Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: Bad Virus---please help  (Read 5990 times)

0 Members and 1 Guest are viewing this topic.

911carter

    Topic Starter


    Rookie

    Bad Virus---please help
    « on: May 24, 2009, 09:23:40 PM »
    I have a bad virus on my computer that I have been trying to get rid of for 3 days now.
    It is blocking, and redirecting web sites. It will automaticaly start the web sometimes. It is blocking things from running, and some from downloading.
    I ran CCleaner. I ran a-squared. AVG did not and is not detecting anything.
    Here is the Hijackthis log.

    [attachment deleted by admin]
    Logged

    evilfantasy

    • Malware Removal Specialist
    • Moderator


      • Genius
    • Calm like a bomb
      • Thanked: 493
    • Experience: Experienced
    • OS: Windows 11
    Re: Bad Virus---please help
    « Reply #1 on: May 25, 2009, 01:27:01 PM »


    Try the renamer download for Malwarbytes.

    http://kixhelp.com/wr/files/mb/randmbam.exe

    The randmbam.exe will try to create random names and shortcuts for Malwarebytes Anti Malware (MBAM) if you have it installed already.

    If it installs then use this link to download the updates.

    Download Malwarebytes' Anti-Malware Database - GT500.org

    Just download it to the desktop and run the exe then run Malwarebytes.
    Logged

    911carter

      Topic Starter


      Rookie

      Re: Bad Virus---please help
      « Reply #2 on: May 25, 2009, 02:37:16 PM »
      Evil, Thanks, that worked and I ran the program.
      It found 9 things. I removed them and the computer restarted.
      Here is the log.

      [attachment deleted by admin]
      Logged

      evilfantasy

      • Malware Removal Specialist
      • Moderator


        • Genius
      • Calm like a bomb
        • Thanked: 493
      • Experience: Experienced
      • OS: Windows 11
      Re: Bad Virus---please help
      « Reply #3 on: May 25, 2009, 02:39:21 PM »
      Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

      Link #1
      Link #2

      **Note:  It is important that it is saved directly to your Desktop

      Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

      Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
       
      Double click combofix.exe & follow the prompts.
      Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
      When finished ComboFix will produce a log for you.
      Post the ComboFix log in your next reply.

      Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

      Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

      If you have problems with ComboFix usage, see How to use ComboFix
      Logged

      911carter

        Topic Starter


        Rookie

        Re: Bad Virus---please help
        « Reply #4 on: May 25, 2009, 03:54:25 PM »
        I had some trouble with that one.
        I had to download combofix from both links.
        Here is the log file...

        [attachment deleted by admin]
        Logged

        evilfantasy

        • Malware Removal Specialist
        • Moderator


          • Genius
        • Calm like a bomb
          • Thanked: 493
        • Experience: Experienced
        • OS: Windows 11
        Re: Bad Virus---please help
        « Reply #5 on: May 25, 2009, 04:03:09 PM »
        Download DDS by sUBs and save it to your desktop. Alternate DDS download link

        Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

        * XP users Double click on dds to run it.
        * If your antivirus or firewall try to block DDS then please allow it to run.
        * When finished DDS will open two (2) logs.

        1) DDS.txt
        2) Attach.txt

        * Save both logs to your desktop.
        * Please copy and paste the entire contents of both logs in your next reply.

        Note: DDS will instruct you to post the Attach.txt log as an attachment.
        Please just post it as you would any other log by copy and pasting it into the reply.
        Logged

        911carter

          Topic Starter


          Rookie

          Re: Bad Virus---please help
          « Reply #6 on: May 25, 2009, 04:32:27 PM »
          Here are the two logs you requested.

          DDS (Ver_09-05-14.01) - NTFSx86 
          Run by Rick Carter at 17:28:23.14 on Mon 05/25/2009
          Internet Explorer: 8.0.6001.18702
          Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.766.323 [GMT -5:00]

          AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)   {17DDD097-36FF-435F-9E1B-52D74245D6BF}
          FW: Outpost Firewall *enabled*   {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

          ============== Running Processes ===============

          C:\WINDOWS\system32\svchost -k DcomLaunch
          svchost.exe
          C:\WINDOWS\System32\svchost.exe -k netsvcs
          C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
          svchost.exe
          svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\Explorer.EXE
          svchost.exe
          C:\PROGRA~1\AVG\AVG8\avgtray.exe
          C:\Program Files\Common Files\Real\Update_OB\realsched.exe
          C:\Program Files\Java\jre6\bin\jusched.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\a-squared Free\a2service.exe
          C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
          C:\WINDOWS\SYSTEM32\bgsvcgen.exe
          C:\WINDOWS\system32\CTsvcCDA.exe
          C:\Program Files\Java\jre6\bin\jqs.exe
          C:\WINDOWS\system32\drivers\KodakCCS.exe
          C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
          C:\WINDOWS\system32\svchost.exe -k imgsvc
          C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
          C:\PROGRA~1\AVG\AVG8\avgrsx.exe
          C:\PROGRA~1\AVG\AVG8\avgnsx.exe
          C:\PROGRA~1\AVG\AVG8\avgemc.exe
          C:\WINDOWS\system32\SearchIndexer.exe
          C:\Program Files\AVG\AVG8\avgcsrvx.exe
          C:\Documents and Settings\Rick Carter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
          C:\Program Files\Internet Explorer\iexplore.exe
          C:\Program Files\Internet Explorer\iexplore.exe
          C:\Program Files\Internet Explorer\iexplore.exe
          C:\WINDOWS\system32\SearchProtocolHost.exe
          C:\WINDOWS\system32\SearchProtocolHost.exe
          C:\Documents and Settings\Rick Carter\Desktop\dds.pif

          ============== Pseudo HJT Report ===============

          uStart Page = hxxp://www.yahoo.com/
          uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636 f6d2f
          mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636 f6d2f
          uInternet Connection Wizard,ShellNext = iexplore
          uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*http://www.yahoo.com
          BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
          BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
          BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
          BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
          BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
          BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
          TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
          TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
          TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
          EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
          uRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
          uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
          mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
          mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
          mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
          mRun: [OutpostMonitor] c:\progra~1\agnitum\outpost firewall\op_mon.exe /tray /noservice
          mRun: [OutpostFeedBack] "c:\program files\agnitum\outpost firewall\feedback.exe" /dump:os_startup
          IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
          IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
          IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
          DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
          DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237408782187
          DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1243121770955&h=e2d453289e8d1f26f4a2bdddc5879e09/&filename=jinstall-6u13-windows-i586-jc.cab
          DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
          DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
          Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
          Notify: avgrsstarter - avgrsstx.dll
          Notify: igfxcui - igfxdev.dll
          SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
          SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
          SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

          ============= SERVICES / DRIVERS ===============

          R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-30 325896]
          R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2006-12-7 27784]
          R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-30 108552]
          R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2009-5-24 704384]
          R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-14 9968]
          R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-14 72944]
          R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-5-22 717320]
          R2 acssrv;Agnitum Client Security Service;c:\progra~1\agnitum\outpost firewall\acs.exe [2009-5-24 1195008]
          R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-5 908568]
          R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-5 298776]
          R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
          R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
          R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2009-5-24 31128]
          R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009-5-24 257432]
          R3 XIRLINK;IBM PC Camera;c:\windows\system32\drivers\C-itnt.sys [2008-9-10 453475]
          S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-14 7408]

