Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

please help cannot clean my computer enough to get an antivirus program....winext worm...freddy79.exe....are a few i have had...please help me????????


  • This topic is locked This topic is locked
7 replies to this topic

#1 hgibson27

hgibson27

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 18 January 2010 - 04:52 PM

DDS (Ver_09-12-01.01) - NTFSx86
Run by Heather at 15:31:27.23 on Mon 01/18/2010
Internet Explorer: 8.0.6001.18702

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page =
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061121
uSearch Bar =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061121
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearchAssistant =
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\17.0.0.136\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: PriceGongCtrl Class: {d2a2595c-4fe4-4315-aa9b-19dbd6271b71} - c:\program files\pricegong\1.5.0\PriceGongIE.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {A93A3CC9-BA23-4D0D-9440-6A0148362B7E} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\heather\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
IE: Add to AMV Converter... - c:\program files\mp3 player utilities 4.12\amvconverter\grab.html
IE: Add to Media Manager... - c:\program files\mp3 player utilities 4.12\mediamanager\grab.html
IE: E&xport to Microsoft Excel - c:\msoffice\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {25365FF3-2746-4230-9DA7-163CCA318309} - hxxp://inst.c-wss.com/vwhpro/EN/install/gtdownlr.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254435522093
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254435498578
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} - hxxp://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli scecli

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2010-01-15 01:08:50 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-01-15 01:08:50 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-01-15 01:08:50 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-01-15 01:08:50 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-01-15 01:08:49 0 d-----w- c:\program files\Symantec
2010-01-15 01:00:43 0 d-----w- c:\program files\Norton AntiVirus
2010-01-15 00:37:38 0 d-----w- c:\program files\common files\Symantec Shared
2010-01-15 00:34:08 0 d-----w- c:\program files\NortonInstaller
2010-01-14 23:49:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-14 23:49:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-14 23:49:02 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-14 23:49:02 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-12 21:29:14 92672 ----a-w- c:\windows\rdr_1263331751.exe
2010-01-12 21:14:48 92672 ----a-w- c:\windows\rdr_1263330878.exe
2010-01-12 21:10:31 18432 --sh--r- c:\program files\captcha.dll
2010-01-12 21:10:27 45568 ----a-w- c:\windows\tag16.exe
2010-01-12 21:10:27 1 ---h--w- c:\windows\tgm2.dat
2010-01-12 21:10:26 2 ----a-w- c:\windows\0101120101465449.xxe
2010-01-12 21:10:24 1 ---h--w- c:\windows\bx4657.dat
2010-01-12 21:10:23 83968 ----a-w- c:\windows\sber20.exe
2010-01-12 21:10:22 2 ----a-w- c:\windows\0101120101464850.xxe
2010-01-12 20:49:10 562 ----a-w- c:\windows\rdr_1263329349.exe
2010-01-12 20:49:07 562 ----a-w- c:\windows\rdr_1263329322.exe
2010-01-12 20:22:59 0 ----a-w- c:\windows\rdr_1263327778.exe
2010-01-12 20:22:58 0 ----a-w- c:\windows\rdr_1263327765.exe
2010-01-12 20:22:45 0 ----a-w- c:\windows\rdr_1263327746.exe
2010-01-12 20:07:39 0 d-----w- c:\docume~1\heather\applic~1\Tific
2010-01-12 20:04:20 92672 ----a-w- c:\windows\rdr_1263326655.exe
2010-01-12 19:39:22 0 d-----w- c:\windows\system32\drivers\NAV
2010-01-12 19:37:35 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-01-12 19:37:09 92672 ----a-w- c:\windows\rdr_1263325027.exe
2010-01-12 19:36:54 2 ----a-w- c:\windows\010112010146115116.xxe
2010-01-12 19:36:53 2 ----a-w- c:\windows\010112010146111103.xxe
2010-01-12 19:34:36 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-01-06 21:49:33 92672 ----a-w- c:\windows\rdr_1262814564.exe
2010-01-06 21:11:28 0 d-----w- c:\program files\Microsoft
2010-01-06 04:54:48 1815 ----a-w- c:\windows\fs1235.dat
2010-01-06 04:53:45 39936 ---h--w- c:\windows\pp14.exe
2010-01-06 04:53:44 1 ----a-w- c:\windows\fdgg34353edfgdfdf
2010-01-06 04:52:34 59520 ----a-w- c:\windows\system32\drivers\fio32.sys
2010-01-06 04:52:34 50688 ----a-w- c:\windows\system32\fio32.dll
2010-01-06 04:52:27 0 d-----w- c:\program files\webserver
2010-01-06 04:52:24 92672 ----a-w- c:\windows\rdr_1262753535.exe.exe
2010-01-06 04:52:17 1 ---h--w- c:\windows\mmsmark3.dat
2010-01-06 04:52:15 2 ----a-w- c:\windows\0101120101465450.xxe
2010-01-06 04:52:09 2 ----a-w- c:\windows\010112010146114101.xxe
2010-01-06 04:52:06 1 ---h--w- c:\windows\bk23567.dat
2010-01-06 04:52:05 2 ----a-w- c:\windows\0101120101465755.xxe
2009-12-23 21:30:49 0 d-----w- C:\users
2009-12-21 22:47:56 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-12-21 22:47:56 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2009-12-21 22:41:34 0 d-----w- c:\windows\pss
2009-12-21 22:30:36 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-12-21 22:30:36 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-12-21 22:27:59 17664 ----a-w- c:\windows\system32\drivers\sermouse.sys
2009-12-21 22:27:59 17664 ----a-w- c:\windows\system32\dllcache\sermouse.sys

