Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lots of cleanup completed, still infected [Split topic]


  • This topic is locked This topic is locked
2 replies to this topic

#1 b@t

b@t

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 09 September 2009 - 11:25 PM

Mark -

Thanks for picking this up.

I successfully ran the DD-scr. Output files are attached.

The RootRepeal, though, had some problems running. Each time I tried to run it, after a couple of minutes ('Initializing, please wait'), I'd get a dialogue box that says: Windows - Virtual Memory Minimum Too Low. Your system is low on virtual memory. Windows is increasing the size of your virtual memory paging file. During this process, memory requests for some applications may be denied. For more information, see Help. OK.

The first time this happened, I waited about 10 minutes. I could not get a task bar, could not open up additional Windows Explorer or My Computer windows, and things froze up. There were partial windows left on the screen. After about 10 minutes I tried a clena shutdown and it stalled with 'An unexpected error has occurred that this application cannot recover from. It will now close. Exception code 3221225477. Exception address 00403E45."

Still wouldn't shutdown. I had to hold power button down to force shutdown.

Restarted, reset the Windows - performance -virtual memory settings to 'Let System Manage the size' (original settings were 'custom size, initial size 384 MB; maximum size 768 MB')

This system currently has 512 MB of RAM.

Rebooted, ran RootRepeal, and got the same msg about Virtual Ram is too low after it ran (Initializing, please wait) for a couple of minutes.

Thanks again for looking at this.

Sorry if I posted in the wrong place initially.

(I do not see how to attach a file at this point to this reply, so I've copied it in-line. . . . . .

d.b

------------------
------------------
------------------
------------------
DDS (Ver_09-07-30.01) - NTFSx86
Run by Owner at 22:09:07.34 on Wed 09/09/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.185 [GMT -5:00]

AV: AOL Antivirus *On-access scanning enabled* (Outdated) {164FF91F-F5BD-4B74-A9DC-932CECB1603B}
FW: AOL Firewall *enabled* {6515F560-BD88-41EB-AD77-F1F3F6F80BEA}