          =============== Created Last 30 ================

          2009-05-25 16:44   50,176   a-------   c:\windows\system32\proquota.exe
          2009-05-25 16:44   50,176   a-------   c:\windows\system32\dllcache\proquota.exe
          2009-05-25 16:08   <DIR>   a-dshr--   C:\cmdcons
          2009-05-25 16:00   161,792   a-------   c:\windows\SWREG.exe
          2009-05-25 16:00   154,624   a-------   c:\windows\PEV.exe
          2009-05-25 16:00   98,816   a-------   c:\windows\sed.exe
          2009-05-25 14:51   15,504   a-------   c:\windows\system32\drivers\mbam.sys
          2009-05-25 14:51   38,496   a-------   c:\windows\system32\drivers\mbamswissarmy.sys
          2009-05-25 14:51   <DIR>   --d-----   c:\program files\MAM
          2009-05-24 18:35   704,384   a-------   c:\windows\system32\drivers\SandBox.sys
          2009-05-24 18:35   257,432   a-------   c:\windows\system32\drivers\afwcore.sys
          2009-05-24 18:33   49   a-------   c:\windows\transp.gif
          2009-05-24 18:33   31,128   a-------   c:\windows\system32\drivers\afw.sys
          2009-05-24 18:33   <DIR>   --d-----   c:\program files\Agnitum
          2009-05-24 18:33   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\Agnitum
          2009-05-23 21:42   <DIR>   --d-----   c:\program files\Trend Micro
          2009-05-23 21:27   <DIR>   --d-----   c:\program files\MbAM
          2009-05-23 19:33   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
          2009-05-23 19:32   <DIR>   --d-----   c:\program files\SUPERAntiSpyware
          2009-05-23 19:32   <DIR>   --d-----   c:\docume~1\rickca~1\applic~1\SUPERAntiSpyware.com
          2009-05-23 19:32   <DIR>   --d-----   c:\program files\common files\Wise Installation Wizard
          2009-05-23 18:38   410,984   a-------   c:\windows\system32\deploytk.dll
          2009-05-22 20:03   <DIR>   --d-----   c:\program files\a-squared Free
          2009-05-22 19:57   <DIR>   --d-----   c:\program files\CCleaner
          2009-05-21 22:57   116,224   a-------   c:\windows\system32\dllcache\xrxwiadr.dll
          2009-05-21 22:57   23,040   a-------   c:\windows\system32\dllcache\xrxwbtmp.dll
          2009-05-21 22:57   18,944   a-------   c:\windows\system32\dllcache\xrxscnui.dll
          2009-05-21 22:57   27,648   a-------   c:\windows\system32\dllcache\xrxftplt.exe
          2009-05-21 22:57   4,608   a-------   c:\windows\system32\dllcache\xrxflnch.exe
          2009-05-21 22:57   99,865   a-------   c:\windows\system32\dllcache\xlog.exe
          2009-05-21 22:57   28,288   a-------   c:\windows\system32\dllcache\xjis.nls
          2009-05-21 22:57   16,970   a-------   c:\windows\system32\dllcache\xem336n5.sys
          2009-05-21 22:57   19,455   a-------   c:\windows\system32\dllcache\wvchntxx.sys
          2009-05-21 22:56   12,063   a-------   c:\windows\system32\dllcache\wsiintxx.sys
          2009-05-21 22:56   8,192   a-------   c:\windows\system32\dllcache\wshirda.dll
          2009-05-21 22:56   8,832   a-------   c:\windows\system32\dllcache\wmiacpi.sys
          2009-05-21 22:56   154,624   a-------   c:\windows\system32\dllcache\wlluc48.sys
          2009-05-21 22:56   34,890   a-------   c:\windows\system32\dllcache\wlandrv2.sys
          2009-05-21 22:54   64,605   a-------   c:\windows\system32\dllcache\vvoice.sys
          2009-05-21 22:54   397,502   a-------   c:\windows\system32\dllcache\vpctcom.sys
          2009-05-21 22:54   604,253   a-------   c:\windows\system32\dllcache\vmodem.sys
          2009-05-21 22:54   249,402   a-------   c:\windows\system32\dllcache\vinwm.sys
          2009-05-21 22:54   24,576   a-------   c:\windows\system32\dllcache\viairda.sys
          2009-05-21 22:54   687,999   a-------   c:\windows\system32\dllcache\usrwdxjs.sys
          2009-05-21 22:54   765,884   a-------   c:\windows\system32\dllcache\usrti.sys
          2009-05-21 22:54   113,762   a-------   c:\windows\system32\dllcache\usrpda.sys
          2009-05-21 22:54   7,556   a-------   c:\windows\system32\dllcache\usroslba.sys
          2009-05-21 22:54   224,802   a-------   c:\windows\system32\dllcache\usr1807a.sys
          2009-05-21 22:54   794,399   a-------   c:\windows\system32\dllcache\usr1806v.sys
          2009-05-21 22:52   216,064   a-------   c:\windows\system32\dllcache\um34scan.dll
          2009-05-21 22:51   241,664   a-------   c:\windows\system32\dllcache\tosdvd02.sys
          2009-05-21 22:50   103,936   a-------   c:\windows\system32\dllcache\sx.sys
          2009-05-21 22:50   3,968   a-------   c:\windows\system32\dllcache\swusbflt.sys
          2009-05-21 22:50   10,240   a-------   c:\windows\system32\dllcache\swpidflt.dll
          2009-05-21 22:50   10,240   a-------   c:\windows\system32\dllcache\swpdflt2.dll
          2009-05-21 22:50   53,760   a-------   c:\windows\system32\dllcache\sw_wheel.dll
          2009-05-21 22:50   41,472   a-------   c:\windows\system32\dllcache\sw_effct.dll
          2009-05-21 22:50   155,648   a-------   c:\windows\system32\dllcache\stlnprop.dll
          2009-05-21 22:50   53,248   a-------   c:\windows\system32\dllcache\stlncoin.dll
          2009-05-21 22:50   285,760   a-------   c:\windows\system32\dllcache\stlnata.sys
          2009-05-21 22:50   16,896   a-------   c:\windows\system32\dllcache\stcusb.sys
          2009-05-21 22:50   48,736   a-------   c:\windows\system32\dllcache\srwlnd5.sys
          2009-05-21 22:50   101,376   a-------   c:\windows\system32\dllcache\srusbusd.dll
          2009-05-21 22:50   99,328   a-------   c:\windows\system32\dllcache\srusd.dll
          2009-05-21 22:48   15,872   a-------   c:\windows\system32\dllcache\smierrsm.dll
          2009-05-21 22:47   94,698   a-------   c:\windows\system32\dllcache\sk98xwin.sys
          2009-05-21 22:47   157,696   a-------   c:\windows\system32\dllcache\sisv256.dll
          2009-05-21 22:47   50,432   a-------   c:\windows\system32\dllcache\sisv.sys
          2009-05-21 22:47   32,768   a-------   c:\windows\system32\dllcache\sisnic.sys
          2009-05-21 22:47   238,592   a-------   c:\windows\system32\dllcache\sisgrv.dll
          2009-05-21 22:47   104,064   a-------   c:\windows\system32\dllcache\sisgrp.sys
          2009-05-21 22:47   150,144   a-------   c:\windows\system32\dllcache\sis6306v.dll
          2009-05-21 22:47   68,608   a-------   c:\windows\system32\dllcache\sis6306p.sys
          2009-05-21 22:47   252,032   a-------   c:\windows\system32\dllcache\sis300iv.dll
          2009-05-21 22:47   101,760   a-------   c:\windows\system32\dllcache\sis300ip.sys
          2009-05-21 22:47   18,944   a-------   c:\windows\system32\dllcache\simptcp.dll
          2009-05-21 22:45   495,616   a-------   c:\windows\system32\dllcache\sblfx.dll
          2009-05-21 22:45   75,392   a-------   c:\windows\system32\dllcache\s3savmxm.sys
          2009-05-21 22:45   245,632   a-------   c:\windows\system32\dllcache\s3savmx.dll
          2009-05-21 22:45   77,824   a-------   c:\windows\system32\dllcache\s3sav4m.sys
          2009-05-21 22:45   198,400   a-------   c:\windows\system32\dllcache\s3sav4.dll
          2009-05-21 22:45   61,504   a-------   c:\windows\system32\dllcache\s3sav3dm.sys
          2009-05-21 22:45   179,264   a-------   c:\windows\system32\dllcache\s3sav3d.dll
          2009-05-21 22:45   210,496   a-------   c:\windows\system32\dllcache\s3mvirge.dll
          2009-05-21 22:45   62,496   a-------   c:\windows\system32\dllcache\s3mtrio.dll
          2009-05-21 22:45   41,216   a-------   c:\windows\system32\dllcache\s3mt3d.sys
          2009-05-21 22:45   182,272   a-------   c:\windows\system32\dllcache\s3mt3d.dll
          2009-05-21 22:45   166,720   a-------   c:\windows\system32\dllcache\s3m.sys
          2009-05-21 22:45   65,664   a-------   c:\windows\system32\dllcache\s3legacy.sys
          2009-05-21 22:43   899,146   a-------   c:\windows\system32\dllcache\r2mdkxga.sys
          2009-05-21 22:42   17,664   a-------   c:\windows\system32\dllcache\ppa3.sys
          2009-05-21 22:41   29,769   a-------   c:\windows\system32\dllcache\pcntn5m.sys
          2009-05-21 22:40   25,088   a-------   c:\windows\system32\dllcache\ovca.sys
          2009-05-21 22:40   54,186   a-------   c:\windows\system32\dllcache\otcsercb.sys
          2009-05-21 22:40   43,689   a-------   c:\windows\system32\dllcache\otceth5.sys
          2009-05-21 22:40   27,209   a-------   c:\windows\system32\dllcache\otc06x5.sys
          2009-05-21 22:40   54,528   a-------   c:\windows\system32\dllcache\opl3sax.sys
          2009-05-21 22:40   61,696   a-------   c:\windows\system32\dllcache\ohci1394.sys
          2009-05-21 22:40   198,144   a-------   c:\windows\system32\dllcache\nv3.sys
          2009-05-21 22:40   123,776   a-------   c:\windows\system32\dllcache\nv3.dll
          2009-05-21 22:40   51,552   a-------   c:\windows\system32\dllcache\ntgrip.sys
          2009-05-21 22:40   38,912   a-------   c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
          2009-05-21 22:40   9,344   a-------   c:\windows\system32\dllcache\ntapm.sys
          2009-05-21 22:38   35,392   a-------   c:\windows\system32\dllcache\n9i128.dll
          2009-05-21 22:37   35,200   a-------   c:\windows\system32\dllcache\msgame.sys
          2009-05-21 22:36   58,880   a-------   c:\windows\system32\dllcache\m3092dc.dll
          2009-05-21 22:35   5,632   a-------   c:\windows\system32\dllcache\kbdusa.dll
          2009-05-21 22:34   90,200   a-------   c:\windows\system32\dllcache\io8ports.dll
          2009-05-21 22:33   100,936   a-------   c:\windows\system32\dllcache\ibmtok.sys
          2009-05-21 22:32   67,167   a-------   c:\windows\system32\dllcache\hsf_bsc2.sys
          2009-05-21 22:31   20,352   a-------   c:\windows\system32\dllcache\hidbatt.sys
          2009-05-21 22:30   71,680   a-------   c:\windows\system32\dllcache\fnfilter.dll
          2009-05-21 22:29   37,120   a-------   c:\windows\system32\dllcache\es1370mp.sys
          2009-05-21 22:28   50,719   a-------   c:\windows\system32\dllcache\e1000nt5.sys
          2009-05-21 22:27   24,648   a-------   c:\windows\system32\dllcache\dfe650.sys
          2009-05-21 22:26   39,936   a-------   c:\windows\system32\dllcache\cnxt1803.sys
          2009-05-21 22:25   66,082   a-------   c:\windows\system32\dllcache\c_20106.nls
          2009-05-21 22:24   17,152   a-------   c:\windows\system32\dllcache\atitvsnd.sys
          2009-05-21 22:23   66,048   a-------   c:\windows\system32\dllcache\s3legacy.dll
          2009-05-21 16:55   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\SITEguard
          2009-05-21 16:53   <DIR>   --d-----   c:\program files\common files\iS3
          2009-05-21 16:53   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\STOPzilla!
          2009-05-21 00:54   54,156   a---h---   c:\windows\QTFont.qfn
          2009-05-21 00:54   1,409   a-------   c:\windows\QTFont.for
          2009-05-17 14:08   <DIR>   --d-----   c:\docume~1\rickca~1\applic~1\Malwarebytes
          2009-05-17 14:08   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\Malwarebytes
          2009-05-02 22:32   <DIR>   --d-----   c:\program files\Lavasoft
          2009-05-01 17:16   <DIR>   --d-----   c:\documents and settings\rick carter\Tracing
          2009-05-01 16:03   <DIR>   --d-----   c:\program files\Microsoft SQL Server Compact Edition
          2009-05-01 16:01   <DIR>   --d-----   c:\program files\Microsoft
          2009-05-01 15:36   <DIR>   --d-----   c:\program files\common files\Windows Live
          2009-05-01 14:46   608,448   a-------   c:\windows\system32\comctl32.ocx
          2009-05-01 14:46   <DIR>   --d-----   c:\program files\AML Products
          2009-05-01 14:12   <DIR>   --d-----   c:\program files\iXi Tools