==================== Find3M ====================

2009-11-30 01:19:53 3992 ----a-w- c:\docume~1\heather\applic~1\wklnhst.dat
2009-11-24 20:34:58 66712 ----a-w- c:\docume~1\heather\applic~1\GDIPFONTCACHEV1.DAT
2009-11-12 22:07:15 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-11-12 22:07:15 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-11-03 02:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-28 14:40:47 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll

============= FINISH: 15:32:57.07 ===============
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/18 15:37
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF9DAB000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -

Name: ADIHdAud.sys
Image Path: C:\WINDOWS\system32\drivers\ADIHdAud.sys
Address: 0xF753D000 Size: 249856 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xF70DC000 Size: 138496 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF9D63000 Size: 96512 File Visible: - Signed: -
Status: -

Name: ati2cqag.dll
Image Path: C:\WINDOWS\System32\ati2cqag.dll
Address: 0xBF055000 Size: 286720 File Visible: - Signed: -
Status: -

Name: ati2dvag.dll
Image Path: C:\WINDOWS\System32\ati2dvag.dll
Address: 0xBF012000 Size: 274432 File Visible: - Signed: -
Status: -

Name: ati2mtag.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Address: 0xF99DA000 Size: 1642496 File Visible: - Signed: -
Status: -

Name: ati3duag.dll
Image Path: C:\WINDOWS\System32\ati3duag.dll
Address: 0xBF0DD000 Size: 2756608 File Visible: - Signed: -
Status: -

Name: atiide.sys
Image Path: atiide.sys
Address: 0xFA4A3000 Size: 3456 File Visible: - Signed: -
Status: -

Name: atikvmag.dll
Image Path: C:\WINDOWS\System32\atikvmag.dll
Address: 0xBF09B000 Size: 270336 File Visible: - Signed: -
Status: -

Name: ativvaxx.dll
Image Path: C:\WINDOWS\System32\ativvaxx.dll
Address: 0xBF37E000 Size: 1753088 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xFA5FA000 Size: 3072 File Visible: - Signed: -
Status: -

Name: bcm4sbxp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
Address: 0xF9FAA000 Size: 65536 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xFA40C000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BHDrvx86.sys
Image Path: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20090829.001\BHDrvx86.sys
Address: 0xF6EA2000 Size: 524288 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xFA2EA000 Size: 12288 File Visible: - Signed: -
Status: -

Name: ccHPx86.sys
Image Path: C:\WINDOWS\system32\drivers\NAV\1100000.088\ccHPx86.sys
Address: 0xF6F22000 Size: 520192 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xFA14A000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF9F7A000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF9F1A000 Size: 53248 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF9F0A000 Size: 36352 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xFA05A000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF6E3E000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xFA41A000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xF9B77000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xFA5D0000 Size: 4096 File Visible: - Signed: -
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xF6E56000 Size: 143744 File Visible: - Signed: -
Status: -

