Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91681 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed]áVundo and other viruses and problems


  • This topic is locked This topic is locked
12 replies to this topic

#1 richwigs

richwigs

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 09 October 2009 - 12:13 PM

My computer is running extremely slow. It seems mozilla takes forever to open. I have alot of lag issues and some pop ups. I use Stopzilla, and it keeps quarantining vundo virus, but each time I reboot, it is there still. I need help in tuning up the computer's overall performance. Thanks in advance Here is the root repeal log you requested: ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/10/09 12:59 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xB7314000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xBAE0E000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xB5F6C000 Size: 49152 File Visible: No Signed: - Status: - ==EOF== Here is the DDS report DDS (Ver_09-06-26.01) - NTFSx86 Run by Richard at 12:55:32.29 on Fri 10/09/2009 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2495.1847 [GMT -5:00] AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe svchost.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\dlcccoms.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\STOPzilla!\STOPzilla.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Richard\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://mlb.mlb.com/index.jsp uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\SZSG.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\SZSG.dll TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File TB: {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File TB: {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - No File TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16 mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL LSP: c:\program files\common files\is3\anti-spyware\iS3lsp.dll DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://echat.bellsouth.net/sdccommon/download/tgctlcm.cab DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} - hxxp://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXInstaller_4-2-0.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: avgrsstarter - avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\richard\applic~1\mozilla\firefox\profiles\qzuw1fjb.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo! Search FF - prefs.js: browser.startup.homepage - hxxp://mlb.mlb.com/index.jsp FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p= FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPAskSBr.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-5-12 61328] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-2 335240] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-10-10 27784] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-2 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-2 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-2 297752] S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2007-9-21 269824] S3 SjyPkt;SjyPkt;\??\c:\windows\system32\drivers\sjypkt.sys --> c:\windows\system32\drivers\SjyPkt.sys [?] S3 SkLaggProtocol;Marvell Link Aggregation Protocol (LAGG) Support;c:\windows\system32\drivers\yk51lagg.sys --> c:\windows\system32\drivers\yk51lagg.sys [?] S3 SkVlanProtocol;Marvell Virtual LAN (VLAN) Support;c:\windows\system32\drivers\skvlan.sys [2006-5-17 19328] =============== Created Last 30 ================ 2009-10-09 12:34 240 a------- c:\windows\system32\drivers\kgpcpy.cfg 2009-09-20 11:51 42 a------- c:\windows\system32\AK083E209605E394C.lie 2009-09-20 11:51 <DIR> --d----- c:\program files\Perfect Uninstaller 2009-09-20 11:14 411,368 a------- c:\windows\system32\deploytk.dll 2009-09-17 17:24 <DIR> --d----- c:\program files\a-squared Free ==================== Find3M ==================== 2009-09-17 18:48 66,469 a------- c:\program files\INSTALL.LOG 2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-08-19 09:32 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-08-19 09:32 335,240 a------- c:\windows\system32\drivers\avgldx86.sys 2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-07-20 14:57 17,408 a----r-- c:\windows\system32\SZIO5.dll 2009-07-20 14:56 311,296 a----r-- c:\windows\system32\SZBase5.dll 2009-07-20 14:56 540,672 a----r-- c:\windows\system32\SZComp5.dll 2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll 2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll 2009-07-13 19:17 129,784 -------- c:\windows\system32\pxafs.dll 2009-07-13 19:17 120,056 -------- c:\windows\system32\pxcpyi64.exe 2009-07-13 19:17 118,520 -------- c:\windows\system32\pxinsi64.exe 2009-07-13 19:15 90,112 a------- c:\windows\system32\dpl100.dll 2009-07-13 19:15 823,296 a------- c:\windows\system32\divx_xx0c.dll 2009-07-13 19:15 823,296 a------- c:\windows\system32\divx_xx07.dll 2009-07-13 19:15 815,104 a------- c:\windows\system32\divx_xx0a.dll 2009-07-13 19:15 811,008 a------- c:\windows\system32\divx_xx16.dll 2009-07-13 19:15 802,816 a------- c:\windows\system32\divx_xx11.dll 2009-07-13 19:15 685,056 a------- c:\windows\system32\DivX.dll 2007-10-10 06:55 564 a------- c:\documents and settings\richard\DMOrganizer.dat 2008-09-11 00:32 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091120080912\index.dat ============= FINISH: 12:55:52.51 =============== And the attachment also..[attachment=5724:Attach.txt] Anxiously awaiting your response.... thanks

    Advertisements

Register to Remove


#2 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 11 October 2009 - 08:24 AM

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#3 richwigs

richwigs

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 14 October 2009 - 05:04 PM

Speed going from site to site is a little better once mozilla does finally open. IT still takes an extremely long time to open and now I seem to be having trouble getting it to open at all without rebooting.


