Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ALL My Internet Browsers Keep Halting


  • This topic is locked This topic is locked
27 replies to this topic

#1 jmrdflcarpenter

jmrdflcarpenter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:49242
  • Local time:02:54 PM

Posted 09 December 2009 - 04:50 PM

I posted this in the "Am I infected" thread and was told to post a HiJack This log.

I use Internet Explorer, Google Chrome and Mozilla Firefox. All have the same issue. They'll just up and stop. I try to refresh the page, it acts like it is refreshing but it stays on the page it got stuck and I cant go onto another page. I have to restart the browser and sometimes I cant get off of the home page or it wont load it and I have to restart again.

I have done Spybot, Malwarebytes', Super AntiSpyware, HiJack This, AVG, CW Shredder, Internet Window Washer, Eusing Registry Cleaner, CCleaner, Defrag, Scandisk, and I did an online virus scan through Microsoft. All of them claimed they fixed all the problems. But my internet browsers still do the same thing.

Here is the HiJack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:44:09 PM, on 12/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate1ca6870b9e6106e) (gupdate1ca6870b9e6106e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 3103 bytes

BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 PM

Posted 21 December 2009 - 10:44 PM

Hi,

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay of response.

If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems just let me know in your next reply or simply post a Hijackthis log.


For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-RootRepeal logs
-Description of any remaining problems you may still have.


Thanks again and we apologize for the delay.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 jmrdflcarpenter

jmrdflcarpenter
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:49242
  • Local time:02:54 PM

Posted 22 December 2009 - 09:57 AM

Here's the DDS log it says I should attach the other part, but I dont know how to zip a file, so I just attached it, like it stated to do.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Carpenter at 9:52:02.06 on Tue 12/22/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.47 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Carpenter\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.myspace.com/
mURLSearchHooks: H - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
TB: {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} -
TB: {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\carpen~1\applic~1\mozilla\firefox\profiles\669vz2wu.default\
FF - plugin: c:\documents and settings\carpenter\local settings\application data\yahoo!\browserplus\2.4.17\plugins\npybrowserplus_2.4.17.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-10 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-16 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-16 28424]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-16 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-5-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 74480]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-11-18 353672]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-12-13 1858144]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-11-9 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-9 285392]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2009-8-22 38144]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-7-17 55152]
R3 WUSB54GSCV2;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\drivers\WUSB54GSCV2.sys [2009-11-12 198144]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2009-12-9 32512]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 7408]
S4 ASKService;ASKService; [x]
S4 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
S4 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2009-4-15 98984]

=============== Created Last 30 ================

2009-12-21 20:12:37 0 d-----w- c:\docume~1\carpen~1\applic~1\BleachBit
2009-12-21 20:11:50 0 d-----w- c:\program files\BleachBit
2009-12-21 01:16:03 28236 ----a-w- c:\windows\system32\drivers\SGuard.sys
2009-12-21 01:16:03 25264 ----a-w- c:\windows\system32\smrgdf.exe
2009-12-21 01:16:02 0 d-----w- c:\program files\iolo
2009-12-20 22:16:57 0 d-----w- c:\program files\UberIcon
2009-12-18 15:48:48 1920054 ---ha-w- c:\windows\system32\toyhide.bmp
2009-12-18 15:44:16 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-12-18 15:44:10 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-12-18 15:44:08 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-12-18 15:44:04 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-12-18 15:43:58 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-12-18 15:43:31 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-12-18 15:43:23 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-12-18 15:43:21 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-12-18 15:43:16 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-12-18 15:43:15 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2009-12-18 15:41:57 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
2009-12-18 15:40:58 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2009-12-18 15:39:54 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2009-12-18 15:38:58 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2009-12-18 15:37:57 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2009-12-18 15:36:59 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2009-12-18 15:36:54 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2009-12-18 15:36:50 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2009-12-18 15:36:47 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2009-12-18 15:36:43 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-12-18 15:36:40 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2009-12-18 15:36:37 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2009-12-18 15:36:33 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2009-12-18 15:36:30 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2009-12-18 15:36:28 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2009-12-18 15:36:24 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2009-12-18 15:36:03 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2009-12-18 15:34:56 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys
2009-12-18 15:34:53 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2009-12-18 15:34:50 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2009-12-18 15:34:46 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2009-12-18 15:34:42 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2009-12-18 15:34:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2009-12-18 15:34:25 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2009-12-18 15:34:22 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2009-12-18 15:34:19 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2009-12-18 15:34:15 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2009-12-18 15:34:10 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2009-12-18 15:34:06 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2009-12-18 15:33:22 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2009-12-18 15:33:20 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2009-12-18 15:33:17 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2009-12-18 15:31:59 166720 -c--a-w- c:\windows\system32\dllcache\s3m.sys
2009-12-18 15:30:31 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2009-12-18 15:30:26 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2009-12-18 15:30:23 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2009-12-18 15:30:19 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2009-12-18 15:30:16 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2009-12-18 15:30:09 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2009-12-18 15:30:06 40448 -c--a-w- c:\windows\system32\dllcache\ql1240.sys
2009-12-18 15:30:03 45312 -c--a-w- c:\windows\system32\dllcache\ql12160.sys
2009-12-18 15:30:00 33152 -c--a-w- c:\windows\system32\dllcache\ql10wnt.sys
2009-12-18 15:28:59 173696 -c--a-w- c:\windows\system32\dllcache\philcam2.sys
2009-12-18 15:27:59 25216 -c--a-w- c:\windows\system32\dllcache\ovsound2.sys
2009-12-18 15:26:59 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2009-12-18 15:24:59 13664 -c--a-w- c:\windows\system32\dllcache\n9i128.sys
2009-12-18 15:23:50 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2009-12-18 15:23:46 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2009-12-18 15:23:46 56832 -c--a-w- c:\windows\system32\dllcache\msdvbnp.ax
2009-12-18 15:23:45 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2009-12-18 15:23:37 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2009-12-18 15:23:32 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2009-12-18 15:23:27 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2009-12-18 15:23:20 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2009-12-18 15:23:14 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2009-12-18 15:23:12 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2009-12-18 15:23:09 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2009-12-18 15:23:06 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2009-12-18 15:23:03 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2009-12-18 15:21:59 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys
2009-12-18 15:20:53 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-12-18 15:19:42 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2009-12-18 15:18:57 353184 -c--a-w- c:\windows\system32\dllcache\i740dnt5.dll
2009-12-18 15:17:58 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
2009-12-18 15:16:59 17408 -c--a-w- c:\windows\system32\dllcache\gpr400.sys
2009-12-18 15:15:48 24618 -c--a-w- c:\windows\system32\dllcache\fa410nd5.sys
2009-12-18 15:14:59 53248 -c--a-w- c:\windows\system32\dllcache\eqndiag.exe
2009-12-18 15:13:59 28062 -c--a-w- c:\windows\system32\dllcache\dp83820.sys
2009-12-18 15:12:58 86016 -c--a-w- c:\windows\system32\dllcache\dc240usd.dll
2009-12-18 15:11:59 6656 -c--a-w- c:\windows\system32\dllcache\cmdide.sys
2009-12-18 15:10:43 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2009-12-18 15:09:58 23552 -c--a-w- c:\windows\system32\dllcache\atixbar.sys
2009-12-18 15:08:57 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2009-12-18 15:07:16 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-12-15 02:05:46 0 d--h--w- c:\windows\PIF
2009-12-14 20:13:42 0 d-----w- c:\program files\Microsoft Plus! Digital Media Edition
2009-12-14 20:13:39 0 d-----w- c:\program files\Microsoft Plus! Dancer LE
2009-12-14 20:11:28 67072 ----a-w- c:\windows\system32\AKCPanel.cpl
2009-12-14 20:08:21 186976 ----a-w- c:\windows\walltoyUninst.exe
2009-12-14 20:08:03 811 ----a-w- c:\windows\system32\unins000.dat
2009-12-14 20:07:48 0 d-----w- c:\program files\WallpaperToy
2009-12-14 19:56:12 131072 ----a-w- c:\windows\system32\dzip32.dll
2009-12-14 19:56:12 110592 ----a-w- c:\windows\system32\dunzip32.dll
2009-12-14 19:55:42 0 d-----w- c:\program files\Windows Media Bonus Pack for Windows XP
2009-12-14 16:46:38 0 d-----w- c:\program files\Eusing Free Registry Defrag
2009-12-14 13:54:58 0 d-----w- c:\program files\Microsoft User Agent String Utility
2009-12-13 20:48:06 0 d-----w- c:\program files\a-squared Free
2009-12-09 19:24:36 0 d-----w- C:\VundoFix Backups
2009-12-09 19:17:07 81920 ------w- c:\windows\system32\Packet.dll
2009-12-09 19:17:07 61440 ------w- c:\windows\system32\WanPacket.dll
2009-12-09 19:17:07 233472 ------w- c:\windows\system32\wpcap.dll
2009-12-09 19:17:06 32512 ------w- c:\windows\system32\drivers\npf.sys
2009-12-09 17:51:37 280 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2009-12-09 17:50:01 0 d-----w- c:\docume~1\carpen~1\applic~1\WinPatrol
2009-12-09 17:38:45 0 d-----w- c:\docume~1\alluse~1.win\applic~1\SITEguard
2009-12-09 17:35:03 0 d-----w- c:\program files\common files\iS3
2009-12-09 17:35:00 0 d-----w- c:\docume~1\alluse~1.win\applic~1\STOPzilla!
2009-12-09 16:44:40 0 d-----w- c:\docume~1\alluse~1.win\applic~1\XoftSpySE
2009-12-06 19:31:31 17544 ------w- c:\windows\system32\drivers\RkPavproc1.sys
2009-12-02 17:25:56 0 d-----w- c:\docume~1\alluse~1.win\applic~1\TVU Networks