Name: fio32.sys
Image Path: C:\WINDOWS\system32\drivers\fio32.sys
Address: 0xFA0EA000 Size: 59520 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xFA11A000 Size: 44544 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF9D43000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xFA408000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF9D7B000 Size: 125056 File Visible: - Signed: -
Status: -

Name: H8SRTjpsdrnnwrs.sys
Image Path: C:\WINDOWS\system32\drivers\H8SRTjpsdrnnwrs.sys
Address: 0xF7263000 Size: 118784 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806D0000 Size: 131840 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xF9957000 Size: 163840 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xF5BB7000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xFA282000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xF6542000 Size: 10368 File Visible: - Signed: -
Status: -

Name: HSF_CNXT.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
Address: 0xF9769000 Size: 680704 File Visible: - Signed: -
Status: -

Name: HSF_DP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
Address: 0xF9810000 Size: 1042432 File Visible: - Signed: -
Status: -

Name: HSFHWBS2.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
Address: 0xF990F000 Size: 212224 File Visible: - Signed: -
Status: -

Name: i2omgmt.SYS
Image Path: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Address: 0xF9B87000 Size: 8576 File Visible: - Signed: -
Status: -

Name: IDSxpx86.sys
Image Path: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20090828.002\IDSxpx86.sys
Address: 0xF7126000 Size: 344064 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xF9F6A000 Size: 36352 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xF717A000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xF7250000 Size: 75264 File Visible: - Signed: -
Status: -

Name: Ironx86.SYS
Image Path: C:\WINDOWS\system32\drivers\NAV\1100000.088\Ironx86.SYS
Address: 0xF7443000 Size: 126976 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF9EDA000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xFA22A000 Size: 24576 File Visible: - Signed: -
Status: -

Name: kbdhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Address: 0xF5D43000 Size: 14592 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xFA3DA000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xF58A9000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF997F000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF9CEE000 Size: 92928 File Visible: - Signed: -
Status: -

Name: mdmxsdk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Address: 0xF6386000 Size: 9920 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xFA410000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xFA1E2000 Size: 30080 File Visible: - Signed: -
Status: -

Name: MODEMCSA.sys
Image Path: C:\WINDOWS\system32\drivers\MODEMCSA.sys
Address: 0xFA3BE000 Size: 16128 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xFA232000 Size: 23040 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF9EEA000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xF7041000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xFA192000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF9FEA000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xFA39E000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF9BC4000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NAVENG.SYS
Image Path: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20090829.019\NAVENG.SYS
Address: 0xF72C8000 Size: 78208 File Visible: - Signed: -
Status: -

Name: NAVEX15.SYS
Image Path: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20090829.019\NAVEX15.SYS
Address: 0xF7301000 Size: 1316864 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF9C34000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xFA38A000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF9752000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xFA00A000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xFA0FA000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xF70FE000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xFA1A2000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF9C61000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xFA535000 Size: 2944 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xF9943000 Size: 80128 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xFA162000 Size: 19712 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF9D9A000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xFA4A2000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xFA15A000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xF7519000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF9741000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xFA212000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF9F2A000 Size: 35712 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xFA36E000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF9FBA000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF9FCA000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF9FDA000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xFA222000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xF70B1000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xFA414000 Size: 4224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF9F8A000 Size: 57600 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xFA0AA000 Size: 49152 File Visible: No Signed: -
Status: -

Name: Senfilt.sys
Image Path: C:\WINDOWS\system32\drivers\Senfilt.sys
Address: 0xF74B9000 Size: 392960 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xFA37E000 Size: 15744 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xF9F9A000 Size: 64512 File Visible: - Signed: -
Status: -

Name: sermouse.sys
Image Path: C:\WINDOWS\system32\DRIVERS\sermouse.sys
Address: 0xFA2BA000 Size: 17664 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF9D31000 Size: 73472 File Visible: - Signed: -
Status: -

Name: SRTSP.SYS
Image Path: C:\WINDOWS\system32\drivers\NAV\1100000.088\SRTSP.SYS
Address: 0xF7462000 Size: 356352 File Visible: - Signed: -
Status: -

Name: SRTSPX.SYS
Image Path: C:\WINDOWS\system32\drivers\NAV\1100000.088\SRTSPX.SYS
Address: 0xFA06A000 Size: 36992 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xF5FBA000 Size: 333952 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xFA3F2000 Size: 4352 File Visible: - Signed: -
Status: -

