Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DDS logs but can't run GMER


  • This topic is locked This topic is locked
3 replies to this topic

#1 dwd40

dwd40

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 09 February 2010 - 09:34 PM

I have been working with Boopme over in the Am I Infected forum and have tried to follow the next steps but cannot get GMER to run without BSOD. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/290981/search-engine-redirect-no-safe-mode/ ~ OB I am posting the DDS logs to see if I can get some advice on the next steps. Main symptom seems to be most of the time (not every time) after a restart something is running in the background and casuing hard drive access that slows computer down considerably. Also programs hang once in a while - mostly malware or spyware programs during scans like GMER or sometimes SUPERantispyware.

DDS log

DDS (Ver_09-12-01.01) - NTFSx86
Run by Darrell at 21:41:53.45 on Mon 02/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2479 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Documents and Settings\Darrell\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Darrell\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: ParentalControl Bar: {a057a204-bacc-4d26-908b-27fcd4a32e85} - c:\progra~1\parent~1\PARENT~1.DLL
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: ParentalControl Bar: {a057a204-bacc-4d26-908b-27fcd4a32e85} - c:\progra~1\parent~1\PARENT~1.DLL
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [SansaDispatch] c:\documents and settings\darrell\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [DLBTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBTtime.dll,_RunDLLEntry@16
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Locate Spot on Map by GPS - c:\program files\opanda\iexif 2.3\IExifMap.htm
IE: View Exif/GPS/IPTC with IExif - c:\program files\opanda\iexif 2.3\IExifCom.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: plaxo.com\www
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {427489F8-A781-42F6-941C-BE458C17CC48} - hxxp://www.mypicturetown.com/P2PwebCmdController/x/Upld_40.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264910784242
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160526961515
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} - hxxp://vsp.closetmaid.com/vsp/cmaidctl_vsp.closetmaid.com_downloader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} - hxxp://hyvee.lifepics.com/net/Uploader/LPUploader45.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: wvUlJDWO - wvUlJDWO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli scecli
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\darrell\applic~1\mozilla\firefox\profiles\mlgp3mt8.default\
FF - prefs.js: browser.startup.homepage - hxxp://omaha.craigslist.org/
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NpPopup.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-31 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-31 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-31 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-1-29 93872]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-1-31 486280]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-1-31 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-1-31 285392]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 APL531;35mm Film Scanner;c:\windows\system32\drivers\filmscan.sys --> c:\windows\system32\drivers\FILMSCAN.sys [?]
S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [2006-9-9 36224]
S4 KodakDigitalDisplayService;KodakDigitalDisplayService;c:\program files\kodak\digital display\orbkodaklauncher\DllStartupService.exe [2009-5-14 98304]