==================== Find3M ====================

2009-12-20 02:58:39 1134592 ----a-w- c:\windows\system32\BCMWLTRY.EXE
2009-12-14 20:12:00 72748 ----a-w- c:\windows\unins001.exe
2009-12-14 20:11:25 72748 ----a-w- c:\windows\unins000.exe
2009-12-03 21:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 21:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-18 15:26:07 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-11-14 06:47:57 260608 ----a-w- c:\windows\PEV.exe
2009-11-11 13:50:51 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-09 20:38:40 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-09 20:38:10 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-26 00:46:45 63 ----a-w- c:\documents and settings\carpenter\jagex_runescape_preferences2.dat
2009-10-26 00:45:13 38 ----a-w- c:\documents and settings\carpenter\jagex_runescape_preferences.dat
2009-10-25 11:11:34 77312 ----a-w- c:\windows\MBR.exe
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 22:59:04 409600 ----a-w- c:\windows\system32\lxdncoin.dll
2009-10-16 00:18:29 114142 ----a-w- C:\MGlogs.zip
2009-10-15 21:03:42 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-08 18:57:02 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 18:57:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 18:56:56 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-04-11 19:49:54 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009041120090412\index.dat

============= FINISH: 9:53:03.06 ===============

Attached Files



#4 jmrdflcarpenter

jmrdflcarpenter
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:49242
  • Local time:02:54 PM

Posted 22 December 2009 - 10:07 AM

Here's the RootRepeal log:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/22 09:59
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEFC8B000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8C39000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEC8DF000 Size: 49152 File Visible: No Signed: -
Status: -

Name: srescan.sys
Image Path: srescan.sys
Address: 0xF84ED000 Size: 81920 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xefe70c80

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xefe8b170

#: 047 Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xefe88900

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xefe88b10

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xefe8cb10

#: 062 Function Name: NtDeleteFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xefe71210

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xefe8b9f0

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xefe8b7a0

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xefe88280

#: 098 Function Name: NtLoadKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xefe8bf10

#: 099 Function Name: NtLoadKey2
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xefe8bf90

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xefe71070

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xefe8a180

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xefe89f40

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xefe8c6f0

#: 193 Function Name: NtReplaceKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xefe8c150

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xefe8c540

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xefe74190

#: 224 Function Name: NtSetInformationFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xefe71440

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xefe8b4e0

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xefe89200

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xefe89080

Shadow SSDT
-------------------
#: 460 Function Name: NtUserMessageCall
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xefe72e70

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xefe72f20

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xefe72fe0

#: 491 Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xefe71d60

#: 502 Function Name: NtUserSendInput
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xefe73250

==EOF==

#5 jmrdflcarpenter

jmrdflcarpenter
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:49242
  • Local time:02:54 PM

Posted 22 December 2009 - 10:11 AM

and the only remaining problem I have is the same problem. My IE and Firefox like to just stop ffor no reason. I cant refresh the page. Sometimes, if I get lucky I can go back a page and everything is fine for about 5 minutes than it stops and I have to reload the web browser.

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 PM

Posted 22 December 2009 - 11:22 AM

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page on instructions on doing so.

Please include the C:\ComboFix.txt in your next reply for further review.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 jmrdflcarpenter

jmrdflcarpenter
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:49242
  • Local time:02:54 PM

Posted 22 December 2009 - 12:42 PM

ComboFix 09-12-21.08 - Carpenter 12/22/2009 12:18:12.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.195 [GMT -5:00]
Running from: c:\documents and settings\Carpenter\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-11-22 to 2009-12-22 )))))))))))))))))))))))))))))))
.