ComboFix 09-10-14.04 - Richard 10/14/2009 17:54.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2495.1924 [GMT -5:00]
Running from: c:\documents and settings\Richard\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-09-14 to 2009-10-14 )))))))))))))))))))))))))))))))
.

2009-10-12 05:26 . 2009-10-12 05:27 -------- d-----w- c:\program files\QuickTime
2009-10-12 05:26 . 2009-10-12 05:26 -------- d-----w- c:\program files\Common Files\Apple
2009-10-12 05:26 . 2009-10-12 05:26 -------- d-----w- c:\program files\Apple Software Update
2009-10-09 18:46 . 2009-10-09 18:46 -------- d-----w- c:\program files\Secunia
2009-10-09 17:49 . 2009-10-09 17:49 -------- d-----w- c:\program files\ERUNT
2009-09-20 16:51 . 2009-09-20 16:53 -------- d-----w- c:\program files\Perfect Uninstaller
2009-09-20 16:14 . 2009-09-20 16:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-17 22:24 . 2009-10-04 19:45 -------- d-----w- c:\program files\a-squared Free

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-14 22:50 . 2007-09-24 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-10-12 05:26 . 2008-10-22 11:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-11 16:09 . 2007-09-24 00:11 -------- d-----w- c:\program files\Dl_cats
2009-09-20 16:13 . 2007-09-27 01:40 -------- d-----w- c:\program files\Java
2009-09-20 15:48 . 2007-09-24 01:03 -------- d-----w- c:\program files\STOPzilla!
2009-09-17 23:56 . 2008-09-28 03:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-17 23:49 . 2007-10-27 01:41 -------- d-----w- c:\program files\BellSouth
2009-09-10 19:54 . 2008-09-28 03:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2008-09-28 03:22 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-20 01:25 . 2009-08-20 01:25 -------- d-----w- c:\program files\DivX
2009-08-20 01:25 . 2009-08-20 01:25 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-08-19 14:32 . 2009-01-02 21:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-19 14:32 . 2009-01-02 21:30 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-19 14:32 . 2007-10-10 23:02 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-07 00:54 . 2007-09-22 04:54 18632 ----a-w- c:\documents and settings\Richard\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-05 09:01 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-20 19:57 . 2009-07-20 19:57 17408 ----a-r- c:\windows\system32\SZIO5.dll
2009-07-20 19:56 . 2009-07-20 19:56 311296 ----a-r- c:\windows\system32\SZBase5.dll
2009-07-20 19:56 . 2009-07-20 19:56 540672 ----a-r- c:\windows\system32\SZComp5.dll
2009-07-17 19:01 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 14:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-03-21 1953792]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-19 868352]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2006-02-24 73728]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-09-19 333120]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-02 2023704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-19 14:32 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ASUS WiFi-AP Solo.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ASUS WiFi-AP Solo.lnk
backup=c:\windows\pss\ASUS WiFi-AP Solo.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dlcccoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlccPSWX.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\att-nap\\McciBrowser.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [5/12/2009 2:13 PM 61328]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/2/2009 4:30 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/2/2009 4:30 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [1/2/2009 4:30 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/2/2009 4:30 PM 297752]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 7:20 AM 12648]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [9/21/2007 11:53 PM 269824]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]
S3 SkLaggProtocol;Marvell Link Aggregation Protocol (LAGG) Support;c:\windows\system32\DRIVERS\yk51lagg.sys --> c:\windows\system32\DRIVERS\yk51lagg.sys [?]
S3 SkVlanProtocol;Marvell Virtual LAN (VLAN) Support;c:\windows\system32\drivers\skvlan.sys [5/17/2006 2:15 AM 19328]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mlb.mlb.com/index.jsp
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} - hxxp://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXInstaller_4-2-0.cab
FF - ProfilePath - c:\documents and settings\Richard\Application Data\Mozilla\Firefox\Profiles\qzuw1fjb.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://mlb.mlb.com/index.jsp
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-14 17:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3624)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-14 17:57
ComboFix-quarantined-files.txt 2009-10-14 22:57
ComboFix2.txt 2009-10-14 22:44

Pre-Run: 299,476,176,896 bytes free
Post-Run: 299,444,228,096 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

175 --- E O F --- 2009-09-10 08:01

#4 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 14 October 2009 - 05:58 PM

Hi,

That was the second run of ComboFix,

could you please look for the first log in C:\Qoobox\combofix2.txt and post it.

thanks.

Next

please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.




NEXT

Run an on-line scan with Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.