=============== Created Last 30 ================

2010-02-09 03:37:44 0 ----a-w- c:\documents and settings\darrell\defogger_reenable
2010-02-08 05:31:14 0 d-----w- c:\docume~1\darrell\applic~1\Parental Control FF
2010-02-08 05:31:03 0 d-----w- c:\program files\parentalcontrol
2010-02-08 05:31:03 0 d-----w- c:\docume~1\darrell\applic~1\parentalcontrol
2010-02-07 04:12:59 78336 ----a-w- c:\windows\system32\Agent.OMZ.Fix.exe
2010-02-07 04:12:57 80384 ----a-w- c:\windows\system32\o4Patch.exe
2010-02-07 04:12:55 82944 ----a-w- c:\windows\system32\IEDFix.C.exe
2010-02-07 04:12:52 82432 ----a-w- c:\windows\system32\404Fix.exe
2010-02-07 04:12:49 87552 ----a-w- c:\windows\system32\VACFix.exe
2010-02-07 04:12:46 82944 ----a-w- c:\windows\system32\IEDFix.exe
2010-02-07 04:12:44 53248 ----a-w- c:\windows\system32\Process.exe
2010-02-04 04:30:07 0 d-----w- c:\program files\ESET
2010-02-03 05:35:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-03 05:35:51 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-03 02:27:25 0 d-----w- c:\program files\common files\Kodak
2010-02-02 03:57:11 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-02-02 03:55:25 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-02-01 12:58:12 0 d-----w- c:\windows\system32\XPSViewer
2010-02-01 04:48:28 19569 ----a-w- c:\windows\000001_.tmp
2010-02-01 04:31:30 0 d-----w- c:\docume~1\darrell\applic~1\licenses
2010-02-01 04:31:29 0 d-----w- c:\docume~1\darrell\applic~1\PCMM2009
2010-02-01 04:30:59 0 d-----w- c:\docume~1\darrell\applic~1\PCMM2010
2010-01-31 16:24:08 0 d-----w- c:\docume~1\darrell\applic~1\CheckPoint
2010-01-31 16:22:21 0 d-----w- c:\program files\CheckPoint
2010-01-31 16:20:34 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2010-01-31 16:20:21 422437 ----a-w- c:\windows\system32\vsconfig.xml
2010-01-31 06:53:01 0 d--h--w- C:\$AVG
2010-01-31 06:52:23 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-31 06:52:21 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-31 06:52:13 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-31 06:51:51 0 d-----w- c:\windows\system32\drivers\Avg
2010-01-31 06:51:43 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2010-01-31 06:50:57 0 d-----w- c:\program files\AVG
2010-01-31 06:50:53 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-01-31 06:31:13 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-01-31 06:30:47 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-31 06:30:47 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-31 06:30:47 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-31 06:30:47 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-01-31 06:30:47 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-31 06:30:47 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-01-31 06:23:05 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-01-31 06:23:04 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-01-31 06:21:14 81920 ------w- c:\windows\system32\ieencode.dll
2010-01-31 06:21:02 19569 ----a-w- c:\windows\003480_.tmp
2010-01-31 05:15:34 0 d-----w- c:\program files\MSXML 6.0
2010-01-31 04:34:47 0 d-----w- c:\windows\ServicePackFiles
2010-01-31 04:31:21 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-01-31 04:28:50 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-01-31 04:28:49 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-01-31 04:28:04 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-31 04:26:20 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-01-31 04:26:19 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-01-31 04:26:18 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-01-31 04:26:18 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-01-31 04:26:16 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-01-31 04:26:14 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-01-31 04:26:12 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2010-01-31 04:26:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-01-31 04:26:08 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-01-31 04:24:03 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-01-31 04:23:48 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-01-31 04:23:25 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2010-01-31 04:22:03 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-01-31 04:21:54 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-01-31 04:21:52 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-01-31 04:21:13 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-31 04:20:50 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-01-31 04:20:29 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-01-31 04:19:11 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-01-31 03:44:49 24576 ----a-w- c:\windows\system32\SET131F.tmp
2010-01-31 03:44:47 539136 ----a-w- c:\windows\system32\SET1304.tmp
2010-01-31 03:44:47 177152 ----a-w- c:\windows\system32\SET1306.tmp
2010-01-31 03:44:45 80896 ----a-w- c:\windows\system32\SET12E7.tmp
2010-01-31 03:44:45 75776 ----a-w- c:\windows\system32\SET12EF.tmp
2010-01-31 03:44:45 354304 ----a-w- c:\windows\system32\SET12EA.tmp
2010-01-31 03:44:45 15872 ----a-w- c:\windows\system32\SET12EC.tmp
2010-01-31 03:44:45 13824 ----a-w- c:\windows\system32\SET12E8.tmp
2010-01-31 03:44:44 6656 ----a-w- c:\windows\system32\SET12DE.tmp
2010-01-31 03:44:44 1135616 ----a-w- c:\windows\system32\SET12E0.tmp
2010-01-31 03:41:59 13312 ----a-w- c:\windows\system32\SET45F.tmp
2010-01-31 03:39:47 19569 ----a-w- c:\windows\003517_.tmp
2010-01-31 03:37:58 348160 -c--a-w- c:\windows\system32\dllcache\dxtmsft.dll
2010-01-31 00:22:21 69632 -c--a-w- c:\windows\system32\dllcache\ehresko.dll
2010-01-31 00:21:59 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
2010-01-31 00:20:57 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2010-01-31 00:19:59 66082 -c--a-w- c:\windows\system32\dllcache\c_1140.nls
2010-01-30 23:48:48 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2010-01-30 23:48:40 749 ---ha-r- c:\windows\WindowsShell.Manifest
2010-01-30 23:48:40 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2010-01-30 23:48:40 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2010-01-30 23:48:40 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
2010-01-30 23:48:40 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2010-01-30 23:48:26 0 d-----w- c:\program files\Online Services
2010-01-30 23:48:16 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-01-30 23:38:22 13753 ----a-r- c:\windows\SET7B.tmp
2010-01-30 23:38:19 1086058 ----a-r- c:\windows\SET6C.tmp
2010-01-30 23:38:19 106147 ----a-r- c:\windows\SET69.tmp
2010-01-30 22:40:15 13753 ----a-r- c:\windows\SET74.tmp
2010-01-30 22:40:12 1086058 ----a-r- c:\windows\SET68.tmp
2010-01-30 22:40:11 106147 ----a-r- c:\windows\SET65.tmp
2010-01-30 22:25:57 13753 ----a-r- c:\windows\SET73.tmp
2010-01-30 22:25:54 1086058 ----a-r- c:\windows\SET67.tmp
2010-01-30 22:25:53 106147 ----a-r- c:\windows\SET64.tmp
2010-01-30 21:30:23 13753 ----a-r- c:\windows\SET72.tmp
2010-01-30 21:30:20 1086058 ----a-r- c:\windows\SET66.tmp
2010-01-30 21:30:19 106147 ----a-r- c:\windows\SET63.tmp
2010-01-30 19:48:52 13753 ----a-r- c:\windows\SETF8.tmp
2010-01-30 19:48:49 1086058 ----a-r- c:\windows\SETEC.tmp
2010-01-30 19:48:48 106147 ----a-r- c:\windows\SETE9.tmp
2010-01-30 13:37:13 0 d-----w- c:\windows\msapps
2010-01-30 13:37:13 0 d-----w- c:\windows\dell
2010-01-30 03:52:33 93872 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-01-30 03:52:33 27944 ----a-w- c:\windows\system32\sbbd.exe
2010-01-30 03:02:47 0 d-----w- c:\windows\system32\wbem\Repository
2010-01-30 03:01:49 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-28 01:08:39 0 d-----w- c:\program files\SUPERAntiSpyware
2010-01-28 01:08:39 0 d-----w- c:\docume~1\darrell\applic~1\SUPERAntiSpyware.com
2010-01-24 16:44:39 0 d-----w- c:\docume~1\darrell\applic~1\Malwarebytes
2010-01-24 16:44:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-24 05:54:10 0 d-----w- c:\docume~1\alluse~1\applic~1\RegCure