2009-12-21 20:12 . 2009-12-21 20:12 -------- d-----w- c:\documents and settings\Carpenter\Application Data\BleachBit
2009-12-21 20:11 . 2009-12-21 20:11 -------- d-----w- c:\program files\BleachBit
2009-12-21 01:16 . 2004-09-02 21:39 28236 ----a-w- c:\windows\system32\drivers\SGuard.sys
2009-12-21 01:16 . 2004-08-28 20:18 25264 ----a-w- c:\windows\system32\smrgdf.exe
2009-12-21 01:16 . 2009-12-21 01:16 -------- d-----w- c:\program files\iolo
2009-12-20 22:16 . 2009-12-21 01:48 -------- d-----w- c:\program files\UberIcon
2009-12-18 15:44 . 2008-04-14 01:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-12-18 15:44 . 2001-08-18 03:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-12-18 15:44 . 2008-04-14 01:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-12-18 15:44 . 2001-08-18 03:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-12-18 15:43 . 2001-08-18 03:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-12-18 15:43 . 2001-08-18 03:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-12-18 15:43 . 2001-08-17 17:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-12-18 15:43 . 2004-08-04 04:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-12-18 15:43 . 2008-04-13 19:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-12-18 15:43 . 2004-08-04 04:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2009-12-18 15:41 . 2001-08-17 17:13 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
2009-12-18 15:40 . 2001-08-17 18:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2009-12-18 15:39 . 2001-08-17 18:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2009-12-18 15:38 . 2001-08-17 17:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2009-12-18 15:37 . 2001-08-17 19:07 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2009-12-18 15:36 . 2001-08-18 03:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2009-12-18 15:36 . 2001-08-17 18:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2009-12-18 15:36 . 2001-08-18 03:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2009-12-18 15:36 . 2001-08-17 19:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2009-12-18 15:36 . 2001-08-17 18:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-12-18 15:36 . 2001-08-17 17:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2009-12-18 15:36 . 2001-08-18 03:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2009-12-18 15:36 . 2001-08-17 17:51 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2009-12-18 15:36 . 2001-08-17 18:53 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2009-12-18 15:36 . 2008-04-13 19:40 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2009-12-18 15:36 . 2001-08-17 18:53 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2009-12-18 15:36 . 2001-08-17 17:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2009-12-18 15:34 . 2001-08-17 17:50 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys
2009-12-18 15:34 . 2001-08-17 19:56 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2009-12-18 15:34 . 2001-08-17 17:50 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2009-12-18 15:34 . 2001-08-17 19:56 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2009-12-18 15:34 . 2001-08-17 17:50 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2009-12-18 15:34 . 2001-07-21 19:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2009-12-18 15:34 . 2001-07-21 19:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2009-12-18 15:34 . 2001-08-17 17:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2009-12-18 15:34 . 2001-08-18 03:36 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2009-12-18 15:34 . 2001-08-17 17:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2009-12-18 15:34 . 2001-08-17 18:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2009-12-18 15:34 . 2001-08-17 18:48 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2009-12-18 15:33 . 2001-08-17 18:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2009-12-18 15:33 . 2008-04-13 19:45 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2009-12-18 15:33 . 2001-08-17 18:52 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2009-12-18 15:31 . 2001-08-17 17:50 166720 -c--a-w- c:\windows\system32\dllcache\s3m.sys
2009-12-18 15:30 . 2001-08-17 18:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2009-12-18 15:30 . 2001-08-17 18:28 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2009-12-18 15:30 . 2001-08-17 18:28 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2009-12-18 15:30 . 2001-08-18 03:36 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2009-12-18 15:30 . 2001-08-17 18:53 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2009-12-18 15:30 . 2001-08-17 18:52 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2009-12-18 15:30 . 2001-08-17 18:52 40448 -c--a-w- c:\windows\system32\dllcache\ql1240.sys
2009-12-18 15:30 . 2001-08-17 18:52 45312 -c--a-w- c:\windows\system32\dllcache\ql12160.sys
2009-12-18 15:30 . 2001-08-17 18:52 33152 -c--a-w- c:\windows\system32\dllcache\ql10wnt.sys
2009-12-18 15:28 . 2001-08-17 19:04 173696 -c--a-w- c:\windows\system32\dllcache\philcam2.sys
2009-12-18 15:27 . 2001-08-17 19:05 25216 -c--a-w- c:\windows\system32\dllcache\ovsound2.sys
2009-12-18 15:26 . 2001-08-17 17:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2009-12-18 15:24 . 2001-08-17 17:50 13664 -c--a-w- c:\windows\system32\dllcache\n9i128.sys
2009-12-18 15:23 . 2001-08-17 19:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2009-12-18 15:23 . 2001-08-17 18:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2009-12-18 15:23 . 2008-04-13 19:46 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2009-12-18 15:23 . 2001-08-17 18:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2009-12-18 15:23 . 2008-04-13 19:46 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2009-12-18 15:23 . 2001-08-17 18:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2009-12-18 15:23 . 2001-08-17 18:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2009-12-18 15:23 . 2001-08-17 17:50 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2009-12-18 15:23 . 2001-08-17 19:56 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2009-12-18 15:23 . 2008-04-13 19:41 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2009-12-18 15:23 . 2001-08-18 03:36 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2009-12-18 15:23 . 2001-08-17 18:58 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2009-12-18 15:21 . 2001-08-17 18:53 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys
2009-12-18 15:20 . 2008-04-14 01:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-12-18 15:20 . 2001-08-17 19:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2009-12-18 15:20 . 2001-08-17 19:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-12-18 15:20 . 2001-08-17 19:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-12-18 15:20 . 2001-08-17 18:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2009-12-18 15:20 . 2001-08-17 18:51 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
2009-12-18 15:20 . 2001-08-17 18:49 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
2009-12-18 15:20 . 2008-04-13 19:54 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
2009-12-18 15:20 . 2001-08-17 17:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2009-12-18 15:20 . 2001-08-18 03:36 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2009-12-18 15:20 . 2001-08-17 18:50 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2009-12-18 15:20 . 2001-08-17 18:47 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2009-12-18 15:20 . 2001-08-17 18:52 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2009-12-18 15:18 . 2008-04-13 19:41 18560 -c--a-w- c:\windows\system32\dllcache\i2omp.sys
2009-12-18 15:17 . 2001-08-18 03:36 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
2009-12-18 15:16 . 2001-08-17 18:51 17408 -c--a-w- c:\windows\system32\dllcache\gpr400.sys
2009-12-18 15:15 . 2001-08-17 17:12 24618 -c--a-w- c:\windows\system32\dllcache\fa410nd5.sys
2009-12-18 15:14 . 2001-08-18 03:36 53248 -c--a-w- c:\windows\system32\dllcache\eqndiag.exe
2009-12-18 15:13 . 2001-08-17 17:12 28062 -c--a-w- c:\windows\system32\dllcache\dp83820.sys
2009-12-18 15:12 . 2001-08-18 03:36 86016 -c--a-w- c:\windows\system32\dllcache\dc240usd.dll
2009-12-18 15:11 . 2001-08-17 18:51 6656 -c--a-w- c:\windows\system32\dllcache\cmdide.sys
2009-12-18 15:10 . 2001-08-17 18:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2009-12-18 15:09 . 2001-08-17 17:49 23552 -c--a-w- c:\windows\system32\dllcache\atixbar.sys
2009-12-18 15:08 . 2001-08-17 19:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2009-12-18 15:07 . 2001-08-17 19:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-12-15 02:05 . 2009-12-15 02:05 -------- d--h--w- c:\windows\PIF
2009-12-14 20:13 . 2009-12-14 20:13 -------- d-----w- c:\program files\Microsoft Plus! Digital Media Edition
2009-12-14 20:13 . 2009-12-14 20:13 -------- d-----w- c:\program files\Microsoft Plus! Dancer LE
2009-12-14 20:08 . 2003-04-17 18:49 186976 ----a-w- c:\windows\walltoyUninst.exe
2009-12-14 20:08 . 2009-12-14 20:08 811 ----a-w- c:\windows\system32\unins000.dat
2009-12-14 20:07 . 2009-12-14 20:08 -------- d-----w- c:\program files\WallpaperToy
2009-12-14 19:56 . 2001-12-01 00:05 131072 ----a-w- c:\windows\system32\dzip32.dll
2009-12-14 19:56 . 2001-12-01 00:05 110592 ----a-w- c:\windows\system32\dunzip32.dll
2009-12-14 19:55 . 2009-12-14 19:56 -------- d-----w- c:\program files\Windows Media Bonus Pack for Windows XP
2009-12-14 16:46 . 2009-12-14 16:46 -------- d-----w- c:\program files\Eusing Free Registry Defrag
2009-12-14 13:54 . 2009-12-15 01:59 -------- d-----w- c:\program files\Microsoft User Agent String Utility
2009-12-13 20:48 . 2009-12-18 00:41 -------- d-----w- c:\program files\a-squared Free
2009-12-09 19:24 . 2009-12-09 19:24 -------- d-----w- C:\VundoFix Backups
2009-12-09 17:50 . 2009-12-09 17:50 -------- d-----w- c:\documents and settings\Carpenter\Application Data\WinPatrol
2009-12-09 17:38 . 2009-12-09 17:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SITEguard
2009-12-09 17:35 . 2009-12-09 17:35 -------- d-----w- c:\program files\Common Files\iS3
2009-12-09 17:35 . 2009-12-21 01:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\STOPzilla!
2009-12-09 16:44 . 2009-12-09 16:44 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\XoftSpySE
2009-12-06 19:31 . 2009-10-07 20:28 17544 ------w- c:\windows\system32\drivers\RkPavproc1.sys
2009-12-02 17:25 . 2009-12-02 17:25 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\TVU Networks
2009-11-29 20:04 . 2009-11-29 20:04 -------- d-----w- c:\documents and settings\Carpenter\Local Settings\Application Data\MetaGeek,_LLC