    Posted Image
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply


In your next reply please include
  • First ComboFix log
  • MBAM Log
  • Kaspersky report

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#5 richwigs

richwigs

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 15 October 2009 - 07:04 PM

I do not have but 1 combofix log that i can find. I thought I only ran it one time, but I was not in the room while it was running. Malwarebytes' Anti-Malware 1.41 Database version: 2964 Windows 5.1.2600 Service Pack 3 10/14/2009 8:59:05 PM mbam-log-2009-10-14 (20-59-05).txt Scan type: Quick Scan Objects scanned: 96342 Time elapsed: 1 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Wednesday, October 14, 2009 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Thursday, October 15, 2009 03:23:38 Records in database: 2989554 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ Scan statistics: Objects scanned: 45428 Threats found: 0 Infected objects found: 0 Suspicious objects found: 0 Scan duration: 00:26:23 No threats found. Scanned area is clean. Selected area has been scanned.

#6 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 16 October 2009 - 02:55 AM

Hi, Do you know why all these ports are open? Do you use them all for gaming? [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:TCP Port 135 "5000:TCP"= 5000:TCP:TCP Port 5000 "5001:TCP"= 5001:TCP:TCP Port 5001 "5002:TCP"= 5002:TCP:TCP Port 5002 "5003:TCP"= 5003:TCP:TCP Port 5003 "5004:TCP"= 5004:TCP:TCP Port 5004 "5005:TCP"= 5005:TCP:TCP Port 5005 "5006:TCP"= 5006:TCP:TCP Port 5006 "5007:TCP"= 5007:TCP:TCP Port 5007 "5008:TCP"= 5008:TCP:TCP Port 5008 "5009:TCP"= 5009:TCP:TCP Port 5009 "5010:TCP"= 5010:TCP:TCP Port 5010 "5011:TCP"= 5011:TCP:TCP Port 5011 "5012:TCP"= 5012:TCP:TCP Port 5012 "5013:TCP"= 5013:TCP:TCP Port 5013 "5014:TCP"= 5014:TCP:TCP Port 5014 "5015:TCP"= 5015:TCP:TCP Port 5015 "5016:TCP"= 5016:TCP:TCP Port 5016 "5017:TCP"= 5017:TCP:TCP Port 5017 "5018:TCP"= 5018:TCP:TCP Port 5018 "5019:TCP"= 5019:TCP:TCP Port 5019 "5020:TCP"= 5020:TCP:TCP Port 5020 "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 Please post a fresh DDS and Attach.txt and describe how your computer i running now and if there are any outstanding issues.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#7 richwigs

richwigs

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 16 October 2009 - 05:16 PM

After turning on my PC this evening, it is running very badly, slow and choppy and takes a long time to load pages. I also still have the vundo virus and a cognac virus in stopzilla that needed to be removed again.

I use to use ventrilo, but it has not been installed on my PC for over 7 months. I think those ports are from the different servers.

I found the first combofix log.

COMBOFIX LOG

ComboFix 09-10-14.01 - Richard 10/14/2009 17:36.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2495.1304 [GMT -5:00]
Running from: c:\documents and settings\Richard\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\INSTALL.LOG
c:\windows\Installer\SZProbase4.4.8.0.msi

.
((((((((((((((((((((((((( Files Created from 2009-09-14 to 2009-10-14 )))))))))))))))))))))))))))))))
.

2009-10-09 17:49 . 2009-10-09 17:49 -------- d-----w- c:\program files\ERUNT
2009-09-20 16:51 . 2009-09-20 16:53 -------- d-----w- c:\program files\Perfect Uninstaller
2009-09-20 16:14 . 2009-09-20 16:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-17 22:24 . 2009-10-04 19:45 -------- d-----w- c:\program files\a-squared Free