          ==================== Find3M  ====================

          2009-05-16 11:52   325,896   a-------   c:\windows\system32\drivers\avgldx86.sys
          2009-05-16 11:52   11,952   a-------   c:\windows\system32\avgrsstx.dll
          2009-05-16 11:52   108,552   a-------   c:\windows\system32\drivers\avgtdix.sys
          2009-03-21 09:06   989,696   a-------   c:\windows\system32\dllcache\kernel32.dll
          2009-03-18 17:45   348,160   a-------   c:\windows\system32\msvcr71.dll
          2009-03-18 17:45   499,712   a-------   c:\windows\system32\msvcp71.dll
          2009-03-08 14:09   638,816   a-------   c:\windows\system32\dllcache\iexplore.exe
          2009-03-08 14:09   391,536   a-------   c:\windows\system32\dllcache\iedkcs32.dll
          2009-03-08 04:41   5,937,152   a-------   c:\windows\system32\dllcache\mshtml.dll
          2009-03-08 04:39   11,063,808   a-------   c:\windows\system32\dllcache\ieframe.dll
          2009-03-08 04:34   914,944   a-------   c:\windows\system32\wininet.dll
          2009-03-08 04:34   914,944   a-------   c:\windows\system32\dllcache\wininet.dll
          2009-03-08 04:34   1,206,784   a-------   c:\windows\system32\dllcache\urlmon.dll
          2009-03-08 04:34   236,544   a-------   c:\windows\system32\dllcache\webcheck.dll
          2009-03-08 04:34   43,008   a-------   c:\windows\system32\licmgr10.dll
          2009-03-08 04:34   43,008   a-------   c:\windows\system32\dllcache\licmgr10.dll
          2009-03-08 04:34   105,984   a-------   c:\windows\system32\dllcache\url.dll
          2009-03-08 04:34   193,536   a-------   c:\windows\system32\dllcache\msrating.dll
          2009-03-08 04:34   109,568   a-------   c:\windows\system32\dllcache\occache.dll
          2009-03-08 04:33   759,296   a-------   c:\windows\system32\dllcache\vgx.dll
          2009-03-08 04:33   18,944   a-------   c:\windows\system32\dllcache\corpol.dll
          2009-03-08 04:33   18,944   a-------   c:\windows\system32\corpol.dll
          2009-03-08 04:33   25,600   a-------   c:\windows\system32\dllcache\jsproxy.dll
          2009-03-08 04:33   726,528   a-------   c:\windows\system32\dllcache\jscript.dll
          2009-03-08 04:33   229,376   a-------   c:\windows\system32\dllcache\ieaksie.dll
          2009-03-08 04:33   420,352   a-------   c:\windows\system32\vbscript.dll
          2009-03-08 04:33   420,352   a-------   c:\windows\system32\dllcache\vbscript.dll
          2009-03-08 04:33   125,952   a-------   c:\windows\system32\dllcache\ieakeng.dll
          2009-03-08 04:32   72,704   a-------   c:\windows\system32\dllcache\admparse.dll
          2009-03-08 04:32   72,704   a-------   c:\windows\system32\admparse.dll
          2009-03-08 04:32   173,056   a-------   c:\windows\system32\dllcache\ie4uinit.exe
          2009-03-08 04:32   163,840   a-------   c:\windows\system32\dllcache\ieakui.dll
          2009-03-08 04:32   71,680   a-------   c:\windows\system32\iesetup.dll
          2009-03-08 04:32   71,680   a-------   c:\windows\system32\dllcache\iesetup.dll
          2009-03-08 04:32   55,808   a-------   c:\windows\system32\dllcache\iernonce.dll
          2009-03-08 04:32   128,512   a-------   c:\windows\system32\dllcache\advpack.dll
          2009-03-08 04:32   94,720   a-------   c:\windows\system32\dllcache\inseng.dll
          2009-03-08 04:32   594,432   a-------   c:\windows\system32\dllcache\msfeeds.dll
          2009-03-08 04:32   1,985,024   a-------   c:\windows\system32\dllcache\iertutil.dll
          2009-03-08 04:32   611,840   a-------   c:\windows\system32\dllcache\mstime.dll
          2009-03-08 04:24   68,608   a-------   c:\windows\system32\dllcache\hmmapi.dll
          2009-03-08 04:22   156,160   a-------   c:\windows\system32\msls31.dll
          2009-03-08 04:22   156,160   a-------   c:\windows\system32\dllcache\msls31.dll
          2009-03-08 04:11   445,952   a-------   c:\windows\system32\dllcache\ieapfltr.dll
          2009-03-06 09:22   284,160   a-------   c:\windows\system32\pdh.dll
          2009-03-06 09:22   284,160   a-------   c:\windows\system32\dllcache\pdh.dll
          2009-02-27 23:55   105,984   --------   c:\windows\system32\dllcache\iecompat.dll
          2005-11-07 21:05   2,855,080   ac------   c:\program files\aawsepersonal.exe
          2008-11-09 12:45   32,768   ac-sh---   c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008110920081110\index.dat