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-21 20:15 . 2009-03-09 23:21 -------- d-----w- c:\documents and settings\Carpenter\Application Data\Winamp
2009-12-21 01:49 . 2009-04-10 13:16 -------- d-----w- c:\program files\FrostWire
2009-12-21 01:49 . 2009-02-15 18:14 -------- d-----w- c:\program files\TVUPlayer
2009-12-21 01:47 . 2009-04-18 14:08 -------- d-----w- c:\documents and settings\Carpenter\Application Data\FrostWire
2009-12-20 18:29 . 2009-12-20 00:45 52224 ----a-w- c:\documents and settings\Carpenter\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-20 02:58 . 2009-07-16 22:54 1134592 ----a-w- c:\windows\system32\BCMWLTRY.EXE
2009-12-20 00:45 . 2009-03-17 14:37 117760 ----a-w- c:\documents and settings\Carpenter\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-20 00:29 . 2009-11-25 01:45 8055742 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-12-20 00:21 . 2009-03-06 00:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-12-19 14:16 . 2009-12-22 14:18 294656 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg9\update\backup\avglngx.dll
2009-12-18 00:46 . 2009-03-06 00:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-15 02:00 . 2009-04-10 13:15 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\WinZip
2009-12-15 01:34 . 2009-09-15 21:42 -------- d-----w- c:\program files\Codec Pack - All In 1
2009-12-15 01:33 . 2009-11-18 16:59 -------- d-----w- c:\program files\DivX
2009-12-14 20:12 . 2009-03-23 23:53 1140 -c--a-w- c:\windows\unins001.dat
2009-12-14 20:12 . 2002-02-10 06:00 72748 ----a-w- c:\windows\unins001.exe
2009-12-14 20:11 . 2009-03-23 23:53 1140 -c--a-w- c:\windows\unins000.dat
2009-12-14 20:11 . 2002-02-10 06:00 72748 ----a-w- c:\windows\unins000.exe
2009-12-14 20:11 . 2009-03-23 23:53 -------- d-----w- c:\program files\Temp
2009-12-14 20:07 . 2009-12-14 20:07 40960 ----a-r- c:\documents and settings\Carpenter\Application Data\Microsoft\Installer\{485E6526-EA98-4F04-925A-67424D12E1E2}\NewShortcut1.exe
2009-12-14 20:07 . 2009-12-14 20:07 40960 ----a-r- c:\documents and settings\Carpenter\Application Data\Microsoft\Installer\{485E6526-EA98-4F04-925A-67424D12E1E2}\NewShortcut2.exe
2009-12-14 19:46 . 2009-12-14 19:46 25214 ----a-r- c:\documents and settings\Carpenter\Application Data\Microsoft\Installer\{CE378F36-E404-4244-A33F-F50A2A6D31BD}\ARPPRODUCTICON.exe
2009-12-14 19:38 . 2009-12-14 19:38 22798 ----a-r- c:\documents and settings\Carpenter\Application Data\Microsoft\Installer\{8D6AE289-7A5E-41B4-A7F0-687C2DAB1B87}\_8EDC585963537054B6C7F9.exe
2009-12-14 19:38 . 2009-12-14 19:38 22798 ----a-r- c:\documents and settings\Carpenter\Application Data\Microsoft\Installer\{8D6AE289-7A5E-41B4-A7F0-687C2DAB1B87}\_6FEFF9B68218417F98F549.exe
2009-12-14 16:57 . 2009-03-06 00:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-14 16:57 . 2009-03-06 01:07 4844296 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-13 15:31 . 2009-01-05 01:34 -------- d-----w- c:\program files\Google
2009-12-13 15:19 . 2009-05-19 01:36 -------- d-----w- c:\program files\MySpace
2009-12-12 18:50 . 2009-12-22 14:18 4043032 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg9\update\backup\avgui.exe
2009-12-12 18:50 . 2009-12-22 14:18 3776280 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg9\update\backup\setup.exe
2009-12-12 18:46 . 2009-12-22 14:18 3967256 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg9\update\backup\avgcorex.dll
2009-12-10 22:28 . 2009-04-16 21:37 -------- d-----w- c:\program files\Common Files\Apple
2009-12-09 21:30 . 2009-04-29 00:32 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS
2009-12-09 19:26 . 2009-12-09 17:51 280 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2009-12-09 16:50 . 2008-07-11 19:59 -------- d-----w- c:\program files\Java
2009-12-09 16:46 . 2009-12-09 00:52 152576 ----a-w- c:\documents and settings\Carpenter\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-09 16:46 . 2009-12-08 23:58 79488 ----a-w- c:\documents and settings\Carpenter\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-07 18:51 . 2009-10-05 00:27 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-06 19:21 . 2009-10-15 21:55 -------- d-----w- c:\program files\Windows Live Safety Center
2009-12-03 21:14 . 2009-03-06 00:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 21:13 . 2009-03-06 00:33 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-27 15:26 . 2009-05-19 01:36 -------- d-----w- c:\documents and settings\Carpenter\Application Data\MySpace
2009-11-27 15:24 . 2009-11-27 15:24 9904720 ----a-w- c:\documents and settings\Carpenter\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.820.0-static-A.exe
2009-11-21 15:51 . 2006-02-28 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-18 17:00 . 2009-11-18 17:00 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-11-18 15:26 . 2009-11-18 15:26 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-11-18 15:25 . 2009-11-18 15:25 -------- d-----w- c:\program files\Zone Labs
2009-11-18 14:41 . 2009-11-18 14:41 -------- d-----w- c:\program files\Trend Micro
2009-11-17 13:25 . 2009-04-05 22:37 -------- d-----w- c:\documents and settings\Carpenter\Application Data\TVU networks
2009-11-16 16:37 . 2009-03-06 19:03 -------- d-----w- c:\documents and settings\Carpenter\Application Data\Yahoo!
2009-11-16 16:34 . 2009-03-06 01:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2009-11-12 19:56 . 2009-11-12 19:56 -------- d-----w- c:\program files\Linksys