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-14 22:32 . 2007-09-24 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-10-12 05:27 . 2009-10-12 05:26 -------- d-----w- c:\program files\QuickTime
2009-10-12 05:26 . 2008-10-22 11:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-12 05:26 . 2009-10-12 05:26 -------- d-----w- c:\program files\Common Files\Apple
2009-10-12 05:26 . 2009-10-12 05:26 -------- d-----w- c:\program files\Apple Software Update
2009-10-11 16:09 . 2007-09-24 00:11 -------- d-----w- c:\program files\Dl_cats
2009-10-09 19:02 . 2009-10-09 18:53 1160 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-10-09 18:46 . 2009-10-09 18:46 -------- d-----w- c:\program files\Secunia
2009-09-20 16:13 . 2007-09-27 01:40 -------- d-----w- c:\program files\Java
2009-09-20 15:48 . 2007-09-24 01:03 -------- d-----w- c:\program files\STOPzilla!
2009-09-17 23:56 . 2008-09-28 03:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-17 23:49 . 2007-10-27 01:41 -------- d-----w- c:\program files\BellSouth
2009-09-10 19:54 . 2008-09-28 03:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2008-09-28 03:22 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-20 01:25 . 2009-08-20 01:25 -------- d-----w- c:\program files\DivX
2009-08-20 01:25 . 2009-08-20 01:25 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-08-19 14:32 . 2009-01-02 21:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-19 14:32 . 2009-01-02 21:30 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-19 14:32 . 2007-10-10 23:02 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-07 00:54 . 2007-09-22 04:54 18632 ----a-w- c:\documents and settings\Richard\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-05 09:01 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-20 19:57 . 2009-07-20 19:57 17408 ----a-r- c:\windows\system32\SZIO5.dll
2009-07-20 19:56 . 2009-07-20 19:56 311296 ----a-r- c:\windows\system32\SZBase5.dll
2009-07-20 19:56 . 2009-07-20 19:56 540672 ----a-r- c:\windows\system32\SZComp5.dll
2009-07-17 19:01 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 14:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-03-21 1953792]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-19 868352]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2006-02-24 73728]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-09-19 333120]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-02 2023704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-19 14:32 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ASUS WiFi-AP Solo.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ASUS WiFi-AP Solo.lnk
backup=c:\windows\pss\ASUS WiFi-AP Solo.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dlcccoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlccPSWX.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\att-nap\\McciBrowser.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [5/12/2009 2:13 PM 61328]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/2/2009 4:30 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/2/2009 4:30 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [1/2/2009 4:30 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/2/2009 4:30 PM 297752]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 7:20 AM 12648]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [9/21/2007 11:53 PM 269824]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]
S3 SkLaggProtocol;Marvell Link Aggregation Protocol (LAGG) Support;c:\windows\system32\DRIVERS\yk51lagg.sys --> c:\windows\system32\DRIVERS\yk51lagg.sys [?]
S3 SkVlanProtocol;Marvell Virtual LAN (VLAN) Support;c:\windows\system32\drivers\skvlan.sys [5/17/2006 2:15 AM 19328]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mlb.mlb.com/index.jsp
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} - hxxp://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXInstaller_4-2-0.cab
FF - ProfilePath - c:\documents and settings\Richard\Application Data\Mozilla\Firefox\Profiles\qzuw1fjb.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://mlb.mlb.com/index.jsp
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-14 17:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------


.
- - - - - - - > 'lsass.exe'(732)
c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
.
Completion time: 2009-10-14 17:44
ComboFix-quarantined-files.txt 2009-10-14 22:44

Pre-Run: 299,335,839,744 bytes free
Post-Run: 299,435,655,168 bytes free

171 --- E O F --- 2009-09-10 08:01

DDS


DDS (Ver_09-06-26.01) - NTFSx86
Run by Richard at 18:10:13.76 on Fri 10/16/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2495.1671 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Richard\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://mlb.mlb.com/index.jsp
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\SZSG.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\SZSG.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
TB: {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://echat.bellsouth.net/sdccommon/download/tgctlcm.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} - hxxp://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXInstaller_4-2-0.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\richard\applic~1\mozilla\firefox\profiles\qzuw1fjb.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://mlb.mlb.com/index.jsp
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAskSBr.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-5-12 61328]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-2 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-10-10 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-2 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-2 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-2 297752]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2007-9-21 269824]
S3 SjyPkt;SjyPkt;\??\c:\windows\system32\drivers\sjypkt.sys --> c:\windows\system32\drivers\SjyPkt.sys [?]
S3 SkLaggProtocol;Marvell Link Aggregation Protocol (LAGG) Support;c:\windows\system32\drivers\yk51lagg.sys --> c:\windows\system32\drivers\yk51lagg.sys [?]
S3 SkVlanProtocol;Marvell Virtual LAN (VLAN) Support;c:\windows\system32\drivers\skvlan.sys [2006-5-17 19328]

=============== Created Last 30 ================

2009-10-16 18:01 776 a------- c:\windows\system32\drivers\kgpfr2.cfg
2009-10-14 17:54 <DIR> a-dshr-- C:\cmdcons
2009-10-14 17:35 161,792 a------- c:\windows\SWREG.exe
2009-10-14 17:35 98,816 a------- c:\windows\sed.exe
2009-10-09 13:46 <DIR> --d----- c:\program files\Secunia
2009-09-20 11:51 42 a------- c:\windows\system32\AK083E209605E394C.lie
2009-09-20 11:51 <DIR> --d----- c:\program files\Perfect Uninstaller
2009-09-20 11:14 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-17 17:24 <DIR> --d----- c:\program files\a-squared Free