==================== Find3M ====================

2010-02-07 04:14:10 2972 ----a-w- c:\windows\system32\tmp.reg
2010-02-06 22:45:43 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLbz.DAT
2010-02-02 03:39:44 5468 ----a-w- c:\docume~1\darrell\applic~1\wklnhst.dat
2010-01-31 16:22:15 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-01-30 23:46:19 34396 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-27 21:20:00 72728 ----a-w- c:\docume~1\darrell\applic~1\GDIPFONTCACHEV1.DAT
2010-01-14 17:12:06 181120 ----a-w- c:\windows\system32\MpSigStub.exe
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-14 19:15:14 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-11-24 05:17:05 53608 ---ha-w- c:\windows\system32\mlfcache.dat
2006-09-18 03:48:52 4 ----a-w- c:\program files\common files\Cvtaqlog.dat
2007-02-17 18:25:17 88 --sha-r- c:\windows\system32\864F16E911.sys
2008-09-05 02:38:21 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090420080905\index.dat

============= FINISH: 21:45:10.75 ===============


Attach log

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/30/2010 6:22:28 PM
System Uptime: 2/8/2010 9:39:24 PM (0 hours ago)

Motherboard: Dell Inc. | | 0HJ054
Processor: IntelŪ PentiumŪ D CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 144 GiB total, 19.405 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: TI Technologies Inc.
Description: RADEON X300 SE 128MB HyperMemory Secondary
Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_06031002&REV_00\4&1603E009&0&0108
Manufacturer: ATI Technologies Inc.
Name: RADEON X300 SE 128MB HyperMemory Secondary
PNP Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_06031002&REV_00\4&1603E009&0&0108
Service: ati2mtag