============== Running Processes ===============

C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
C:\WINNT\System32\svchost.exe -k netsvcs
C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
svchost.exe
svchost.exe
C:\WINNT\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1101042789\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINNT\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Creative\8xxx\bbui.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\WINNT\system32\SK9910DM.EXE
C:\Program Files\Common Files\AOL\1101042789\ee\AOLSoftware.exe
C:\WINNT\GWMDMMSG.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\Common Files\AOL\1101042789\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Common Files\AOL\1101042789\ee\SSCEvtHdlr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common Files\AOL\1101042789\EE\aolsoftware.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
C:\WINNT\system32\msfeedssync.exe
F:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.att.net/
mSearch Bar = hxxp://lookfor.cc/sp.php?pin=94115
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.search-itnow.com/index.php
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll
BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\at&t\at&t internet security suite\pkR.dll
BHO: {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - No File
BHO: {7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {87185e78-a61b-4db3-965a-3235bbd7a622} - No File
BHO: {8dc8f96d-34f7-1501-a2a4-631341aa3ac1} - No File
BHO: Viewpoint Toolbar BHO: {a7327c09-b521-4edb-8509-7d2660c9ec98} - c:\program files\viewpoint\viewpoint toolbar\3.7.0\ViewBarBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {e2b2b5a1-b48c-4886-a318-723916a01024} - No File
BHO: {e52dedbb-d168-4bdb-b229-c48160800e81} - No File
BHO: {e6d5237d-a6c7-4c83-a67f-f9f15586fa62} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll
TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.7.0\IEViewBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\winnt\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\winnt\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\winnt\system32\hkcmd.exe
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [bbui] c:\program files\creative\8xxx\bbui.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [sscRun] c:\program files\common files\aol\1101042789\ee\SSCRun.exe
mRun: [Pure Networks Port Magic] "c:\progra~1\purene~1\portma~1\PortAOL.exe" -Run
mRun: [OASClnt] c:\program files\mcafee.com\antivirus\oasclnt.exe
mRun: [MPFExe] c:\program files\mcafee.com\personal firewall\MPfTray.exe
mRun: [ISW.exe] "c:\program files\at&t\internet security wizard\ISW.exe" /AUTORUN
mRun: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
mRun: [HostManager] c:\program files\common files\aol\1101042789\ee\AOLSoftware.exe
mRun: [GWMDMpi] c:\winnt\GWMDMpi.exe
mRun: [GWMDMMSG] GWMDMMSG.exe
mRun: [EmailScan] c:\program files\mcafee.com\antivirus\mcvsescn.exe
mRun: [AT&T Internet Security Suite] "c:\program files\at&t\at&t internet security suite\Rps.exe"
mRun: [AOLSPScheduler] c:\program files\common files\aol\1101042789\ee\services\safetycore\ver210_5_2_1\AOLSP Scheduler.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [-FreedomNeedsReboot] "c:\program files\at&t\at&t internet security suite\ZkRunOnceR.exe"
dRun: [Symantec Network Driver Update Warning] c:\progra~1\symantec\liveup~1\SNDWarn.EXE
dRun: [Symantec NetDriver Warning] c:\progra~1\symnet~1\SNDWarn.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\titans~1.lnk - c:\program files\titanshield antispyware\titanshield.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\forget~1.lnk - c:\program files\broderbund\ag creatacard\AGRemind.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkvmon~1.lnk - c:\program files\nikon\nkview6\NkvMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hposol08.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\winnt\system32\Shdocvw.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: {0F04992B-E661-4DB9-B223-903AB628225D} - file://c:\program files\gateway\do more\DoMoreRunExe.CAB
DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab
DPF: {511073AD-BE56-4D43-AE68-93390514385E} - hcp://system/TechTools.CAB
DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} - hcp://system/RunExeActiveX.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - hxxp://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://ak.imgag.com/imgag/cp/install/Crusher.cab
DPF: {CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: ms-its50 - {F8606A00-F5CF-11D1-B6BB-0000F80149F6} - c:\program files\common files\microsoft shared\information retrieval\itss50.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 McShield;McAfee McShield;c:\progra~1\mcafee.com\antivi~1\mcshield.exe [2006-4-17 221184]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-11 24652]
R3 NaiAvFilter1;NaiAvFilter1;c:\winnt\system32\drivers\naiavf5x.sys [2006-4-17 114464]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
S2 LUJMCMMN;LUJMCMMN; [x]
S3 PCDRDRV;Pcdr Helper Driver; [x]
S3 Radialpoint Security Services;AT&T Internet Security Suite;c:\winnt\system32\dllhost.exe [1979-12-31 5120]
S3 VVBETHERNET;Broadband Blaster 8012U Ethernet Driver;c:\winnt\system32\drivers\vvbeth.sys [2003-5-19 15878]
S3 vvbususb;Broadband Blaster 8012U USB;c:\winnt\system32\drivers\vvbususb.sys [2003-5-19 51448]

=============== Created Last 30 ================

2009-09-07 19:03 <DIR> --d----- C:\VundoFix Backups
2009-09-07 17:31 <DIR> --d----- c:\winnt\pss
2009-09-07 14:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-09-07 14:25 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-09-07 14:25 <DIR> --d----- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2009-09-07 14:25 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-09-06 21:37 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-09-06 21:37 38,160 a------- c:\winnt\system32\drivers\mbamswissarmy.sys
2009-09-06 21:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-06 21:37 19,096 a------- c:\winnt\system32\drivers\mbam.sys
2009-09-06 21:37 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-05 23:40 <DIR> --d----- c:\temp\Spyware and Antivirus
2009-09-05 23:40 <DIR> --d----- C:\Temp
2009-09-05 23:20 14,592 a------- c:\winnt\system32\drivers\kbdhid.sys
2009-09-05 23:20 14,592 a------- c:\winnt\system32\dllcache\kbdhid.sys
2009-09-01 10:30 <DIR> --d----- c:\docume~1\owner\applic~1\Reg Tool
2009-09-01 10:28 <DIR> --d----- c:\program files\Reg Tool
2009-08-23 09:02 1,089,593 -------- c:\winnt\system32\dllcache\ntprint.cat
2009-08-23 00:15 <DIR> --d----- c:\winnt\system32\XPSViewer
2009-08-23 00:13 117,760 -------- c:\winnt\system32\prntvpt.dll
2009-08-23 00:13 89,088 -------- c:\winnt\system32\dllcache\filterpipelineprintproc.dll
2009-08-23 00:13 1,676,288 -------- c:\winnt\system32\xpssvcs.dll
2009-08-23 00:13 1,676,288 -------- c:\winnt\system32\dllcache\xpssvcs.dll
2009-08-23 00:13 597,504 -------- c:\winnt\system32\dllcache\printfilterpipelinesvc.exe
2009-08-23 00:13 575,488 -------- c:\winnt\system32\xpsshhdr.dll
2009-08-23 00:13 575,488 -------- c:\winnt\system32\dllcache\xpsshhdr.dll
2009-08-23 00:13 <DIR> --d----- C:\1a142677f050aa746dd604
2009-08-23 00:12 <DIR> --d----- c:\winnt\SxsCaPendDel
2009-08-13 09:53 128,512 -------- c:\winnt\system32\dllcache\dhtmled.ocx
2009-08-13 09:51 1,315,328 -------- c:\winnt\system32\dllcache\msoe.dll