==================== Find3M ====================

2009-09-11 09:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-04 16:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-08-29 02:36 832,512 a------- c:\windows\system32\wininet.dll
2009-08-29 02:36 78,336 a------- c:\windows\system32\ieencode.dll
2009-08-29 02:36 17,408 -------- c:\windows\system32\corpol.dll
2009-08-26 03:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-19 09:32 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-19 09:32 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-04 10:13 2,145,280 -------- c:\windows\system32\ntoskrnl.exe
2009-08-04 09:20 2,023,936 -------- c:\windows\system32\ntkrnlpa.exe
2009-07-20 14:57 17,408 a----r-- c:\windows\system32\SZIO5.dll
2009-07-20 14:56 311,296 a----r-- c:\windows\system32\SZBase5.dll
2009-07-20 14:56 540,672 a----r-- c:\windows\system32\SZComp5.dll
2007-10-10 06:55 564 a------- c:\documents and settings\richard\DMOrganizer.dat
2008-09-11 00:32 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091120080912\index.dat

============= FINISH: 18:10:36.73 ===============


ATTACH


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 9/21/2007 10:55:11 PM
System Uptime: 10/16/2009 11:27:29 AM (7 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5B-Deluxe
Processor: Intel® Core™2 CPU 6600 @ 2.40GHz | LGA 775 | 2400/266mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 293 GiB total, 278.446 GiB free.
D: is CDROM (UDF)
E: is FIXED (NTFS) - 173 GiB total, 110.741 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
Device ID: USB\VID_0BDA&PID_8187\0015AF0CD1E5
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
PNP Device ID: USB\VID_0BDA&PID_8187\0015AF0CD1E5
Service: RTLWUSB

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_811A1043&REV_14\4&1FAF5EA3&0&20F0
Manufacturer: Marvell
Name: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_811A1043&REV_14\4&1FAF5EA3&0&20F0
Service: yukonwxp