          ============= FINISH: 17:29:16.53 ===============


          UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
          IF REQUESTED, ZIP IT UP & ATTACH IT

          DDS (Ver_09-05-14.01)

          Microsoft Windows XP Home Edition
          Boot Device: \Device\HarddiskVolume2
          Install Date: 4/17/2005 5:56:32 PM
          System Uptime: 5/25/2009 4:50:01 PM (1 hours ago)

          Motherboard: Dell Computer Corp. |  | 0K8980
          Processor:                 Intel(R) Celeron(R) CPU 2.40GHz | Microprocessor | 2394/533mhz

          ==== Disk Partitions =========================

          C: is FIXED (NTFS) - 34 GiB total, 19.463 GiB free.
          D: is CDROM ()
          E: is CDROM ()

          ==== Disabled Device Manager Items =============

          ==== System Restore Points ===================

          RP1: 5/25/2009 5:16:03 PM - System Checkpoint

          ==== Installed Programs ======================

          a-squared Free 4.5
          Adobe Flash Player 10 ActiveX
          Adobe Flash Player 10 Plugin
          Adobe Illustrator 10
          Adobe Photoshop 7.0
          Adobe Reader 7.0
          Adobe SVG Viewer 3.0
          Advanced SystemCare 3
          American Greetings® Art & More Store
          AML Free Registry Cleaner 4.16
          AVG Free 8.5
          CCleaner (remove only)
          Choice Guard
          Content Transfer
          Google Chrome
          HijackThis 2.0.2
          Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
          Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
          Hotfix for Windows Internet Explorer 7 (KB947864)
          Hotfix for Windows XP (KB954550-v5)
          IncrediMail
          Java(TM) 6 Update 13
          Junk Mail filter update
          LivePix 1.1 SE
          Malwarebytes' Anti-Malware
          Microsoft .NET Framework 1.1
          Microsoft .NET Framework 1.1 Hotfix (KB928366)
          Microsoft .NET Framework 2.0 Service Pack 2
          Microsoft .NET Framework 3.0 Service Pack 2
          Microsoft .NET Framework 3.5 SP1
          Microsoft Application Error Reporting
          Microsoft Base Smart Card Cryptographic Service Provider Package
          Microsoft Compression Client Pack 1.0 for Windows XP
          Microsoft Excel Viewer 97
          Microsoft Internationalized Domain Names Mitigation APIs
          Microsoft National Language Support Downlevel APIs
          Microsoft Search Enhancement Pack
          Microsoft Silverlight
          Microsoft SQL Server 2005 Compact Edition [ENU]
          Microsoft Sync Framework Runtime Native v1.0 (x86)
          Microsoft Sync Framework Services Native v1.0 (x86)
          Microsoft User-Mode Driver Framework Feature Pack 1.0
          Microsoft Visual C++ 2005 Redistributable
          Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
          Microsoft Web Publishing Wizard 1.52
          MSVCRT
          MSXML 4.0 SP2 (KB936181)
          MSXML 4.0 SP2 (KB954430)
          OpenOffice.org 2.4
          Oregon Trail II
          Outpost Firewall 2009
          Panda Labels 2.0
          Picasa 2
          PrintMaster 7.00
          PrintMaster Gold 4.00
          Prison Tycoon 4
          RealPlayer
          Security Update for Windows Internet Explorer 7 (KB938127)
          Security Update for Windows Internet Explorer 7 (KB939653)
          Security Update for Windows Internet Explorer 7 (KB942615)
          Security Update for Windows Internet Explorer 7 (KB944533)
          Security Update for Windows Internet Explorer 7 (KB950759)
          Security Update for Windows Internet Explorer 7 (KB953838)
          Security Update for Windows Internet Explorer 7 (KB956390)
          Security Update for Windows Internet Explorer 7 (KB958215)
          Security Update for Windows Internet Explorer 7 (KB960714)
          Security Update for Windows Internet Explorer 7 (KB961260)
          Segoe UI
          Small Business Legal Pro 3
          Smart Attorney 8.0
          SUPERAntiSpyware Free Edition
          Undelete Plus 2.98
          Update for Windows Internet Explorer 8 (KB968220)
          Virtools 3D Life Player
          Visual C++ 2008 x86 Runtime - (v9.0.30729)
          Visual C++ 2008 x86 Runtime - v9.0.30729.01
          Walmart MP3 Music Downloads
          Windows Genuine Advantage Validation Tool (KB892130)
          Windows Internet Explorer 7
          Windows Internet Explorer 8
          Windows Live Call
          Windows Live Communications Platform
          Windows Media Format 11 runtime
          Windows Media Player 11
          Windows Search 4.0
          Windows XP Service Pack 3
          Yahoo! Software Update

          ==== Event Viewer Messages From Past Week ========

          5/25/2009 4:26:04 PM, error: Service Control Manager [7022]  - The Windows Image Acquisition (WIA) service hung on starting.
          5/25/2009 4:09:41 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
          5/23/2009 8:54:37 PM, error: Service Control Manager [7031]  - The Remote Procedure Call (RPC) service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
          5/23/2009 7:04:53 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
          5/22/2009 8:36:25 PM, information: Windows File Protection [64018]  - Windows File Protection file scan was cancelled by user interaction, user name is Rick Carter.
          5/22/2009 6:36:51 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
          5/22/2009 6:36:51 PM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
          5/22/2009 6:36:51 PM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
          5/22/2009 6:36:51 PM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
          5/22/2009 6:36:51 PM, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:  A device attached to the system is not functioning.
          5/22/2009 6:36:18 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
          5/21/2009 7:40:48 PM, error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
          5/21/2009 4:05:59 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
          5/21/2009 4:05:59 PM, error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
          5/21/2009 4:05:39 PM, error: DCOM [10005]  - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
          5/21/2009 10:58:41 PM, error: Service Control Manager [7023]  - The Application Management service terminated with the following error:  The specified module could not be found.
          5/21/2009 10:57:35 PM, information: Windows File Protection [64017]  - Windows File Protection file scan completed successfully.
          5/21/2009 10:57:13 PM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the  service.
          5/21/2009 10:56:45 PM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the szserver service.
          5/21/2009 10:23:21 PM, information: Windows File Protection [64016]  - Windows File Protection file scan was started.

          ==== End Of File ===========================
          Logged

          evilfantasy

          • Malware Removal Specialist
          • Moderator


            • Genius
          • Calm like a bomb
            • Thanked: 493
          • Experience: Experienced
          • OS: Windows 11
          Re: Bad Virus---please help
          « Reply #7 on: May 25, 2009, 04:55:12 PM »
          Delete these files/folders, as follows:

          1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
          It must be Notepad, not Wordpad.
          2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

          Code: [Select]
          KillAll::

          DDS::
          TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
          TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
          TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
          IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
          uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*http://www.yahoo.com

          Folder::
          c:\docume~1\alluse~1\applic~1\SITEguard
          c:\program files\common files\iS3
          c:\docume~1\alluse~1\applic~1\STOPzilla!