==================== Find3M ====================

2009-08-05 04:01 204,800 a------- c:\winnt\system32\mswebdvd.dll
2009-08-05 04:01 204,800 -------- c:\winnt\system32\dllcache\mswebdvd.dll
2009-07-19 18:48 11,067,392 -------- c:\winnt\system32\dllcache\ieframe.dll
2009-07-19 08:18 5,937,152 a------- c:\winnt\system32\dllcache\mshtml.dll
2009-07-17 14:01 58,880 a------- c:\winnt\system32\atl.dll
2009-07-17 14:01 58,880 -------- c:\winnt\system32\dllcache\atl.dll
2009-07-13 10:08 286,720 a------- c:\winnt\system32\wmpdxm.dll
2009-07-13 10:08 286,720 -------- c:\winnt\system32\dllcache\wmpdxm.dll
2009-07-13 10:08 5,537,792 -------- c:\winnt\system32\dllcache\wmp.dll
2009-07-03 12:09 915,456 a------- c:\winnt\system32\wininet.dll
2009-07-03 12:09 915,456 a------- c:\winnt\system32\dllcache\wininet.dll
2009-07-03 12:09 12,800 -------- c:\winnt\system32\dllcache\xpshims.dll
2009-07-03 12:09 1,208,832 a------- c:\winnt\system32\dllcache\urlmon.dll
2009-07-03 12:09 206,848 -------- c:\winnt\system32\dllcache\occache.dll
2009-07-03 12:09 594,432 -------- c:\winnt\system32\dllcache\msfeeds.dll
2009-07-03 12:09 55,296 -------- c:\winnt\system32\dllcache\msfeedsbs.dll
2009-07-03 12:09 1,985,536 -------- c:\winnt\system32\dllcache\iertutil.dll
2009-07-03 12:09 25,600 -------- c:\winnt\system32\dllcache\jsproxy.dll
2009-07-03 12:09 246,272 -------- c:\winnt\system32\dllcache\ieproxy.dll
2009-07-03 12:09 184,320 -------- c:\winnt\system32\dllcache\iepeers.dll
2009-07-03 12:09 386,048 -------- c:\winnt\system32\dllcache\iedkcs32.dll
2009-07-03 06:01 173,056 -------- c:\winnt\system32\dllcache\ie4uinit.exe
2009-06-16 09:36 119,808 a------- c:\winnt\system32\t2embed.dll
2009-06-16 09:36 81,920 a------- c:\winnt\system32\fontsub.dll
2009-06-16 09:36 119,808 -------- c:\winnt\system32\dllcache\t2embed.dll
2009-06-16 09:36 81,920 -------- c:\winnt\system32\dllcache\fontsub.dll
2009-06-12 07:31 76,288 a------- c:\winnt\system32\telnet.exe
2009-06-12 07:31 76,288 -------- c:\winnt\system32\dllcache\telnet.exe

============= FINISH: 22:10:14.68 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 5/19/2003 3:02:08 PM
System Uptime: 9/9/2009 11:00:33 AM (11 hours ago)