==== System Restore Points ===================

RP623: 7/19/2009 3:15:16 AM - System Checkpoint
RP624: 7/20/2009 4:51:16 AM - System Checkpoint
RP625: 7/21/2009 5:15:16 AM - System Checkpoint
RP626: 7/22/2009 5:49:32 AM - System Checkpoint
RP627: 7/23/2009 6:15:31 AM - System Checkpoint
RP628: 7/24/2009 6:53:08 AM - System Checkpoint
RP629: 7/25/2009 8:49:48 AM - Avg8 Update
RP630: 7/25/2009 8:50:27 AM - Avg8 Update
RP631: 7/26/2009 9:59:55 AM - System Checkpoint
RP632: 7/27/2009 11:32:28 AM - System Checkpoint
RP633: 7/28/2009 11:59:55 AM - System Checkpoint
RP634: 7/29/2009 3:00:13 AM - Software Distribution Service 3.0
RP635: 7/30/2009 3:23:11 AM - System Checkpoint
RP636: 7/31/2009 5:07:44 AM - System Checkpoint
RP637: 8/1/2009 5:55:13 AM - System Checkpoint
RP638: 8/2/2009 6:52:04 AM - System Checkpoint
RP639: 8/3/2009 7:52:03 AM - System Checkpoint
RP640: 8/4/2009 8:40:55 AM - System Checkpoint
RP641: 8/5/2009 9:29:49 AM - System Checkpoint
RP642: 8/6/2009 3:00:13 AM - Software Distribution Service 3.0
RP643: 8/6/2009 3:13:09 AM - Printer Driver Microsoft XPS Document Writer Installed
RP644: 8/7/2009 3:00:14 AM - Software Distribution Service 3.0
RP645: 8/8/2009 5:28:10 AM - System Checkpoint
RP646: 8/9/2009 6:07:06 AM - System Checkpoint
RP647: 8/10/2009 7:26:17 AM - System Checkpoint
RP648: 8/11/2009 8:07:06 AM - System Checkpoint
RP649: 8/12/2009 3:00:13 AM - Software Distribution Service 3.0
RP650: 8/13/2009 3:12:14 AM - System Checkpoint
RP651: 8/14/2009 3:24:13 AM - System Checkpoint
RP652: 8/15/2009 4:48:14 AM - System Checkpoint
RP653: 8/16/2009 5:12:14 AM - System Checkpoint
RP654: 8/17/2009 6:24:14 AM - System Checkpoint
RP655: 8/18/2009 7:13:19 AM - System Checkpoint
RP656: 8/19/2009 7:42:20 AM - System Checkpoint
RP657: 8/19/2009 9:32:10 AM - Avg8 Update
RP658: 8/19/2009 9:32:56 AM - Avg8 Update
RP659: 8/20/2009 9:54:20 AM - System Checkpoint
RP660: 8/21/2009 10:54:20 AM - System Checkpoint
RP661: 8/22/2009 10:37:40 PM - System Checkpoint
RP662: 8/23/2009 11:29:03 PM - System Checkpoint
RP663: 8/24/2009 11:54:20 PM - System Checkpoint
RP664: 8/26/2009 12:54:20 AM - System Checkpoint
RP665: 8/26/2009 3:00:13 AM - Software Distribution Service 3.0
RP666: 8/27/2009 3:54:20 AM - System Checkpoint
RP667: 8/28/2009 4:54:21 AM - System Checkpoint
RP668: 8/29/2009 5:42:20 AM - System Checkpoint
RP669: 8/29/2009 7:38:46 PM - Installed Windows Media Player 11
RP670: 8/29/2009 7:40:12 PM - Installed Windows XP MSCompPackV1.
RP671: 8/30/2009 9:10:48 PM - System Checkpoint
RP672: 8/31/2009 11:00:32 PM - System Checkpoint
RP673: 9/1/2009 3:00:13 AM - Software Distribution Service 3.0
RP674: 9/2/2009 3:42:23 AM - System Checkpoint
RP675: 9/3/2009 4:51:13 AM - System Checkpoint
RP676: 9/4/2009 5:39:12 AM - System Checkpoint
RP677: 9/5/2009 6:51:13 AM - System Checkpoint
RP678: 9/6/2009 7:51:12 AM - System Checkpoint
RP679: 9/7/2009 8:39:13 AM - System Checkpoint
RP680: 9/8/2009 9:39:12 AM - System Checkpoint
RP681: 9/9/2009 10:39:14 AM - System Checkpoint
RP682: 9/10/2009 3:00:14 AM - Software Distribution Service 3.0
RP683: 9/11/2009 3:11:59 AM - System Checkpoint
RP684: 9/12/2009 3:23:59 AM - System Checkpoint
RP685: 9/13/2009 4:59:59 AM - System Checkpoint
RP686: 9/14/2009 5:00:29 AM - System Checkpoint
RP687: 9/15/2009 5:04:45 AM - System Checkpoint
RP688: 9/16/2009 5:07:03 AM - System Checkpoint
RP689: 9/17/2009 6:32:45 AM - System Checkpoint
RP690: 9/17/2009 6:47:59 PM - Removed Apple Software Update
RP691: 9/18/2009 10:02:05 PM - System Checkpoint
RP692: 9/20/2009 1:22:05 AM - System Checkpoint
RP693: 9/20/2009 10:48:10 AM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP694: 9/20/2009 10:48:17 AM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP695: 9/20/2009 11:13:41 AM - Installed Java™ 6 Update 15
RP696: 9/21/2009 12:08:17 PM - System Checkpoint
RP697: 9/22/2009 1:08:16 PM - System Checkpoint
RP698: 9/23/2009 2:08:14 PM - System Checkpoint
RP699: 9/24/2009 3:08:14 PM - System Checkpoint
RP700: 9/25/2009 4:08:14 PM - System Checkpoint
RP701: 9/26/2009 6:18:40 PM - System Checkpoint
RP702: 9/28/2009 1:21:10 AM - System Checkpoint
RP703: 9/29/2009 2:59:20 AM - System Checkpoint
RP704: 9/30/2009 3:08:13 AM - System Checkpoint
RP705: 10/1/2009 5:08:14 AM - System Checkpoint
RP706: 10/2/2009 5:56:12 AM - System Checkpoint
RP707: 10/2/2009 8:54:08 AM - Avg8 Update
RP708: 10/2/2009 8:54:39 AM - Avg8 Update
RP709: 10/3/2009 9:08:12 AM - System Checkpoint
RP710: 10/4/2009 9:17:04 AM - System Checkpoint
RP711: 10/5/2009 10:17:04 AM - System Checkpoint
RP712: 10/6/2009 9:46:59 PM - System Checkpoint
RP713: 10/7/2009 9:46:12 AM - Avg8 Update
RP714: 10/8/2009 10:25:19 AM - System Checkpoint
RP715: 10/9/2009 11:25:19 AM - System Checkpoint
RP716: 10/9/2009 1:26:31 PM - Software Distribution Service 3.0
RP717: 10/9/2009 1:59:03 PM - Installed QuickTime
RP718: 10/9/2009 2:02:43 PM - Removed QuickTime
RP719: 10/9/2009 2:09:25 PM - Removed Apple Application Support
RP720: 10/9/2009 2:10:01 PM - Removed Apple Software Update
RP721: 10/9/2009 2:10:33 PM - Removed Bonjour
RP722: 10/10/2009 7:27:08 PM - System Checkpoint
RP723: 10/12/2009 12:26:53 AM - Installed QuickTime
RP724: 10/13/2009 12:45:02 AM - System Checkpoint
RP725: 10/14/2009 2:45:21 AM - System Checkpoint
RP726: 10/15/2009 3:00:14 AM - Software Distribution Service 3.0
RP727: 10/16/2009 11:43:03 AM - System Checkpoint