          3. Go to the Notepad window and click Edit > Paste
          4. Then click File > Save
          5. Name the file CFScript.txt - Save the file to your Desktop
          6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



          ComboFix will begin to execute, just follow the prompts.
          After reboot (in case it asks to reboot), it will produce a log for you.
          Post that log (Combofix.txt) in your next reply.

          Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
          Logged

          911carter

            Topic Starter


            Rookie

            Re: Bad Virus---please help
            « Reply #8 on: May 25, 2009, 05:21:55 PM »
            I did that and it ran.....
            here is the log you needed..

            ComboFix 09-05-25.03 - Rick Carter 05/25/2009 18:07.2 - NTFSx86
            Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.766.376 [GMT -5:00]
            Running from: c:\documents and settings\Rick Carter\Desktop\CF.exe
            Command switches used :: c:\documents and settings\Rick Carter\Desktop\CFScript.txt
            AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
            FW: Outpost Firewall *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
            .

            (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
            .

            c:\docume~1\alluse~1\applic~1\SITEguard
            c:\docume~1\alluse~1\applic~1\SITEguard\siteguard.db
            c:\docume~1\alluse~1\applic~1\STOPzilla!
            c:\docume~1\alluse~1\applic~1\STOPzilla!\modules_scanned.db
            c:\docume~1\alluse~1\applic~1\STOPzilla!\modules_scanned.db.bak
            c:\docume~1\alluse~1\applic~1\STOPzilla!\sgdefs.db
            c:\docume~1\alluse~1\applic~1\STOPzilla!\sgdwc.db
            c:\docume~1\alluse~1\applic~1\STOPzilla!\userdata.db
            c:\program files\common files\iS3
            c:\program files\common files\iS3\Anti-Spyware\sgdfull.rsf
            c:\program files\messenger\msmsgs.exe

            .
            (((((((((((((((((((((((((   Files Created from 2009-04-25 to 2009-05-25  )))))))))))))))))))))))))))))))
            .