Motherboard: Intel Corporation | | D845GERG3
Processor: Intel® Pentium® 4 CPU 2.53GHz | J2E1 | 2533/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 76 GiB total, 36.648 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1532: 6/14/2009 6:57:58 PM - Software Distribution Service 3.0
RP1533: 6/15/2009 8:43:53 PM - System Checkpoint
RP1534: 6/17/2009 5:06:20 PM - System Checkpoint
RP1535: 6/18/2009 5:43:12 PM - System Checkpoint
RP1536: 6/22/2009 12:19:42 AM - System Checkpoint
RP1537: 6/24/2009 7:00:21 PM - System Checkpoint
RP1538: 6/25/2009 7:24:02 PM - System Checkpoint
RP1539: 7/2/2009 8:26:04 AM - System Checkpoint
RP1540: 7/5/2009 12:30:02 PM - System Checkpoint
RP1541: 7/9/2009 8:50:18 AM - System Checkpoint
RP1542: 7/10/2009 9:31:57 AM - System Checkpoint
RP1543: 7/13/2009 3:16:07 PM - System Checkpoint
RP1544: 7/14/2009 4:26:06 PM - System Checkpoint
RP1545: 7/15/2009 4:43:29 PM - System Checkpoint
RP1546: 7/16/2009 5:48:37 PM - System Checkpoint
RP1547: 7/18/2009 12:11:08 PM - System Checkpoint
RP1548: 7/18/2009 2:30:36 PM - Software Distribution Service 3.0
RP1549: 7/19/2009 6:29:26 PM - System Checkpoint
RP1550: 7/21/2009 11:47:50 AM - System Checkpoint
RP1551: 7/26/2009 12:00:05 AM - System Checkpoint
RP1552: 7/28/2009 1:03:47 PM - System Checkpoint
RP1553: 7/29/2009 3:16:02 PM - Software Distribution Service 3.0
RP1554: 7/30/2009 3:46:49 PM - System Checkpoint
RP1555: 8/2/2009 4:15:28 PM - System Checkpoint
RP1556: 8/9/2009 4:25:20 PM - System Checkpoint
RP1557: 8/10/2009 4:37:49 PM - System Checkpoint
RP1558: 8/11/2009 4:49:24 PM - System Checkpoint
RP1559: 8/12/2009 5:11:25 PM - System Checkpoint
RP1560: 8/13/2009 6:37:32 PM - Software Distribution Service 3.0
RP1561: 8/15/2009 11:53:43 AM - System Checkpoint
RP1562: 8/16/2009 1:28:19 PM - System Checkpoint
RP1563: 8/18/2009 5:37:47 AM - System Checkpoint
RP1564: 8/19/2009 5:22:32 PM - System Checkpoint
RP1565: 8/20/2009 6:30:36 PM - System Checkpoint
RP1566: 8/22/2009 9:27:34 AM - System Checkpoint
RP1567: 8/23/2009 12:04:35 AM - Software Distribution Service 3.0
RP1568: 8/23/2009 9:57:43 PM - Software Distribution Service 3.0
RP1569: 8/25/2009 6:31:10 AM - System Checkpoint
RP1570: 8/26/2009 1:50:39 PM - System Checkpoint
RP1571: 8/27/2009 2:58:25 PM - System Checkpoint
RP1572: 8/28/2009 7:49:43 PM - System Checkpoint
RP1573: 8/28/2009 10:34:50 PM - Software Distribution Service 3.0
RP1574: 9/1/2009 8:20:44 AM - System Checkpoint
RP1575: 9/1/2009 10:28:49 AM - Installed Reg Tool
RP1576: 9/3/2009 7:56:40 AM - System Checkpoint
RP1577: 9/3/2009 3:39:55 PM - Removed Reg Tool
RP1578: 9/6/2009 10:30:55 AM - System Checkpoint
RP1579: 9/7/2009 11:24:13 AM - System Checkpoint
RP1580: 9/7/2009 2:25:44 PM - Installed SUPERAntiSpyware Free Edition
RP1581: 9/8/2009 2:40:41 PM - System Checkpoint
RP1582: 9/9/2009 3:04:59 PM - System Checkpoint
RP1583: 9/9/2009 9:18:29 PM - Before uninstall of Safety and Security Uninstaller