==== Installed Programs ======================


AAC Decoder
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
AI Suite
Anti-Spyware
Apple Application Support
Apple Software Update
ASUS WiFi-AP Solo
ASUSUpdate
AT&T Toolbar
ATT eChat Support Tools
Authentium
AutoUpdate
AVG 8.5
BellSouth« Scan and Clean Tool
CCleaner (remove only)
Critical Update for Windows Media Player 11 (KB959772)
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Driver Detective
ERUNT 1.1j
FastAccess« DSL Help Center 4.3
Governor of Poker
H.264 Decoder
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java™ 6 Update 15
Java™ 6 Update 7
JMB36X Raid Configurer
Malwarebytes' Anti-Malware
Marvell CPA
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MKV Splitter
Mozilla Firefox (3.5.3)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
NVIDIA Drivers
NVIDIA PhysX v8.09.04
PC Probe II
PC Registry Cleaner
QuickTime
Secunia PSI
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SoundMAX
SpywareBlaster 4.2
STOPzilla
System Requirements Lab
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinPatrol 2008
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

10/9/2009 2:10:11 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
10/9/2009 1:53:34 PM, error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/14/2009 5:36:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
10/14/2009 5:36:07 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
10/14/2009 5:35:30 PM, error: Service Control Manager [7034] - The STOPzilla Service service terminated unexpectedly. It has done this 1 time(s).
10/12/2009 12:25:30 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

==== End Of File ===========================

#8 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 16 October 2009 - 07:51 PM

Hi,

I don't see any more malware in that log.

Do you recall if the items found by stop zilla were in quarantine perhaps?

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5000:TCP"=-
"5001:TCP"=-
"5002:TCP"=-
"5003:TCP"=-
"5004:TCP"=-
"5005:TCP"=-
"5006:TCP"=-
"5007:TCP"=-
"5008:TCP"=-
"5009:TCP"=-
"5010:TCP"=-
"5011:TCP"=-
"5012:TCP"=-
"5013:TCP"=-
"5014:TCP"=-
"5015:TCP"=-
"5016:TCP"=-
"5017:TCP"=-
"5018:TCP"=-
"5019:TCP"=-
"5020:TCP"=-

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

NEXT

Visit ADOBEand download the latest version of Acrobat Reader (version 9.1)
Having the latest updates ensures there are no security vulnerabilities in your system.


NEXT



Please download JavaRa to your desktop and unzip it to its own folder.
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button.
  • Scroll down to the Java SE Runtime Environment (JRE) option.
  • Download and install the latest Java Runtime Environment (JRE) version for your computer.(version 6, update 16)

NEXT

try uninstalling stopzilla for now, you can install it later if you want, see if we can stabilize your system.

then do the following:

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
It's normal after running TFC cleaner that the PC will be slower to boot the first time.


NEXT


Download and run Auslogics Disc Defragmenter

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#9 richwigs

richwigs

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 18 October 2009 - 03:06 PM

Here is the combo log you requested:


ComboFix 09-10-14.01 - Richard 10/14/2009 17:36.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2495.1304 [GMT -5:00]
Running from: c:\documents and settings\Richard\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\INSTALL.LOG
c:\windows\Installer\SZProbase4.4.8.0.msi

.
((((((((((((((((((((((((( Files Created from 2009-09-14 to 2009-10-14 )))))))))))))))))))))))))))))))
.

2009-10-09 17:49 . 2009-10-09 17:49 -------- d-----w- c:\program files\ERUNT
2009-09-20 16:51 . 2009-09-20 16:53 -------- d-----w- c:\program files\Perfect Uninstaller
2009-09-20 16:14 . 2009-09-20 16:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-17 22:24 . 2009-10-04 19:45 -------- d-----w- c:\program files\a-squared Free