2009-11-11 14:50 . 2008-07-11 17:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-11 13:50 . 2009-10-16 21:41 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-09 20:38 . 2009-10-16 21:41 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-09 20:38 . 2009-10-16 21:41 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-09 20:38 . 2009-10-16 21:41 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-09 20:37 . 2009-11-09 20:37 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\avg9
2009-11-09 20:37 . 2009-03-06 00:53 -------- d-----w- c:\program files\AVG
2009-10-29 18:23 . 2009-10-29 18:23 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2009-10-29 07:45 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-26 00:46 . 2009-10-25 23:55 63 ----a-w- c:\documents and settings\Carpenter\jagex_runescape_preferences2.dat
2009-10-26 00:45 . 2009-10-25 23:54 38 ----a-w- c:\documents and settings\Carpenter\jagex_runescape_preferences.dat
2009-10-21 05:38 . 2006-02-28 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2006-02-28 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 22:59 . 2009-04-15 21:47 409600 ----a-w- c:\windows\system32\lxdncoin.dll
2009-10-20 16:20 . 2006-02-28 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-16 00:18 . 2009-10-16 00:17 114142 ----a-w- C:\MGlogs.zip
2009-10-15 21:03 . 2009-03-06 18:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-13 10:30 . 2006-02-28 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2006-02-28 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2006-02-28 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-08 18:57 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 18:57 . 2006-02-28 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 18:56 . 2006-02-28 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-09-25 23:58 . 2009-09-16 00:46 1 ----a-w- c:\documents and settings\Carpenter\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic 5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^Carpenter^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2009-12-03 21:14 1394000 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 20:39 5244216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-06 22:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 05:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-15 21:03 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-12-18 00:46 2002160 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\WINDOWS\\system32\\lxdncoms.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnlscn.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\Diagnostics\\LXDNdiag.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\frun.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\app4r.exe"=
"c:\\Program Files\\Lexmark Fax Solutions\\FaxCtr.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\Diagnostics\\lxdndgl.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnwbgw.exe"=
"c:\\Program Files\\CCleaner\\CCleaner.exe"=
"c:\\Program Files\\Makayama Interactive\\Easy WiFi Radar\\Easy WIFI Radar.exe"=
"c:\\Program Files\\Eusing Free Registry Cleaner\\Regcleaner.exe"=
"c:\\Program Files\\Free Internet Window Washer\\Clearpch.exe"=
"c:\\Program Files\\Free WMA MP3 Converter\\Wmpcon.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/10/2009 8:44 AM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/16/2009 4:41 PM 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/16/2009 4:41 PM 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [5/28/2008 10:33 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/28/2008 10:33 AM 74480]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [12/13/2009 3:48 PM 1858144]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [11/9/2009 3:37 PM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/9/2009 3:37 PM 285392]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [8/22/2009 9:10 PM 38144]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [7/17/2009 7:27 PM 55152]
R3 WUSB54GSCV2;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\drivers\WUSB54GSCV2.sys [11/12/2009 2:56 PM 198144]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 5:08 PM 533360]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/28/2008 10:33 AM 7408]
S4 ASKService;ASKService; [x]
S4 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
S4 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [4/15/2009 4:47 PM 98984]
S4 Viewpoint Manager Service;Viewpoint Manager Service; [x]
S4 WUSB54GSC;WUSB54GSC;c:\program files\Linksys\WUSB54GSCv2\WLService.exe [11/12/2009 2:56 PM 65596]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myspace.com/
FF - ProfilePath - c:\documents and settings\Carpenter\Application Data\Mozilla\Firefox\Profiles\669vz2wu.default\
FF - plugin: c:\documents and settings\Carpenter\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-22 12:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1454471165-1965331169-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1454471165-1965331169-725345543-1003\Software\YourCompanyName\YourProductName\Version*]
"VersionData"=hex:e2,c9,d3,19,1d,de,68,b5,98,11,33,59,b6,5c,9c,45,27,28,d9,b2,
d6,ae,f6,52,76,95,6d,e4,ec,0e,aa,81,0e,07,0e,23,1f,be,52,4f,a1,41,7b,dc,f2,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3768)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2009-12-22 12:40:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-22 17:40
ComboFix2.txt 2009-11-29 02:50
ComboFix3.txt 2009-11-17 23:01
ComboFix4.txt 2009-10-16 00:09

