPendDel
2009-05-15 15:09 <DIR> --d----- c:\windows\system32\scripting
2009-05-15 15:09 <DIR> --d----- c:\windows\l2schemas
2009-05-15 15:09 <DIR> --d----- c:\windows\system32\en
2009-05-15 14:57 <DIR> --d----- c:\windows\network diagnostic
2009-05-15 06:52 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-05-15 00:08 <DIR> --d----- c:\program files\Windows Live Toolbar
2009-05-15 00:07 <DIR> --d----- c:\program files\Windows SteadyState
2009-05-13 06:57 <DIR> --d----- c:\docume~1\dan\applic~1\GetRightToGo
2009-05-12 21:15 <DIR> --d----- c:\program files\Yahoo!
2009-05-12 20:49 35 a------- c:\windows\Pt.dll
2009-05-12 20:45 0 a------- c:\windows\PTWebCam.INI
2009-05-12 20:39 29,824 a------- c:\windows\system32\drivers\Capt913D.sys
2009-05-12 20:39 24,832 a------- c:\windows\system32\drivers\Camd913D.sys
2009-05-12 20:39 <DIR> --d----- c:\program files\913D Camera
2009-05-12 18:56 <DIR> --d----- c:\program files\trend micro
2009-05-12 07:06 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-05-12 07:06 268,648 a------- c:\windows\system32\mucltui.dll
2009-05-11 21:29 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-11 21:29 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-11 21:18 <DIR> --d----- c:\program files\filehippo.com
2009-05-11 13:41 <DIR> -cd-h--- c:\windows\ie8
2009-05-11 09:59 2,544 a------- c:\windows\system32\OEMINFO.PNF
2009-05-11 05:21 <DIR> --d----- c:\program files\Defraggler
2009-05-11 00:42 <DIR> --dsh--- c:\documents and settings\dan\IECompatCache
2009-05-11 00:39 <DIR> --d----- c:\docume~1\dan\applic~1\Malwarebytes
2009-05-11 00:39 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-11 00:39 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-11 00:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-11 00:39 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-11 00:37 <DIR> --d----- c:\program files\CCleaner
2009-05-10 23:08 <DIR> --dsh--- c:\documents and settings\dan\PrivacIE
2009-05-10 23:05 <DIR> --dsh--- c:\documents and settings\dan\IETldCache
2009-05-10 23:00 <DIR> --d----- c:\windows\ie8updates
2009-05-10 22:53 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-05-10 22:49 102,400 -------- c:\windows\system32\dllcache\iecompat.dll
2009-05-10 22:24 <DIR> --d----- c:\docume~1\dan\applic~1\Lexmark Productivity Studio
2009-05-10 21:51 69,120 -------- c:\windows\system32\wlanapi.dll
2009-05-10 21:50 50,688 -------- c:\windows\system32\tspkg.dll
2009-05-10 21:50 53,248 -------- c:\windows\system32\tsgqec.dll
2009-05-10 21:50 32,768 -------- c:\windows\system32\setupn.exe
2009-05-10 21:50 10,240 -------- c:\windows\system32\drivers\sffp_mmc.sys
2009-05-10 21:50 290,304 -------- c:\windows\system32\rhttpaa.dll
2009-05-10 21:49 61,952 -------- c:\windows\system32\rasqec.dll
2009-05-10 21:49 76,800 -------- c:\windows\system32\qutil.dll
2009-05-10 21:49 291,328 -------- c:\windows\system32\qagentrt.dll
2009-05-10 21:49 62,464 -------- c:\windows\system32\qcliprov.dll
2009-05-10 21:49 150,528 -------- c:\windows\system32\qagent.dll
2009-05-10 21:49 144,384 -------- c:\windows\system32\onex.dll
2009-05-10 21:47 37,376 -------- c:\windows\system32\l2gpstore.dll
2009-05-10 21:46 650,752 -------- c:\windows\system32\dot3ui.dll
2009-05-10 21:46 132,096 -------- c:\windows\system32\dot3svc.dll
2009-05-10 21:46 57,856 -------- c:\windows\system32\dot3cfg.dll
2009-05-10 21:46 56,320 -------- c:\windows\system32\dot3msm.dll
2009-05-10 21:46 39,936 -------- c:\windows\system32\dot3gpclnt.dll
2009-05-10 21:46 26,112 -------- c:\windows\system32\dot3api.dll
2009-05-10 21:46 9,216 -------- c:\windows\system32\dot3dlg.dll
2009-05-10 21:46 39,936 -------- c:\windows\system32\dimsroam.dll
2009-05-10 21:46 19,456 -------- c:\windows\system32\dimsntfy.dll
2009-05-10 21:46 48,640 -------- c:\windows\system32\dhcpqec.dll
2009-05-10 21:46 12,800 -------- c:\windows\system32\credssp.dll
2009-05-10 21:46 233,472 -------- c:\windows\system32\azroles.dll
2009-05-10 21:46 136,192 -------- c:\windows\system32\aaclient.dll
2009-05-10 21:44 <DIR> --d----- C:\logs
2009-05-10 21:43 40,960 a------- c:\windows\system32\lxdxvs.dll
2009-05-10 21:43 360,448 a------- c:\windows\system32\lxdxcoin.dll
2009-05-10 21:42 60,996 a------- c:\windows\system32\lxdxprpr.chm
2009-05-10 21:41 782,336 a------- c:\windows\system32\lxdxdrs.dll
2009-05-10 21:41 81,920 a------- c:\windows\system32\lxdxcaps.dll
2009-05-10 21:41 69,632 a------- c:\windows\system32\lxdxcnv4.dll
2009-05-10 21:39 <DIR> --d----- c:\program files\Abbyy FineReader 6.0 Sprint
2009-05-10 21:35 <DIR> --d----- c:\program files\Lexmark Toolbar
2009-05-10 21:35 44 a------- c:\windows\system32\lxdxrwrd.ini
2009-05-10 21:33 376,832 a------- c:\windows\system32\lxdxcomm.dll
2009-05-10 21:33 851,968 a------- c:\windows\system32\lxdxcomc.dll
2009-05-10 21:33 365,224 a------- c:\windows\system32\lxdxcfg.exe
2009-05-10 21:33 77,906 a------- c:\windows\system32\LXDXcfg.dll
2009-05-10 21:33 1,875 a------- c:\windows\system32\lxdx.loc
2009-05-10 21:33 76,481 a------- c:\windows\system32\LexFiles.ulf
2009-05-10 21:33 <DIR> --d----- c:\program files\Lexmark 3600-4600 Series
2009-05-10 21:05 504 a------- c:\windows\intuprof.ini
2009-05-10 20:34 74,240 -------- c:\windows\system32\dllcache\mscms.dll
2009-05-10 20:34 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2009-05-10 20:34 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-05-10 20:33 253,952 -------- c:\windows\system32\dllcache\es.dll
2009-05-10 20:33 7,168 -------- c:\windows\system32\bitsprx4.dll
2009-05-10 20:32 144,896 -------- c:\windows\system32\dllcache\schannel.dll
2009-05-10 20:27 161,792 -------- c:\windows\system32\dllcache\msdtcuiu.dll
2009-05-10 20:27 91,648 -------- c:\windows\system32\dllcache\mtxoci.dll
2009-05-10 20:27 66,560 -------- c:\windows\system32\dllcache\mtxclu.dll
2009-05-10 20:27 956,928 -------- c:\windows\system32\dllcache\msdtctm.dll
2009-05-10 20:27 58,880 -------- c:\windows\system32\dllcache\msdtclog.dll
2009-05-10 20:27 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-05-10 20:26 8,461,312 -------- c:\windows\system32\dllcache\shell32.dll
2009-05-10 20:26 333,952 -------- c:\windows\system32\dllcache\srv.sys
2009-05-10 20:26 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-05-10 20:26 331,776 -------- c:\windows\system32\dllcache\msadce.dll
2009-05-10 20:26 691,712 -------- c:\windows\system32\dllcache\inetcomm.dll
2009-05-10 20:25 138,496 -------- c:\windows\system32\dllcache\afd.sys
2009-05-10 20:25 361,600 -------- c:\windows\system32\dllcache\tcpip.sys
2009-05-10 20:25 245,248 -------- c:\windows\system32\dllcache\mswsock.dll
2009-05-10 20:25 225,856 -------- c:\windows\system32\dllcache\tcpip6.sys
2009-05-10 20:25 147,968 -------- c:\windows\system32\dllcache\dnsapi.dll
2009-05-10 20:25 354,304 -------- c:\windows\system32\dllcache\winhttp.dll
2009-05-10 20:24 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2009-05-10 20:24 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2009-05-10 20:21 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-05-10 20:21 215,552 -------- c:\windows\system32\dllcache\wordpad.exe