            2009-05-25 21:44 . 2004-08-04 10:00   50176   ----a-w   c:\windows\system32\proquota.exe
            2009-05-25 21:44 . 2004-08-04 10:00   50176   ----a-w   c:\windows\system32\dllcache\proquota.exe
            2009-05-25 19:51 . 2009-04-06 20:32   15504   ----a-w   c:\windows\system32\drivers\mbam.sys
            2009-05-25 19:51 . 2009-04-06 20:32   38496   ----a-w   c:\windows\system32\drivers\mbamswissarmy.sys
            2009-05-25 19:51 . 2009-05-25 19:53   --------   d-----w   c:\program files\MAM
            2009-05-24 23:35 . 2009-04-06 16:37   704384   ----a-w   c:\windows\system32\drivers\SandBox.sys
            2009-05-24 23:35 . 2009-02-10 21:15   257432   ----a-w   c:\windows\system32\drivers\afwcore.sys
            2009-05-24 23:33 . 2009-02-18 22:30   31128   ----a-w   c:\windows\system32\drivers\afw.sys
            2009-05-24 23:33 . 2009-05-24 23:33   --------   d-----w   c:\program files\Agnitum
            2009-05-24 23:33 . 2009-05-24 23:33   --------   d-----w   c:\documents and settings\All Users\Application Data\Agnitum
            2009-05-24 02:42 . 2009-05-24 02:42   --------   d-----w   c:\program files\Trend Micro
            2009-05-24 02:27 . 2009-05-24 02:37   --------   d-----w   c:\program files\MbAM
            2009-05-24 00:33 . 2009-05-24 00:33   --------   d-----w   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
            2009-05-24 00:32 . 2009-05-25 02:22   --------   d-----w   c:\program files\SUPERAntiSpyware
            2009-05-24 00:32 . 2009-05-24 00:32   --------   d-----w   c:\docume~1\RICKCA~1\APPLIC~1\SUPERAntiSpyware.com
            2009-05-24 00:32 . 2009-05-24 00:32   --------   d-----w   c:\program files\Common Files\Wise Installation Wizard
            2009-05-23 23:38 . 2009-05-23 23:37   410984   ----a-w   c:\windows\system32\deploytk.dll
            2009-05-23 01:03 . 2009-05-23 01:56   --------   d-----w   c:\program files\a-squared Free
            2009-05-23 00:57 . 2009-05-23 00:57   --------   d-----w   c:\program files\CCleaner
            2009-05-22 03:57 . 2008-04-13 23:12   116224   ----a-w   c:\windows\system32\dllcache\xrxwiadr.dll
            2009-05-22 03:57 . 2001-08-18 03:36   23040   ----a-w   c:\windows\system32\dllcache\xrxwbtmp.dll
            2009-05-22 03:57 . 2008-04-13 23:12   18944   ----a-w   c:\windows\system32\dllcache\xrxscnui.dll
            2009-05-22 03:57 . 2001-08-18 03:37   27648   ----a-w   c:\windows\system32\dllcache\xrxftplt.exe
            2009-05-22 03:57 . 2001-08-18 03:37   4608   ----a-w   c:\windows\system32\dllcache\xrxflnch.exe
            2009-05-22 03:57 . 2001-08-18 03:37   99865   ----a-w   c:\windows\system32\dllcache\xlog.exe
            2009-05-22 03:57 . 2001-08-17 17:11   16970   ----a-w   c:\windows\system32\dllcache\xem336n5.sys
            2009-05-22 03:57 . 2004-08-04 02:29   19455   ----a-w   c:\windows\system32\dllcache\wvchntxx.sys
            2009-05-22 03:56 . 2004-08-04 02:29   12063   ----a-w   c:\windows\system32\dllcache\wsiintxx.sys
            2009-05-22 03:56 . 2008-04-13 23:12   8192   ----a-w   c:\windows\system32\dllcache\wshirda.dll
            2009-05-22 03:56 . 2008-04-13 17:36   8832   ----a-w   c:\windows\system32\dllcache\wmiacpi.sys
            2009-05-22 03:56 . 2004-08-04 02:31   154624   ----a-w   c:\windows\system32\dllcache\wlluc48.sys
            2009-05-22 03:56 . 2001-08-17 17:12   34890   ----a-w   c:\windows\system32\dllcache\wlandrv2.sys
            2009-05-22 03:54 . 2001-08-17 18:28   64605   ----a-w   c:\windows\system32\dllcache\vvoice.sys
            2009-05-22 03:54 . 2001-08-17 18:28   397502   ----a-w   c:\windows\system32\dllcache\vpctcom.sys
            2009-05-22 03:54 . 2001-08-17 18:28   604253   ----a-w   c:\windows\system32\dllcache\vmodem.sys
            2009-05-22 03:54 . 2001-08-17 17:14   249402   ----a-w   c:\windows\system32\dllcache\vinwm.sys
            2009-05-22 03:54 . 2001-08-17 18:49   24576   ----a-w   c:\windows\system32\dllcache\viairda.sys
            2009-05-22 03:54 . 2001-08-17 18:28   687999   ----a-w   c:\windows\system32\dllcache\usrwdxjs.sys
            2009-05-22 03:54 . 2001-08-17 18:28   765884   ----a-w   c:\windows\system32\dllcache\usrti.sys
            2009-05-22 03:54 . 2001-08-17 18:28   113762   ----a-w   c:\windows\system32\dllcache\usrpda.sys
            2009-05-22 03:54 . 2001-08-17 18:28   7556   ----a-w   c:\windows\system32\dllcache\usroslba.sys
            2009-05-22 03:54 . 2001-08-17 18:28   224802   ----a-w   c:\windows\system32\dllcache\usr1807a.sys
            2009-05-22 03:54 . 2001-08-17 18:28   794399   ----a-w   c:\windows\system32\dllcache\usr1806v.sys
            2009-05-22 03:52 . 2001-08-18 03:36   216064   ----a-w   c:\windows\system32\dllcache\um34scan.dll
            2009-05-22 03:51 . 2001-08-17 19:01   241664   ----a-w   c:\windows\system32\dllcache\tosdvd02.sys
            2009-05-22 03:50 . 2001-08-17 18:50   103936   ----a-w   c:\windows\system32\dllcache\sx.sys
            2009-05-22 03:50 . 2001-08-17 19:02   3968   ----a-w   c:\windows\system32\dllcache\swusbflt.sys
            2009-05-22 03:50 . 2001-08-18 03:36   10240   ----a-w   c:\windows\system32\dllcache\swpidflt.dll
            2009-05-22 03:50 . 2001-08-18 03:36   10240   ----a-w   c:\windows\system32\dllcache\swpdflt2.dll
            2009-05-22 03:50 . 2001-08-18 03:36   53760   ----a-w   c:\windows\system32\dllcache\sw_wheel.dll
            2009-05-22 03:50 . 2001-08-18 03:36   41472   ----a-w   c:\windows\system32\dllcache\sw_effct.dll
            2009-05-22 03:50 . 2001-08-18 03:36   155648   ----a-w   c:\windows\system32\dllcache\stlnprop.dll
            2009-05-22 03:50 . 2001-08-18 03:36   53248   ----a-w   c:\windows\system32\dllcache\stlncoin.dll
            2009-05-22 03:50 . 2001-08-17 17:18   285760   ----a-w   c:\windows\system32\dllcache\stlnata.sys
            2009-05-22 03:50 . 2001-08-17 18:51   16896   ----a-w   c:\windows\system32\dllcache\stcusb.sys
            2009-05-22 03:50 . 2001-08-17 17:11   48736   ----a-w   c:\windows\system32\dllcache\srwlnd5.sys
            2009-05-22 03:50 . 2004-08-04 10:00   101376   ----a-w   c:\windows\system32\dllcache\srusbusd.dll
            2009-05-22 03:50 . 2001-08-18 03:36   99328   ----a-w   c:\windows\system32\dllcache\srusd.dll
            2009-05-22 03:48 . 2004-08-04 10:00   15872   ----a-w   c:\windows\system32\dllcache\smierrsm.dll
            2009-05-22 03:47 . 2001-08-17 17:12   94698   ----a-w   c:\windows\system32\dllcache\sk98xwin.sys
            2009-05-22 03:47 . 2001-08-17 19:56   157696   ----a-w   c:\windows\system32\dllcache\sisv256.dll
            2009-05-22 03:47 . 2001-08-17 17:50   50432   ----a-w   c:\windows\system32\dllcache\sisv.sys
            2009-05-22 03:47 . 2004-08-04 02:31   32768   ----a-w   c:\windows\system32\dllcache\sisnic.sys
            2009-05-22 03:47 . 2001-08-18 03:36   238592   ----a-w   c:\windows\system32\dllcache\sisgrv.dll
            2009-05-22 03:47 . 2001-08-17 17:50   104064   ----a-w   c:\windows\system32\dllcache\sisgrp.sys
            2009-05-22 03:47 . 2001-08-17 19:56   150144   ----a-w   c:\windows\system32\dllcache\sis6306v.dll
            2009-05-22 03:47 . 2001-08-17 17:50   68608   ----a-w   c:\windows\system32\dllcache\sis6306p.sys
            2009-05-22 03:47 . 2001-08-17 19:56   252032   ----a-w   c:\windows\system32\dllcache\sis300iv.dll
            2009-05-22 03:47 . 2001-08-17 17:50   101760   ----a-w   c:\windows\system32\dllcache\sis300ip.sys
            2009-05-22 03:47 . 2004-08-04 10:00   18944   ----a-w   c:\windows\system32\dllcache\simptcp.dll
            2009-05-22 03:45 . 2001-08-18 03:36   495616   ----a-w   c:\windows\system32\dllcache\sblfx.dll
            2009-05-22 03:45 . 2001-08-17 17:50   75392   ----a-w   c:\windows\system32\dllcache\s3savmxm.sys
            2009-05-22 03:45 . 2001-08-17 19:56   245632   ----a-w   c:\windows\system32\dllcache\s3savmx.dll
            2009-05-22 03:45 . 2001-08-17 17:50   77824   ----a-w   c:\windows\system32\dllcache\s3sav4m.sys
            2009-05-22 03:45 . 2001-08-17 19:56   198400   ----a-w   c:\windows\system32\dllcache\s3sav4.dll
            2009-05-22 03:45 . 2001-08-17 17:50   61504   ----a-w   c:\windows\system32\dllcache\s3sav3dm.sys
            2009-05-22 03:45 . 2001-08-17 19:56   179264   ----a-w   c:\windows\system32\dllcache\s3sav3d.dll
            2009-05-22 03:45 . 2001-08-17 19:56   210496   ----a-w   c:\windows\system32\dllcache\s3mvirge.dll
            2009-05-22 03:45 . 2001-08-18 03:36   62496   ----a-w   c:\windows\system32\dllcache\s3mtrio.dll
            2009-05-22 03:45 . 2001-08-17 17:50   41216   ----a-w   c:\windows\system32\dllcache\s3mt3d.sys
            2009-05-22 03:45 . 2001-08-17 19:56   182272   ----a-w   c:\windows\system32\dllcache\s3mt3d.dll
            2009-05-22 03:45 . 2001-08-17 17:50   166720   ----a-w   c:\windows\system32\dllcache\s3m.sys
            2009-05-22 03:45 . 2001-08-17 18:57   65664   ----a-w   c:\windows\system32\dllcache\s3legacy.sys
            2009-05-22 03:43 . 2001-08-17 18:28   899146   ----a-w   c:\windows\system32\dllcache\r2mdkxga.sys
            2009-05-22 03:42 . 2008-04-13 17:41   17664   ----a-w   c:\windows\system32\dllcache\ppa3.sys
            2009-05-22 03:41 . 2001-08-17 17:11   29769   ----a-w   c:\windows\system32\dllcache\pcntn5m.sys
            2009-05-22 03:40 . 2001-08-17 19:05   25088   ----a-w   c:\windows\system32\dllcache\ovca.sys
            2009-05-22 03:40 . 2001-08-17 18:28   54186   ----a-w   c:\windows\system32\dllcache\otcsercb.sys
            2009-05-22 03:40 . 2001-08-17 17:12   43689   ----a-w   c:\windows\system32\dllcache\otceth5.sys
            2009-05-22 03:40 . 2001-08-17 17:12   27209   ----a-w   c:\windows\system32\dllcache\otc06x5.sys
            2009-05-22 03:40 . 2001-08-17 17:20   54528   ----a-w   c:\windows\system32\dllcache\opl3sax.sys
            2009-05-22 03:40 . 2008-04-13 17:46   61696   ----a-w   c:\windows\system32\dllcache\ohci1394.sys
            2009-05-22 03:40 . 2001-08-17 17:50   198144   ----a-w   c:\windows\system32\dllcache\nv3.sys
            2009-05-22 03:40 . 2001-08-18 03:36   123776   ----a-w   c:\windows\system32\dllcache\nv3.dll
            2009-05-22 03:40 . 2001-08-17 17:49   51552   ----a-w   c:\windows\system32\dllcache\ntgrip.sys
            2009-05-22 03:40 . 2001-08-18 03:36   38912   ----a-w   c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
            2009-05-22 03:40 . 2001-08-17 18:47   9344   ----a-w   c:\windows\system32\dllcache\ntapm.sys
            2009-05-22 03:38 . 2001-08-17 19:56   35392   ----a-w   c:\windows\system32\dllcache\n9i128.dll
            2009-05-22 03:37 . 2001-08-17 19:02   35200   ----a-w   c:\windows\system32\dllcache\msgame.sys
            2009-05-22 03:36 . 2001-08-18 03:36   58880   ----a-w   c:\windows\system32\dllcache\m3092dc.dll
            2009-05-22 03:35 . 2004-08-04 10:00   5632   ----a-w   c:\windows\system32\dllcache\kbdusa.dll
            2009-05-22 03:34 . 2001-08-18 03:36   90200   ----a-w   c:\windows\system32\dllcache\io8ports.dll
            2009-05-22 03:33 . 2001-08-17 17:12   100936   ----a-w   c:\windows\system32\dllcache\ibmtok.sys
            2009-05-22 03:32 . 2001-08-17 18:28   67167   ----a-w   c:\windows\system32\dllcache\hsf_bsc2.sys
            2009-05-22 03:31 . 2008-04-13 17:36   20352   ----a-w   c:\windows\system32\dllcache\hidbatt.sys
            2009-05-22 03:30 . 2001-08-18 03:36   71680   ----a-w   c:\windows\system32\dllcache\fnfilter.dll
            2009-05-22 03:29 . 2001-08-17 17:19   37120   ----a-w   c:\windows\system32\dllcache\es1370mp.sys
            2009-05-22 03:28 . 2001-08-17 17:12   50719   ----a-w   c:\windows\system32\dllcache\e1000nt5.sys
            2009-05-22 03:27 . 2001-08-17 17:11   24648   ----a-w   c:\windows\system32\dllcache\dfe650.sys
            2009-05-22 03:26 . 2001-08-17 17:11   39936   ----a-w   c:\windows\system32\dllcache\cnxt1803.sys
            2009-05-22 03:25 . 2001-08-17 18:51   13824   ----a-w   c:\windows\system32\dllcache\bulltlp3.sys
            2009-05-22 03:24 . 2001-08-17 17:49   17152   ----a-w   c:\windows\system32\dllcache\atitvsnd.sys
            2009-05-22 03:23 . 2001-08-17 19:56   66048   ----a-w   c:\windows\system32\dllcache\s3legacy.dll
            2009-05-21 17:20 . 2009-05-21 17:20   --------   d-sh--w   c:\windows\system32\config\systemprofile\IETldCache
            2009-05-17 19:08 . 2009-05-17 19:08   --------   d-----w   c:\docume~1\RICKCA~1\APPLIC~1\Malwarebytes
            2009-05-17 19:08 . 2009-05-17 19:08   --------   d-----w   c:\documents and settings\All Users\Application Data\Malwarebytes
            2009-05-03 03:32 . 2009-05-03 18:11   --------   d-----w   c:\program files\Lavasoft
            2009-05-03 03:32 . 2009-05-03 18:11   --------   d-----w   c:\documents and settings\All Users\Application Data\Lavasoft
            2009-05-01 22:16 . 2009-05-03 18:13   --------   d-----w   c:\documents and settings\Rick Carter\Tracing
            2009-05-01 21:04 . 2009-05-01 21:04   --------   d-----w   c:\program files\Microsoft Sync Framework
            2009-05-01 21:03 . 2009-05-01 21:03   --------   d-----w   c:\program files\Microsoft SQL Server Compact Edition
            2009-05-01 21:01 . 2009-05-01 21:01   --------   d-----w   c:\program files\Microsoft
            2009-05-01 21:01 . 2009-05-03 18:53   --------   d-----w   c:\program files\Windows Live
            2009-05-01 20:36 . 2009-05-01 20:36   --------   d-----w   c:\program files\Common Files\Windows Live
            2009-05-01 19:46 . 2009-05-01 19:46   --------   d-----w   c:\program files\AML Products