Pre-Run: 20,422,373,376 bytes free
Post-Run: 20,411,166,720 bytes free

- - End Of File - - 45A58C0142D2B40B9C4954214EA20063

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 PM

Posted 22 December 2009 - 01:29 PM

Update and Scan with MalwareBytes Anti-Malware
  • Launch Malwarebytes' Anti-Malware
  • Go to the Update tab
  • Select Check for Update and let MBAM download and install any available updates.
  • After the update is complete go to the Scanner tab.
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 jmrdflcarpenter

jmrdflcarpenter
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:49242
  • Local time:02:54 PM

Posted 22 December 2009 - 05:05 PM

I did a MalwareBytes scan and for some reason, it didnt do a log, of course it didnt find anything and I use MalWareBytes on a daily basis anyways and I go into logs and see nothing in the logs. I am just letting you know it found no infected files.

Here us the DDS Log:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Carpenter at 17:03:44.94 on Tue 12/22/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.80 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Carpenter\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.myspace.com/
mURLSearchHooks: H - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
TB: {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} -
TB: {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\carpen~1\applic~1\mozilla\firefox\profiles\669vz2wu.default\
FF - plugin: c:\documents and settings\carpenter\local settings\application data\yahoo!\browserplus\2.4.17\plugins\npybrowserplus_2.4.17.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-10 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-16 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-16 28424]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-16 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-5-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 74480]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-11-18 353672]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-12-13 1858144]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-11-9 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-9 285392]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2009-8-22 38144]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-7-17 55152]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-3-5 38224]
R3 WUSB54GSCV2;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\drivers\WUSB54GSCV2.sys [2009-11-12 198144]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 7408]
S4 ASKService;ASKService; [x]
S4 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
S4 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2009-4-15 98984]
S4 Viewpoint Manager Service;Viewpoint Manager Service; [x]
S4 WUSB54GSC;WUSB54GSC;c:\program files\linksys\wusb54gscv2\WLService.exe [2009-11-12 65596]

=============== Created Last 30 ================

2009-12-21 20:12:37 0 d-----w- c:\docume~1\carpen~1\applic~1\BleachBit
2009-12-21 20:11:50 0 d-----w- c:\program files\BleachBit
2009-12-21 01:16:03 28236 ----a-w- c:\windows\system32\drivers\SGuard.sys
2009-12-21 01:16:03 25264 ----a-w- c:\windows\system32\smrgdf.exe
2009-12-21 01:16:02 0 d-----w- c:\program files\iolo
2009-12-20 22:16:57 0 d-----w- c:\program files\UberIcon
2009-12-18 15:48:48 1920054 ---ha-w- c:\windows\system32\toyhide.bmp
2009-12-18 15:44:16 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-12-18 15:44:10 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-12-18 15:44:08 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-12-18 15:44:04 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-12-18 15:43:58 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-12-18 15:43:31 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-12-18 15:43:23 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-12-18 15:43:21 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-12-18 15:43:16 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-12-18 15:43:15 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2009-12-18 15:41:57 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
2009-12-18 15:40:58 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2009-12-18 15:39:54 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2009-12-18 15:38:58 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2009-12-18 15:37:57 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2009-12-18 15:36:59 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2009-12-18 15:36:54 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2009-12-18 15:36:50 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2009-12-18 15:36:47 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2009-12-18 15:36:43 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-12-18 15:36:40 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2009-12-18 15:36:37 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2009-12-18 15:36:33 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2009-12-18 15:36:30 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2009-12-18 15:36:28 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2009-12-18 15:36:24 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2009-12-18 15:36:03 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2009-12-18 15:34:56 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys
2009-12-18 15:34:53 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2009-12-18 15:34:50 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2009-12-18 15:34:46 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2009-12-18 15:34:42 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2009-12-18 15:34:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2009-12-18 15:34:25 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2009-12-18 15:34:22 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2009-12-18 15:34:19 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2009-12-18 15:34:15 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2009-12-18 15:34:10 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2009-12-18 15:34:06 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2009-12-18 15:33:22 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2009-12-18 15:33:20 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2009-12-18 15:33:17 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2009-12-18 15:31:59 166720 -c--a-w- c:\windows\system32\dllcache\s3m.sys
2009-12-18 15:30:31 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2009-12-18 15:30:26 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2009-12-18 15:30:23 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2009-12-18 15:30:19 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2009-12-18 15:30:16 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2009-12-18 15:30:09 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2009-12-18 15:30:06 40448 -c--a-w- c:\windows\system32\dllcache\ql1240.sys
2009-12-18 15:30:03 45312 -c--a-w- c:\windows\system32\dllcache\ql12160.sys
2009-12-18 15:30:00 33152 -c--a-w- c:\windows\system32\dllcache\ql10wnt.sys
2009-12-18 15:28:59 173696 -c--a-w- c:\windows\system32\dllcache\philcam2.sys
2009-12-18 15:27:59 25216 -c--a-w- c:\windows\system32\dllcache\ovsound2.sys
2009-12-18 15:26:59 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2009-12-18 15:24:59 13664 -c--a-w- c:\windows\system32\dllcache\n9i128.sys
2009-12-18 15:23:50 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2009-12-18 15:23:46 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2009-12-18 15:23:46 56832 -c--a-w- c:\windows\system32\dllcache\msdvbnp.ax
2009-12-18 15:23:45 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2009-12-18 15:23:37 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2009-12-18 15:23:32 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2009-12-18 15:23:27 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2009-12-18 15:23:20 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2009-12-18 15:23:14 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2009-12-18 15:23:12 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2009-12-18 15:23:09 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2009-12-18 15:23:06 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2009-12-18 15:23:03 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2009-12-18 15:21:59 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys
2009-12-18 15:20:53 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-12-18 15:19:42 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2009-12-18 15:18:57 353184 -c--a-w- c:\windows\system32\dllcache\i740dnt5.dll
2009-12-18 15:17:58 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
2009-12-18 15:16:59 17408 -c--a-w- c:\windows\system32\dllcache\gpr400.sys
2009-12-18 15:15:48 24618 -c--a-w- c:\windows\system32\dllcache\fa410nd5.sys
2009-12-18 15:14:59 53248 -c--a-w- c:\windows\system32\dllcache\eqndiag.exe
2009-12-18 15:13:59 28062 -c--a-w- c:\windows\system32\dllcache\dp83820.sys
2009-12-18 15:12:58 86016 -c--a-w- c:\windows\system32\dllcache\dc240usd.dll
2009-12-18 15:11:59 6656 -c--a-w- c:\windows\system32\dllcache\cmdide.sys
2009-12-18 15:10:43 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2009-12-18 15:09:58 23552 -c--a-w- c:\windows\system32\dllcache\atixbar.sys
2009-12-18 15:08:57 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2009-12-18 15:07:16 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-12-15 02:05:46 0 d--h--w- c:\windows\PIF
2009-12-14 20:13:42 0 d-----w- c:\program files\Microsoft Plus! Digital Media Edition
2009-12-14 20:13:39 0 d-----w- c:\program files\Microsoft Plus! Dancer LE
2009-12-14 20:11:28 67072 ----a-w- c:\windows\system32\AKCPanel.cpl
2009-12-14 20:08:21 186976 ----a-w- c:\windows\walltoyUninst.exe
2009-12-14 20:08:03 811 ----a-w- c:\windows\system32\unins000.dat
2009-12-14 20:07:48 0 d-----w- c:\program files\WallpaperToy
2009-12-14 19:56:12 131072 ----a-w- c:\windows\system32\dzip32.dll
2009-12-14 19:56:12 110592 ----a-w- c:\windows\system32\dunzip32.dll
2009-12-14 19:55:42 0 d-----w- c:\program files\Windows Media Bonus Pack for Windows XP
2009-12-14 16:46:38 0 d-----w- c:\program files\Eusing Free Registry Defrag
2009-12-14 13:54:58 0 d-----w- c:\program files\Microsoft User Agent String Utility
2009-12-13 20:48:06 0 d-----w- c:\program files\a-squared Free
2009-12-09 19:24:36 0 d-----w- C:\VundoFix Backups
2009-12-09 17:51:37 280 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2009-12-09 17:50:01 0 d-----w- c:\docume~1\carpen~1\applic~1\WinPatrol
2009-12-09 17:38:45 0 d-----w- c:\docume~1\alluse~1.win\applic~1\SITEguard
2009-12-09 17:35:03 0 d-----w- c:\program files\common files\iS3
2009-12-09 17:35:00 0 d-----w- c:\docume~1\alluse~1.win\applic~1\STOPzilla!
2009-12-09 16:44:40 0 d-----w- c:\docume~1\alluse~1.win\applic~1\XoftSpySE
2009-12-06 19:31:31 17544 ------w- c:\windows\system32\drivers\RkPavproc1.sys
2009-12-02 17:25:56 0 d-----w- c:\docume~1\alluse~1.win\applic~1\TVU Networks