==================== Find3M ====================

2009-05-23 09:22 348,160 a------- c:\windows\system32\msvcr71.dll
2009-05-23 09:22 499,712 a------- c:\windows\system32\msvcp71.dll
2009-05-15 15:14 82,763 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-13 22:10 524,288 a------- c:\windows\opuc.dll

============= FINISH: 18:17:22.03 ===============

#10 lindaga35

lindaga35
  • Topic Starter

  • Members
  • 384 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:52 PM

Posted 09 June 2009 - 08:12 PM

It wouldnt let me scan (kaspersky) it kicked me out.

i tried to update my anti virus and it said i had to reboot after i installed them. ive never had to do that before. i went ahead and updated and rebooted. it said it was a compulsory system reboot.

then a friend sent me a link on facebook and i opened it and at first it opened. then my anti virus blocked it. it 1st asked what i wanted to do then it disappeared.



what should i do now.

Linda

Edited by lindaga35, 10 June 2009 - 06:58 AM.


#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:52 PM

Posted 10 June 2009 - 05:36 PM

Avira, told me to reboot my computer as well yesterday :thumbup2:

Let's run this online scan instead. Take a new DDS run for me after the ESET online scan below.

Run ESET Online Scan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
You can refer to this animation by neomage if needed.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 lindaga35

lindaga35
  • Topic Starter

  • Members
  • 384 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:52 PM

Posted 10 June 2009 - 08:19 PM

the scan wouldnt work, i tried to run it twice. im going to try and run kasperty again.

Linda

Edited by lindaga35, 10 June 2009 - 08:35 PM.


#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:52 PM

Posted 10 June 2009 - 09:51 PM

Hello.

Okay.

But... What do you exactly mean it didn't work. Please provide some more details or an explanation on what occured.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 lindaga35

lindaga35
  • Topic Starter

  • Members
  • 384 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:52 PM

Posted 11 June 2009 - 06:58 PM

it got stuck on a java file for a long time. so i stopped it. it done this twice.

i tried to run kasperty last night but my stupid power supply has a short in it and it closed on me. so, im going to again now.

im so sorry its taking so long.
Linda

#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:52 PM

Posted 11 June 2009 - 09:11 PM

That's fine.

Thanks for letting me know.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users