            .
            ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            2009-05-24 03:23 . 2005-04-13 13:38   --------   d-----w   c:\program files\Java
            2009-05-24 00:19 . 2005-11-08 02:35   --------   d-----w   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
            2009-05-23 01:35 . 2007-06-24 03:17   --------   d-----w   c:\program files\ScanSuite
            2009-05-21 20:05 . 2008-05-30 10:44   --------   d-----w   c:\documents and settings\All Users\Application Data\avg8
            2009-05-18 04:24 . 2008-09-19 14:45   --------   d-----w   c:\docume~1\RICKCA~1\APPLIC~1\OpenOffice.org2
            2009-05-17 17:46 . 2007-06-22 02:16   --------   d-----w   c:\program files\FinePixViewer
            2009-05-16 16:52 . 2008-05-30 10:44   11952   ----a-w   c:\windows\system32\avgrsstx.dll
            2009-05-16 16:52 . 2008-05-30 10:44   325896   ----a-w   c:\windows\system32\drivers\avgldx86.sys
            2009-05-16 16:52 . 2006-12-08 02:41   27784   ----a-w   c:\windows\system32\drivers\avgmfx86.sys
            2009-05-16 16:52 . 2008-05-30 10:44   108552   ----a-w   c:\windows\system32\drivers\avgtdix.sys
            2009-05-03 18:09 . 2009-03-17 23:40   --------   d-----w   c:\docume~1\RICKCA~1\APPLIC~1\IObit
            2009-05-01 22:15 . 2005-04-18 17:00   21008   -c--a-w   c:\documents and settings\Rick Carter\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
            2009-05-01 19:51 . 2008-02-27 22:32   --------   d-----w   c:\program files\XLView
            2009-04-19 03:48 . 2009-04-19 03:48   --------   d-----w   c:\docume~1\RICKCA~1\APPLIC~1\ValuSoft
            2009-04-19 03:44 . 2009-04-19 03:44   --------   d-----w   c:\program files\Prison Tycoon 4
            2009-04-19 03:44 . 2005-04-13 13:39   --------   d--h--w   c:\program files\InstallShield Installation Information
            2009-04-16 02:39 . 2005-09-03 20:49   --------   d-----w   c:\docume~1\RICKCA~1\APPLIC~1\AdobeUM
            2009-04-16 01:46 . 2005-04-13 13:53   --------   d-----w   c:\program files\QuickTime
            2009-04-15 11:07 . 2007-06-17 19:54   --------   d-----w   c:\program files\Yahoo!
            2009-04-14 04:00 . 2009-04-14 04:00   --------   d-----w   c:\program files\TouchStoneSoftware
            2009-04-05 18:48 . 2009-04-05 18:48   --------   d-----w   c:\docume~1\RICKCA~1\APPLIC~1\Windows Search
            2009-03-18 22:45 . 2007-03-06 15:15   348160   ----a-w   c:\windows\system32\msvcr71.dll
            2009-03-18 22:45 . 2007-03-06 15:15   499712   ----a-w   c:\windows\system32\msvcp71.dll
            2009-03-08 09:34 . 2004-08-04 10:00   914944   ----a-w   c:\windows\system32\wininet.dll
            2009-03-08 09:34 . 2004-08-04 10:00   43008   ----a-w   c:\windows\system32\licmgr10.dll
            2009-03-08 09:33 . 2004-08-04 10:00   18944   ----a-w   c:\windows\system32\corpol.dll
            2009-03-08 09:33 . 2004-08-04 10:00   420352   ----a-w   c:\windows\system32\vbscript.dll
            2009-03-08 09:32 . 2004-08-04 10:00   72704   ----a-w   c:\windows\system32\admparse.dll
            2009-03-08 09:32 . 2004-08-04 10:00   71680   ----a-w   c:\windows\system32\iesetup.dll
            2009-03-08 09:31 . 2004-08-04 10:00   34816   ----a-w   c:\windows\system32\imgutil.dll
            2009-03-08 09:31 . 2004-08-04 10:00   48128   ----a-w   c:\windows\system32\mshtmler.dll
            2009-03-08 09:31 . 2004-08-04 10:00   45568   ----a-w   c:\windows\system32\mshta.exe
            2009-03-08 09:22 . 2004-08-04 10:00   156160   ----a-w   c:\windows\system32\msls31.dll
            2009-03-06 14:22 . 2004-08-04 10:00   284160   ----a-w   c:\windows\system32\pdh.dll
            2005-11-08 02:05 . 2005-11-08 02:00   2855080   -c--a-w   c:\program files\aawsepersonal.exe
            .