==================== Find3M ====================

2009-12-20 02:58:39 1134592 ----a-w- c:\windows\system32\BCMWLTRY.EXE
2009-12-14 20:12:00 72748 ----a-w- c:\windows\unins001.exe
2009-12-14 20:11:25 72748 ----a-w- c:\windows\unins000.exe
2009-12-10 03:54:07 261632 ----a-w- c:\windows\PEV.exe
2009-12-03 21:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 21:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-18 15:26:07 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-11-11 13:50:51 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-09 20:38:40 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-09 20:38:10 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-29 07:45:38 916480 ------w- c:\windows\system32\wininet.dll
2009-10-26 00:46:45 63 ----a-w- c:\documents and settings\carpenter\jagex_runescape_preferences2.dat
2009-10-26 00:45:13 38 ----a-w- c:\documents and settings\carpenter\jagex_runescape_preferences.dat
2009-10-25 11:11:34 77312 ----a-w- c:\windows\MBR.exe
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 22:59:04 409600 ----a-w- c:\windows\system32\lxdncoin.dll
2009-10-16 00:18:29 114142 ----a-w- C:\MGlogs.zip
2009-10-15 21:03:42 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-08 18:57:02 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 18:57:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 18:56:56 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-04-11 19:49:54 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009041120090412\index.dat

============= FINISH: 17:04:25.31 ===============

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 PM

Posted 22 December 2009 - 06:50 PM

Can you let me know how your computer is running and attach the Attach log too.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 jmrdflcarpenter

jmrdflcarpenter
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:49242
  • Local time:02:54 PM

Posted 23 December 2009 - 05:52 PM

The DDS log?

My internet browsers were working better. After I did everything you told me it deleted Mozilla, I have a dead shortcut now and it moved Internet Explorer somewhere where I cant find it. I gotta use the Windows Update to get Internet Explorer working and it stops responing, has done it 3 times today

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 PM

Posted 23 December 2009 - 06:02 PM

The DDS log?

No, the log that comes with the DDS.txt log.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 jmrdflcarpenter

jmrdflcarpenter
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:49242
  • Local time:02:54 PM

Posted 24 December 2009 - 10:21 AM

Ok well here's the log:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Carpenter at 10:18:44.29 on Thu 12/24/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.69 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft Plus! Dancer LE\DncLE.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Carpenter\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

mURLSearchHooks: H - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
TB: {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} -
TB: {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\carpen~1\applic~1\mozilla\firefox\profiles\669vz2wu.default\
FF - plugin: c:\documents and settings\carpenter\local settings\application data\yahoo!\browserplus\2.4.17\plugins\npybrowserplus_2.4.17.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-10 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-16 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-16 28424]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-16 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-5-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 74480]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-11-18 353672]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-12-13 1858144]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-11-9 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-9 285392]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2009-8-22 38144]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-7-17 55152]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 WUSB54GSCV2;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\drivers\WUSB54GSCV2.sys [2009-11-12 198144]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 7408]
S4 ASKService;ASKService; [x]
S4 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
S4 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2009-4-15 98984]
S4 Viewpoint Manager Service;Viewpoint Manager Service; [x]
S4 WUSB54GSC;WUSB54GSC;c:\program files\linksys\wusb54gscv2\WLService.exe [2009-11-12 65596]