==== Installed Programs ======================

Adobe Acrobat 5.0
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.1.0
Adobe∆ Photoshop∆ Album Starter Edition 3.0
Adobe∆ Photoshop∆ Album Starter Edition 3.0.1
American Greetings CreataCard Select 6
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deskbar
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
AT&T Internet Security Suite
AT&T Internet Security Wizard 1.5.11
Authentium AntiVirus SDK - 2
Belarc Advisor 7.0
Blackhawk Striker
Blasterball 2
Bonjour
BroadJump Client Foundation
Creative Broadband Blaster DSL Ethernet/USB 8012U
Dark Orbit
Dinosaur Adventure 3-D
Do More 7.0
DVD
Easy CD Creator 5 Basic
Encarta Encyclopedia 99
Excavation
FirstClass∆ Client
Formatta Filler 7.0
Gateway Rhapsody
GemMaster 2
Google Earth
Google Toolbar for Internet Explorer
Google Updater
GTW V.92 Voicemodem
Hot Potatoes (Java Version) v 6.0.2.18
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet
HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet Drivers
hp psc 2200 series
Intel® Extreme Graphics Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet
Intellisync for Intranets.com
InterActual Player
iTunes
Java 2 Runtime Environment, SE v1.4.2_09
Java™ 6 Update 11
Kid Pix Studio Deluxe
KODAK Picture CD
Learn2 Player (Uninstall Only)
Lernout & Hauspie TruVoice American English TTS Engine
Liberty's Kids
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Macromedia Shockwave Player
Magic School Bus - Rainforest
Malwarebytes' Anti-Malware
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2003
Microsoft Learning and Research Plus Support Files
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft Office 2000 SR-1 Premium
Microsoft Picture It! Photo 7.0
Microsoft Streets and Trips 2002
Microsoft VC9 runtime libraries
Microsoft Web Publishing Wizard 1.52
Microsoft Word 2002
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
MobileMe Control Panel
MSN Internet Software
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NetZero For Riverdeep
Nikon View 6
PC-Doctor for Windows
PerfectDisk
PPSDKRedistributables
pressplay
PS/2 Millennium-Tastatur
Pure Networks Port Magic
Quicken 2003 New User Edition
QuickTime
QuickTime 3.0
Radialpoint Security Services
Raven Lite 1.0
RealPlayer Basic
RPS Ad Blocker
RPS AntiFraud
RPS AntiSpyware
RPS AntiVirus
RPS App Detector
RPS AsRealtime
RPS Backup
RPS Burn
RPS Diagnostic Utility
RPS Firewall
RPS ParentalControl
RPS Performance Tool
RPS PopupBlocker
RPS Privacy Manager
RPS RpsCore
RPS Security Cleanup
RPS Zip
Safari
Safety and Security Center Uninstaller
Scholastic's The Magic School Bus ∆ Explores Bugs
Scrabble
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Shockwave
Space Rocks
SUPERAntiSpyware Free Edition
The Print Shop 21
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
Viewpoint Manager (Remove Only)
Viewpoint Toolbar
WebFldrs XP
WildTangent Channel Manager
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
Works Suite OS Pack

==== Event Viewer Messages From Past Week ========

9/7/2009 7:03:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/7/2009 7:03:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/7/2009 7:02:50 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/7/2009 7:01:32 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi BANTExt Fips intelppm IPSec MPFIREWL MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL StarOpen Tcpip
9/7/2009 7:01:32 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 7:01:32 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 7:01:32 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 7:01:32 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 7:01:32 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 7:01:32 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/7/2009 6:43:57 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AOL TopSpeed Monitor service to connect.
9/6/2009 8:58:08 AM, error: Service Control Manager [7031] - The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
9/6/2009 8:50:06 AM, error: Service Control Manager [7031] - The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
9/6/2009 8:41:57 AM, error: Service Control Manager [7031] - The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
9/6/2009 11:23:16 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.
9/6/2009 11:23:16 PM, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/6/2009 11:22:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: adpu160m agp440 iaStor IntelIde ultra ViaIde
9/6/2009 10:56:55 AM, error: Service Control Manager [7034] - The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 5 time(s).
9/6/2009 10:45:52 AM, error: Service Control Manager [7031] - The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
9/3/2009 7:08:29 AM, error: Service Control Manager [7000] - The PDEngine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/3/2009 7:08:28 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service PDEngine with arguments "-Service" in order to run the server: {479C2019-B771-4324-AEA3-1FFECABBC790}
9/3/2009 7:08:12 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the PDEngine service.
9/3/2009 3:40:04 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
9/2/2009 3:51:49 PM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s).
9/2/2009 3:50:42 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference error message: The referenced assembly is not installed on your system. .
9/2/2009 3:50:42 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINNT\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.363_x-ww_3a00bc02\MFC80.DLL. Reference error message: The operation completed successfully. .
9/2/2009 3:50:42 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.
9/2/2009 3:50:17 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
9/2/2009 3:50:17 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 b@t

b@t
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 20 September 2009 - 11:36 PM

Please close this request for assistance.

Thanks.

d.b

#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:16 AM

Posted 21 September 2009 - 02:34 AM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users