==== System Restore Points ===================

RP1: 1/30/2010 6:33:05 PM - System Checkpoint
RP2: 1/30/2010 9:39:56 PM - Installed Windows XP Service Pack 3.
RP3: 1/30/2010 10:09:25 PM - Software Distribution Service 3.0
RP4: 1/30/2010 10:24:54 PM - Software Distribution Service 3.0
RP5: 1/30/2010 10:54:56 PM - Software Distribution Service 3.0
RP6: 1/31/2010 12:50:52 AM - Installed AVG Free 9.0
RP7: 1/31/2010 12:59:34 AM - Software Distribution Service 3.0
RP8: 1/31/2010 1:24:09 AM - Software Distribution Service 3.0
RP9: 1/31/2010 10:21:41 AM - Avg8 Update
RP10: 1/31/2010 2:38:10 PM - Removed Digital Line Detect
RP11: 1/31/2010 2:40:19 PM - Removed Modem Helper
RP12: 1/31/2010 2:44:40 PM - Software Distribution Service 3.0
RP13: 1/31/2010 3:08:40 PM - Software Distribution Service 3.0
RP14: 1/31/2010 3:24:17 PM - Removed Microsoft .NET Framework 3.0 Service Pack 2
RP15: 1/31/2010 3:27:34 PM - Removed Microsoft .NET Framework 2.0 Service Pack 2
RP16: 1/31/2010 3:33:23 PM - Removed Microsoft .NET Framework 1.1
RP17: 1/31/2010 3:38:11 PM - Software Distribution Service 3.0
RP18: 1/31/2010 10:48:40 PM - Installed Windows XP Service Pack 3.
RP19: 1/31/2010 10:55:06 PM - Installed Windows XP KB923561.
RP20: 1/31/2010 11:15:21 PM - Software Distribution Service 3.0
RP21: 2/1/2010 6:49:20 AM - Software Distribution Service 3.0
RP22: 2/1/2010 9:26:12 PM - Removed Dell Support 3.1
RP23: 2/1/2010 9:56:53 PM - Installed SUPERAntiSpyware Free Edition
RP24: 2/1/2010 10:00:39 PM - Software Distribution Service 3.0
RP25: 2/2/2010 7:35:43 PM - Software Distribution Service 3.0
RP26: 2/2/2010 7:38:08 PM - Software Distribution Service 3.0
RP27: 2/2/2010 8:52:27 PM - Installed SeaTools for Windows
RP28: 2/2/2010 10:56:00 PM - Removed SeaTools for Windows
RP29: 2/3/2010 12:14:01 AM - Software Distribution Service 3.0
RP30: 2/5/2010 3:20:32 AM - System Checkpoint
RP31: 2/7/2010 7:10:07 PM - System Checkpoint

==== Installed Programs ======================

ABBYY FineReader 5.0 Sprint Plus
ACD FotoSlate 3.0
ACD Media Support Package 1.0
ACDSee 7.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.1.0
Adobe Shockwave Player 11
Amazon MP3 Downloader 1.0.3
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AutoUpdate
AVG Free 9.0
AviSynth 2.5
Blackhawk Striker 2
Bonjour
Capture NX
CCleaner
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Data Lifeguard Diagnostic for Windows
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Download Manager
Dell Driver Reset Tool
Dell Photo AIO Printer 922
Dell ResourceCD
Dell System Restore
Digital Content Portal
DivX
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Easy Outlook Express Repair 1.2
EducateU
ELIcon
EPSON Printer Software
ESET Online Scanner v3
Garmin City Navigator North America NT 2010.10 Update
Garmin Communicator Plugin
Garmin USB Drivers
GemMaster Mystic
Google Updater
Hallmark Smilebox
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IntelŪ PRO Network Connections Drivers
IntelŪ PROSet for Wired Connections
iPod for Windows 2006-03-23
iPod for Windows 2006-06-28
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 11
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
KEDDS
Kodak EasyShare software
Learn2 Player (Uninstall Only)
Logitech Harmony Remote Software 7
Logitech SetPoint
Malwarebytes' Anti-Malware
MCU
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Digital Image Library 9 - Blocker
Microsoft Excel 97
Microsoft Picture It! Library 10
Microsoft Picture It! Premium 10
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Word 2002
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Mozilla Firefox (3.5.7)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
MX-900 Editor
Nero 7 Ultra Edition
Nero PhotoShow Deluxe 4
neroxml
netbrdg
NetWaiting
Nikon View 6
Opanda IExif 2.3
OpenOffice.org 2.3
Otto
Parental Control Bar For Firefox
ParentalControl Bar
Petz Vet
Picasa 3
Polar Golfer
PowerCinema NE for Everio
PowerDirector Express
PowerProducer
QuickTime
Remote Control USB Driver
Sansa Updater
Search Assist
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB954459)
SFR
Sonic Activation Module
Sonic Encoders
SUPERAntiSpyware Free Edition
TaxACT 2006
TaxACT 2007
TaxACT 2008
TaxACT 2008 Nebraska
TaxACT Nebraska 2007
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB978506)
VC 9.0 Runtime
Videora iPod Converter 0.91
Viewpoint Media Player
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows Defender
Windows Defender Signatures
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player Firefox Plugin
Works Upgrade
ZoneAlarm