=============== Created Last 30 ================

2009-12-21 20:12:37 0 d-----w- c:\docume~1\carpen~1\applic~1\BleachBit
2009-12-21 20:11:50 0 d-----w- c:\program files\BleachBit
2009-12-21 01:16:03 28236 ----a-w- c:\windows\system32\drivers\SGuard.sys
2009-12-21 01:16:03 25264 ----a-w- c:\windows\system32\smrgdf.exe
2009-12-21 01:16:02 0 d-----w- c:\program files\iolo
2009-12-20 22:16:57 0 d-----w- c:\program files\UberIcon
2009-12-18 15:48:48 1920054 ---ha-w- c:\windows\system32\toyhide.bmp
2009-12-18 15:44:16 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-12-18 15:44:10 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-12-18 15:44:08 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-12-18 15:44:04 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-12-18 15:43:58 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-12-18 15:43:31 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-12-18 15:43:23 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-12-18 15:43:21 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-12-18 15:43:16 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-12-18 15:43:15 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2009-12-18 15:41:57 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
2009-12-18 15:40:58 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2009-12-18 15:39:54 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2009-12-18 15:38:58 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2009-12-18 15:37:57 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2009-12-18 15:36:59 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2009-12-18 15:36:54 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2009-12-18 15:36:50 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2009-12-18 15:36:47 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2009-12-18 15:36:43 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-12-18 15:36:40 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2009-12-18 15:36:37 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2009-12-18 15:36:33 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2009-12-18 15:36:30 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2009-12-18 15:36:28 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2009-12-18 15:36:24 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2009-12-18 15:36:03 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2009-12-18 15:34:56 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys
2009-12-18 15:34:53 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2009-12-18 15:34:50 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2009-12-18 15:34:46 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2009-12-18 15:34:42 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2009-12-18 15:34:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2009-12-18 15:34:25 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2009-12-18 15:34:22 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2009-12-18 15:34:19 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2009-12-18 15:34:15 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2009-12-18 15:34:10 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2009-12-18 15:34:06 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2009-12-18 15:33:22 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2009-12-18 15:33:20 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2009-12-18 15:33:17 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2009-12-18 15:31:59 166720 -c--a-w- c:\windows\system32\dllcache\s3m.sys
2009-12-18 15:30:31 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2009-12-18 15:30:26 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2009-12-18 15:30:23 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2009-12-18 15:30:19 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2009-12-18 15:30:16 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2009-12-18 15:30:09 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2009-12-18 15:30:06 40448 -c--a-w- c:\windows\system32\dllcache\ql1240.sys
2009-12-18 15:30:03 45312 -c--a-w- c:\windows\system32\dllcache\ql12160.sys
2009-12-18 15:30:00 33152 -c--a-w- c:\windows\system32\dllcache\ql10wnt.sys
2009-12-18 15:28:59 173696 -c--a-w- c:\windows\system32\dllcache\philcam2.sys
2009-12-18 15:27:59 25216 -c--a-w- c:\windows\system32\dllcache\ovsound2.sys
2009-12-18 15:26:59 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2009-12-18 15:24:59 13664 -c--a-w- c:\windows\system32\dllcache\n9i128.sys
2009-12-18 15:23:50 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2009-12-18 15:23:46 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2009-12-18 15:23:46 56832 -c--a-w- c:\windows\system32\dllcache\msdvbnp.ax
2009-12-18 15:23:45 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2009-12-18 15:23:37 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2009-12-18 15:23:32 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2009-12-18 15:23:27 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2009-12-18 15:23:20 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2009-12-18 15:23:14 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2009-12-18 15:23:12 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2009-12-18 15:23:09 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2009-12-18 15:23:06 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2009-12-18 15:23:03 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2009-12-18 15:21:59 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys
2009-12-18 15:20:53 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-12-18 15:19:42 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2009-12-18 15:18:57 353184 -c--a-w- c:\windows\system32\dllcache\i740dnt5.dll
2009-12-18 15:17:58 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
2009-12-18 15:16:59 17408 -c--a-w- c:\windows\system32\dllcache\gpr400.sys
2009-12-18 15:15:48 24618 -c--a-w- c:\windows\system32\dllcache\fa410nd5.sys
2009-12-18 15:14:59 53248 -c--a-w- c:\windows\system32\dllcache\eqndiag.exe
2009-12-18 15:13:59 28062 -c--a-w- c:\windows\system32\dllcache\dp83820.sys
2009-12-18 15:12:58 86016 -c--a-w- c:\windows\system32\dllcache\dc240usd.dll
2009-12-18 15:11:59 6656 -c--a-w- c:\windows\system32\dllcache\cmdide.sys
2009-12-18 15:10:43 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2009-12-18 15:09:58 23552 -c--a-w- c:\windows\system32\dllcache\atixbar.sys
2009-12-18 15:08:57 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2009-12-18 15:07:16 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-12-15 02:05:46 0 d--h--w- c:\windows\PIF
2009-12-14 20:13:42 0 d-----w- c:\program files\Microsoft Plus! Digital Media Edition
2009-12-14 20:13:39 0 d-----w- c:\program files\Microsoft Plus! Dancer LE
2009-12-14 20:11:28 67072 ----a-w- c:\windows\system32\AKCPanel.cpl
2009-12-14 20:08:21 186976 ----a-w- c:\windows\walltoyUninst.exe
2009-12-14 20:08:03 811 ----a-w- c:\windows\system32\unins000.dat
2009-12-14 20:07:48 0 d-----w- c:\program files\WallpaperToy
2009-12-14 19:56:12 131072 ----a-w- c:\windows\system32\dzip32.dll
2009-12-14 19:56:12 110592 ----a-w- c:\windows\system32\dunzip32.dll
2009-12-14 19:55:42 0 d-----w- c:\program files\Windows Media Bonus Pack for Windows XP
2009-12-14 16:46:38 0 d-----w- c:\program files\Eusing Free Registry Defrag
2009-12-14 13:54:58 0 d-----w- c:\program files\Microsoft User Agent String Utility
2009-12-13 20:48:06 0 d-----w- c:\program files\a-squared Free
2009-12-09 19:24:36 0 d-----w- C:\VundoFix Backups
2009-12-09 17:51:37 280 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2009-12-09 17:50:01 0 d-----w- c:\docume~1\carpen~1\applic~1\WinPatrol
2009-12-09 17:38:45 0 d-----w- c:\docume~1\alluse~1.win\applic~1\SITEguard
2009-12-09 17:35:03 0 d-----w- c:\program files\common files\iS3
2009-12-09 17:35:00 0 d-----w- c:\docume~1\alluse~1.win\applic~1\STOPzilla!
2009-12-09 16:44:40 0 d-----w- c:\docume~1\alluse~1.win\applic~1\XoftSpySE
2009-12-06 19:31:31 17544 ------w- c:\windows\system32\drivers\RkPavproc1.sys
2009-12-02 17:25:56 0 d-----w- c:\docume~1\alluse~1.win\applic~1\TVU Networks

==================== Find3M ====================

2009-12-20 02:58:39 1134592 ----a-w- c:\windows\system32\BCMWLTRY.EXE
2009-12-14 20:12:00 72748 ----a-w- c:\windows\unins001.exe
2009-12-14 20:11:25 72748 ----a-w- c:\windows\unins000.exe
2009-12-10 03:54:07 261632 ----a-w- c:\windows\PEV.exe
2009-12-03 21:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 21:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-18 15:26:07 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-11-11 13:50:51 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-09 20:38:40 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-09 20:38:10 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-29 07:45:38 916480 ------w- c:\windows\system32\wininet.dll
2009-10-26 00:46:45 63 ----a-w- c:\documents and settings\carpenter\jagex_runescape_preferences2.dat
2009-10-26 00:45:13 38 ----a-w- c:\documents and settings\carpenter\jagex_runescape_preferences.dat
2009-10-25 11:11:34 77312 ----a-w- c:\windows\MBR.exe
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 22:59:04 409600 ----a-w- c:\windows\system32\lxdncoin.dll
2009-10-16 00:18:29 114142 ----a-w- C:\MGlogs.zip
2009-10-15 21:03:42 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-08 18:57:02 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 18:57:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 18:56:56 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-04-11 19:49:54 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009041120090412\index.dat

============= FINISH: 10:19:30.51 ===============

Attached Files


Edited by Orange Blossom, 25 December 2009 - 07:00 PM.
Removed the echo. ~ OB


#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 PM

Posted 24 December 2009 - 11:32 AM

Overall that looks good.

Update Java to Version 6 Update 17

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for Java Runtime Environment (JRE) JRE 6 Update 17.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Open the Kaspersky WebScanner
    page.
  • Click on the Posted Image button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Posted Image button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis if needed.

Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 jmrdflcarpenter

jmrdflcarpenter
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:49242
  • Local time:02:54 PM

Posted 24 December 2009 - 01:27 PM

Cant update it. Tried that numberous times before I had the issue. I went to the website, tried to download it. A window comes on my screen that says:

Splash: sysCreateListenerSocket failed




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users