            (((((((((((((((((((((((((((((   SnapShot@2009-05-25_21.44.57   )))))))))))))))))))))))))))))))))))))))))
            .
            + 2009-05-25 23:12 . 2009-05-25 23:12   16384              c:\windows\Temp\usgthrsvc\Perflib_Perfdata_180.dat
            + 2009-05-25 23:12 . 2009-05-25 23:12   16384              c:\windows\Temp\Perflib_Perfdata_408.dat
            .
            (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            *Note* empty entries & legit default entries are not shown
            REGEDIT4

            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-16 1947928]
            "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-16 1947928]
            "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-18 198160]
            "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-23 148888]
            "OutpostMonitor"="c:\progra~1\Agnitum\Outpost Firewall\op_mon.exe" [2009-04-28 2374464]
            "OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]

            [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
            "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
            "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
            2008-12-22 17:05   356352   ----a-w   c:\program files\SUPERAntiSpyware\SASWINLO.dll

            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
            2009-05-16 16:52   11952   ----a-w   c:\windows\SYSTEM32\avgrsstx.dll

            HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
            "wave"= serwvdrv.dll

            [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
            "EnableFirewall"= 0 (0x0)

            [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
            "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
            "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
            "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
            "c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
            "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
            "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
            "c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
            "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
            "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
            "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
            "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
            "c:\\WINDOWS\\system32\\sessmgr.exe"=
            "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

            R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [5/30/2008 5:44 AM 325896]
            R1 AvgTdiX;AVG8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [5/30/2008 5:44 AM 108552]
            R1 SandBox;SandBox;c:\windows\SYSTEM32\DRIVERS\SandBox.sys [5/24/2009 6:35 PM 704384]
            R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/14/2009 2:22 PM 9968]
            R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/14/2009 2:22 PM 72944]
            R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\Outpost Firewall\acs.exe [5/24/2009 6:33 PM 1195008]
            R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/5/2008 10:41 AM 908568]
            R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/5/2008 10:41 AM 298776]
            R3 afw;Agnitum firewall driver;c:\windows\SYSTEM32\DRIVERS\afw.sys [5/24/2009 6:33 PM 31128]
            R3 afwcore;afwcore;c:\windows\SYSTEM32\DRIVERS\afwcore.sys [5/24/2009 6:35 PM 257432]
            R3 XIRLINK;IBM PC Camera;c:\windows\SYSTEM32\DRIVERS\C-itnt.sys [9/10/2008 5:53 PM 453475]
            S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/14/2009 2:22 PM 7408]

            [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
            c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
            .
            Contents of the 'Scheduled Tasks' folder

            2009-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1056457592-2306923782-1649441779-1006.job
            - c:\documents and settings\Rick Carter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 14:39]
            .
            .
            ------- Supplementary Scan -------
            .
            uStart Page = hxxp://www.yahoo.com/
            uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636 f6d2f
            mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636 f6d2f
            uInternet Connection Wizard,ShellNext = iexplore
            uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*http://www.yahoo.com
            .

            **************************************************************************

            catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
            Rootkit scan 2009-05-25 18:12
            Windows 5.1.2600 Service Pack 3 NTFS

            scanning hidden processes ... 

            scanning hidden autostart entries ...

            scanning hidden files ... 

            scan completed successfully
            hidden files: 0

            **************************************************************************
            .
            --------------------- DLLs Loaded Under Running Processes ---------------------

            - - - - - - - > 'winlogon.exe'(1164)
            c:\program files\SUPERAntiSpyware\SASWINLO.dll

            - - - - - - - > 'explorer.exe'(3240)
            c:\program files\Windows Desktop Search\deskbar.dll
            c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
            c:\program files\Windows Desktop Search\dbres.dll
            c:\program files\Windows Desktop Search\wordwheel.dll
            c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
            c:\program files\Windows Desktop Search\msnlExtRes.dll
            c:\windows\system32\ieframe.dll
            c:\windows\system32\webcheck.dll
            c:\windows\system32\WPDShServiceObj.dll
            c:\windows\system32\PortableDeviceTypes.dll
            c:\windows\system32\PortableDeviceApi.dll
            c:\windows\system32\OneX.DLL
            c:\windows\system32\eappprxy.dll
            .
            ------------------------ Other Running Processes ------------------------
            .
            c:\program files\a-squared Free\a2service.exe
            c:\windows\SYSTEM32\bgsvcgen.exe
            c:\windows\SYSTEM32\CTSVCCDA.EXE
            c:\program files\Java\jre6\bin\jqs.exe
            c:\windows\SYSTEM32\DRIVERS\KodakCCS.exe
            c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
            c:\program files\AVG\AVG8\avgrsx.exe
            c:\progra~1\AVG\AVG8\avgnsx.exe
            c:\windows\SYSTEM32\searchindexer.exe
            c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
            c:\program files\AVG\AVG8\avgcsrvx.exe
            c:\windows\SYSTEM32\wscntfy.exe
            .
            **************************************************************************
            .
            Completion time: 2009-05-25 18:17 - machine was rebooted
            ComboFix-quarantined-files.txt  2009-05-25 23:17
            ComboFix2.txt  2009-05-25 21:47

            Pre-Run: 20,890,476,544 bytes free
            Post-Run: 20,872,675,328 bytes free

            310   --- E O F ---   2009-05-13 11:31
            Logged

            evilfantasy

            • Malware Removal Specialist
            • Moderator


              • Genius
            • Calm like a bomb
              • Thanked: 493
            • Experience: Experienced
            • OS: Windows 11
            Re: Bad Virus---please help
            « Reply #9 on: May 25, 2009, 05:26:30 PM »
              OK moving along....

              • Click START then RUN
              • Now type Combofix /u in the runbox
              • Make sure there's a space between Combofix and /u
              • Then hit Enter.
              .
              • The above procedure will:
              • Delete the following:
              • ComboFix and its associated files and folders.
              • Reset the clock settings.
              • Hide file extensions, if required.
              • Hide System/Hidden files, if required.
              • Set a new, clean Restore Point.
              .
              ----------

              Use the
            Kaspersky Lab Online Scanner

            In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

            • Click on SCAN NOW
            • Click Accept.
            • The program will then begin downloading the latest definition files.
            • Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
            • The scan will take a while, so be patient and let it finish.
            When the scan is done, in the Scan is complete window, any infection is displayed.
            There is no option to clean/disinfect, however, we need to analyze the information on the report.

            To obtain the report:
            Click on: Save Report As
            • Next, in the Save as prompt, Save in area, select: Desktop.
            • In the File name area use KScan, or something similar.
            • In Save as type: click the drop arrow and select: Text file [*.txt]
            • Then, click: Save


            Copy and paste the Kaspersky Online Scanner Report in your next reply.

            Note for Internet Explorer 7 and 8 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

            If needed, this animation will guide you through the process.
            Logged

            911carter

              Topic Starter


              Rookie

              Re: Bad Virus---please help
              « Reply #10 on: May 25, 2009, 09:58:09 PM »
              OK, finaly got that done,,,,it did take a while..
              It didn't find any malware or anything.
              here is the log  report.

              --------------------------------------------------------------------------------
              KASPERSKY ONLINE SCANNER 7.0 REPORT
               Monday, May 25, 2009
               Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
               Kaspersky Online Scanner  version: 7.0.26.13
               Program database last update: Tuesday, May 26, 2009 02:21:06
               Records in database: 2246292
              --------------------------------------------------------------------------------

              Scan settings:
                 Scan using the following database: extended
                 Scan archives: yes
                 Scan mail databases: yes

              Scan area - My Computer:
                 C:\
                 D:\
                 E:\

              Scan statistics:
                 Files scanned: 75975
                 Threat name: 0
                 Infected objects: 0
                 Suspicious objects: 0
                 Duration of the scan: 02:50:39

              No malware has been detected. The scan area is clean.

              The selected area was scanned.
              Logged

              evilfantasy

              • Malware Removal Specialist
              • Moderator


                • Genius
              • Calm like a bomb
                • Thanked: 493
              • Experience: Experienced
              • OS: Windows 11
              Re: Bad Virus---please help
              « Reply #11 on: May 26, 2009, 11:09:08 AM »
              Looks good.

              Use the Secunia Software Inspector to check for out of date software.
              • Click Start Now
              • Check the box next to Enable thorough system inspection.
              • Click Start
              • Allow the scan to finish and scroll down to see if any updates are needed.
              • Update anything listed.
              .
              ----------

              Go to Microsoft Windows Update and get all critical updates.

              ----------

              I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

              SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
              * Using SpywareBlaster to protect your computer from Spyware and Malware
              * If you don't know what ActiveX controls are, see here

              Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

              Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.
              Logged

              911carter

                Topic Starter


                Rookie

                Re: Bad Virus---please help
                « Reply #12 on: May 26, 2009, 11:15:33 AM »
                Thank you sooooo much Evil....
                You have been a life saver, I coul'nt have done it without ya..
                 ;D
                Logged

                evilfantasy

                • Malware Removal Specialist
                • Moderator


                  • Genius
                • Calm like a bomb
                  • Thanked: 493
                • Experience: Experienced
                • OS: Windows 11
                Re: Bad Virus---please help
                « Reply #13 on: May 26, 2009, 11:17:57 AM »
                Your welcome.

                Safe surfing....
                Logged
                Pages: [1]   Go Up
                « previous next »