==== Event Viewer Messages From Past Week ========

2/7/2010 4:04:45 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avg9wd service.
2/7/2010 3:38:32 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2/6/2010 9:57:25 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor service to connect.
2/6/2010 9:57:25 PM, error: Service Control Manager [7000] - The TrueVector Internet Monitor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/2/2010 8:23:25 PM, error: Service Control Manager [7034] - The KodakDigitalDisplayService service terminated unexpectedly. It has done this 19 time(s).
2/2/2010 8:23:17 PM, error: Service Control Manager [7034] - The KodakDigitalDisplayService service terminated unexpectedly. It has done this 18 time(s).
2/2/2010 8:23:09 PM, error: Service Control Manager [7034] - The KodakDigitalDisplayService service terminated unexpectedly. It has done this 17 time(s).
2/2/2010 8:23:01 PM, error: Service Control Manager [7034] - The KodakDigitalDisplayService service terminated unexpectedly. It has done this 16 time(s).
2/2/2010 8:22:48 PM, error: Service Control Manager [7034] - The KodakDigitalDisplayService service terminated unexpectedly. It has done this 15 time(s).
2/2/2010 8:22:39 PM, error: Service Control Manager [7034] - The KodakDigitalDisplayService service terminated unexpectedly. It has done this 14 time(s).
2/2/2010 8:22:31 PM, error: Service Control Manager [7034] - The KodakDigitalDisplayService service terminated unexpectedly. It has done this 13 time(s).
2/2/2010 8:22:21 PM, error: Service Control Manager [7034] - The KodakDigitalDisplayService service terminated unexpectedly. It has done this 12 time(s).
2/2/2010 8:22:04 PM, error: Service Control Manager [7034] - The KodakDigitalDisplayService service terminated unexpectedly. It has done this 11 time(s).
2/2/2010 8:21:47 PM, error: Service Control Manager [7034] - The KodakDigitalDisplayService service terminated unexpectedly. It has done this 10 time(s).
2/2/2010 8:21:36 PM, error: Service Control Manager [7034] - The KodakDigitalDisplayService service terminated unexpectedly. It has done this 9 time(s).
2/2/2010 8:21:27 PM, error: Service Control Manager [7034] - The KodakDigitalDisplayService service terminated unexpectedly. It has done this 8 time(s).
2/2/2010 8:21:19 PM, error: Service Control Manager [7034] - The KodakDigitalDisplayService service terminated unexpectedly. It has done this 7 time(s).
2/2/2010 8:21:09 PM, error: Service Control Manager [7034] - The KodakDigitalDisplayService service terminated unexpectedly. It has done this 6 time(s).
2/2/2010 8:21:01 PM, error: Service Control Manager [7034] - The KodakDigitalDisplayService service terminated unexpectedly. It has done this 5 time(s).
2/2/2010 8:20:50 PM, error: Service Control Manager [7034] - The KodakDigitalDisplayService service terminated unexpectedly. It has done this 4 time(s).
2/2/2010 8:20:42 PM, error: Service Control Manager [7034] - The KodakDigitalDisplayService service terminated unexpectedly. It has done this 3 time(s).
2/2/2010 8:20:33 PM, error: Service Control Manager [7034] - The KodakDigitalDisplayService service terminated unexpectedly. It has done this 2 time(s).
2/2/2010 8:20:11 PM, error: Service Control Manager [7034] - The KodakDigitalDisplayService service terminated unexpectedly. It has done this 1 time(s).
2/2/2010 7:55:44 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Media Player Network Sharing Service service to connect.
2/2/2010 7:55:44 PM, error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/2/2010 7:14:25 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/2/2010 7:14:20 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
2/1/2010 11:44:33 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss SASDIFSV SASKUTIL Tcpip vsdatant
2/1/2010 11:44:33 PM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
2/1/2010 11:44:33 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
2/1/2010 11:44:33 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/1/2010 11:44:33 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/1/2010 11:44:33 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
2/1/2010 11:44:33 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/1/2010 11:44:33 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

==== End Of File ===========================

Edited by Orange Blossom, 10 February 2010 - 10:18 PM.


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:28 PM

Posted 16 February 2010 - 06:34 PM

Hello,

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.


We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    /md5stop
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Edited by syler, 16 February 2010 - 06:45 PM.

unite.jpg


#3 dwd40

dwd40
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 16 February 2010 - 11:49 PM

Syler,

Thank you for your help but I couldn't handle it any longer. I did a clean XP install today. Other than reloading programs the computer seems to working great now.

Thanks for all your efforts at Bleeping Computer!

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:28 PM

Posted 17 February 2010 - 06:21 AM

Thanks for letting me know thumbup2.gif

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users