Name: SYMDS.SYS
Image Path: SYMDS.SYS
Address: 0xF9BDE000 Size: 352256 File Visible: No Signed: -
Status: -

Name: SYMEFA.SYS
Image Path: SYMEFA.SYS
Address: 0xF9D05000 Size: 180224 File Visible: No Signed: -
Status: -

Name: SYMEVENT.SYS
Image Path: C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
Address: 0xF72DC000 Size: 151552 File Visible: - Signed: -
Status: -

Name: SYMTDI.SYS
Image Path: C:\WINDOWS\system32\drivers\NAV\1100000.088\SYMTDI.SYS
Address: 0xF71A0000 Size: 354688 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xF763F000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xF71F7000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xFA202000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF9FFA000 Size: 40704 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF96E3000 Size: 384768 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xFA3FE000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xFA1C2000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xFA03A000 Size: 59520 File Visible: - Signed: -
Status: -

Name: usbohci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Address: 0xFA1BA000 Size: 17152 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF99A2000 Size: 147456 File Visible: - Signed: -
Status: -

Name: usbprint.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbprint.sys
Address: 0xFA21A000 Size: 25856 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xFA2DA000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF99C6000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF9EFA000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xFA0DA000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xFA20A000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xF62B9000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xFA3DC000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -
HEATHER DAWN

BC AdBot (Login to Remove)

 


#2 hgibson27

hgibson27
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 18 January 2010 - 05:04 PM

Title was: Infected with winext worm...freddy79.exe...among others i am sure sad.gif, Cannot remove from my computer ~ OB

To Whom it may concern,

I am a single mother who is in college and I dont have money to fix my computer...i have done alot of research and even went so far as to delete some of my virus problems...however...often my computer is slow and freezes up..as well as it will not let me get onto any antivirus website or download any antivirus software...i am completely lost as to how to fix the problem or where it is even located...i have stopped the winext.exe and freddy79 process from starting when my computer starts ...as well as deleted it from my files(i think) , but i am still having problems...i am not entirely certain where I should go from here any help would be greatly appreciated!!!!!! my log and report are attached

Attached Files


Edited by Orange Blossom, 18 January 2010 - 05:46 PM.
Merged topics. ~ OB

HEATHER DAWN

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:39 PM

Posted 19 January 2010 - 05:09 AM

Hi,

I see you have malwarebytes installed, but I don't think your version of malwarebytes is up to date, because I know it can deal with this variant properly.

Please uninstall the current version of Malwarebytes and redownload and install it (latest version):
* Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.
  • Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh DDS log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Edited by miekiemoes, 19 January 2010 - 05:09 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 hgibson27

hgibson27
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 19 January 2010 - 08:09 PM

Thank you for your reply, i appreciate it however I recently tried to install malwarebytes, but due to my viral infection I am not allowed to complete the installation process...this is one of my major problems....i cannot install any antivirus software to my computer...i could uninstall it, but thats as far as i will get....i have tried norton...avg...cannot even get on most antivirus websites...
HEATHER DAWN

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:39 PM

Posted 20 January 2010 - 01:04 AM

Do you get any errors when you install? This is important to know...


Please try this version of malwarebytes: Click the link here
Save it on your desktop. You'll see it will have a random name, and will look similar like this:
Doubleclick on it, so it will extract the files and will start Malwarebytes automatically.
In case the installer (random named file) won't run either, rename it to EXPLORER.EXE and try again.

When Malwarebytes opens, click the "Update" tab FIRST and select to check for updates in order to get the latest updates.
In case Malwarebytes doesn't open, search for the folder mbam-installer on your desktop, open it and doubleclick the file winlogon.exe which will be present in there. This should launch Malwarebytes.

Then perform a scan and let it remove what it found. Reboot afterwards (important).
After reboot, post the malwarebytes log together with a new HijackThislog.

In case you're having problems with above instructions, let me know.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 hgibson27

hgibson27
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 22 January 2010 - 09:30 PM

I really do appreciate your trying to help me, but I tried the link and couldn't get the webpage to come up...it says internet explorer cannot dispay this webpage...its the same message i get when i try to get onto any antivirus website sad.gif
HEATHER DAWN

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:39 PM

Posted 23 January 2010 - 02:57 AM

Hi,

I'm going to send you a private message. Please check your private messages on top.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:39 PM

Posted 03 February 2010 - 12:05 PM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users