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-14 22:32 . 2007-09-24 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-10-12 05:27 . 2009-10-12 05:26 -------- d-----w- c:\program files\QuickTime
2009-10-12 05:26 . 2008-10-22 11:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-12 05:26 . 2009-10-12 05:26 -------- d-----w- c:\program files\Common Files\Apple
2009-10-12 05:26 . 2009-10-12 05:26 -------- d-----w- c:\program files\Apple Software Update
2009-10-11 16:09 . 2007-09-24 00:11 -------- d-----w- c:\program files\Dl_cats
2009-10-09 19:02 . 2009-10-09 18:53 1160 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-10-09 18:46 . 2009-10-09 18:46 -------- d-----w- c:\program files\Secunia
2009-09-20 16:13 . 2007-09-27 01:40 -------- d-----w- c:\program files\Java
2009-09-20 15:48 . 2007-09-24 01:03 -------- d-----w- c:\program files\STOPzilla!
2009-09-17 23:56 . 2008-09-28 03:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-17 23:49 . 2007-10-27 01:41 -------- d-----w- c:\program files\BellSouth
2009-09-10 19:54 . 2008-09-28 03:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2008-09-28 03:22 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-20 01:25 . 2009-08-20 01:25 -------- d-----w- c:\program files\DivX
2009-08-20 01:25 . 2009-08-20 01:25 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-08-19 14:32 . 2009-01-02 21:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-19 14:32 . 2009-01-02 21:30 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-19 14:32 . 2007-10-10 23:02 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-07 00:54 . 2007-09-22 04:54 18632 ----a-w- c:\documents and settings\Richard\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-05 09:01 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-20 19:57 . 2009-07-20 19:57 17408 ----a-r- c:\windows\system32\SZIO5.dll
2009-07-20 19:56 . 2009-07-20 19:56 311296 ----a-r- c:\windows\system32\SZBase5.dll
2009-07-20 19:56 . 2009-07-20 19:56 540672 ----a-r- c:\windows\system32\SZComp5.dll
2009-07-17 19:01 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 14:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-03-21 1953792]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-19 868352]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2006-02-24 73728]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-09-19 333120]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-02 2023704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-19 14:32 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ASUS WiFi-AP Solo.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ASUS WiFi-AP Solo.lnk
backup=c:\windows\pss\ASUS WiFi-AP Solo.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dlcccoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlccPSWX.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\att-nap\\McciBrowser.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [5/12/2009 2:13 PM 61328]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/2/2009 4:30 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/2/2009 4:30 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [1/2/2009 4:30 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/2/2009 4:30 PM 297752]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 7:20 AM 12648]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [9/21/2007 11:53 PM 269824]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]
S3 SkLaggProtocol;Marvell Link Aggregation Protocol (LAGG) Support;c:\windows\system32\DRIVERS\yk51lagg.sys --> c:\windows\system32\DRIVERS\yk51lagg.sys [?]
S3 SkVlanProtocol;Marvell Virtual LAN (VLAN) Support;c:\windows\system32\drivers\skvlan.sys [5/17/2006 2:15 AM 19328]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mlb.mlb.com/index.jsp
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} - hxxp://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXInstaller_4-2-0.cab
FF - ProfilePath - c:\documents and settings\Richard\Application Data\Mozilla\Firefox\Profiles\qzuw1fjb.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://mlb.mlb.com/index.jsp
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-14 17:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------


.
- - - - - - - > 'lsass.exe'(732)
c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
.
Completion time: 2009-10-14 17:44
ComboFix-quarantined-files.txt 2009-10-14 22:44

Pre-Run: 299,335,839,744 bytes free
Post-Run: 299,435,655,168 bytes free

171 --- E O F --- 2009-09-10 08:01



The viruses that Stopzilla found were found during the scheduled a.m. scan that runs daily. I did have some items in the avg vault, so maybe it was from there.
I have uninstalled stopzilla for now.
Mozilla seems to open much quicker now, and movement between sites is pretty good.
Let me know if there is anything I need to do.
also, would you re-install stopzilla?
thanks

#10 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 18 October 2009 - 08:46 PM

Hi, The log shows that combofix wasn't run from the script. Can you run the script again making sure the CFScript.txt is dragged and dropped completely over the combofix.exe icon. Thanks Stopzilla is not highly regarded among much of the malware removal community, nor does it score well in many impartial software reviews. I do not recommend re-installing it, though I'm not recommending you shouldn't. It's your choice. I think MalwareBytes is a better program, update and run it regularly.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#11 richwigs

richwigs

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 19 October 2009 - 04:26 PM

Here is the combo combined log you requested


ComboFix 09-10-14.04 - Richard 10/19/2009 17:20.5.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2495.1784 [GMT -5:00]
Running from: c:\documents and settings\Richard\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Richard\Desktop\cfscript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\1dffe.msi

.
((((((((((((((((((((((((( Files Created from 2009-09-19 to 2009-10-19 )))))))))))))))))))))))))))))))
.

2009-10-19 04:37 . 2009-10-19 04:37 -------- d-----w- c:\documents and settings\Richard\Application Data\DivX
2009-10-18 21:08 . 2009-10-18 21:08 -------- d-----w- c:\documents and settings\Richard\Application Data\Auslogics
2009-10-18 21:08 . 2009-10-18 21:08 -------- d-----w- c:\program files\Auslogics
2009-10-18 20:32 . 2009-10-18 20:32 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-12 05:26 . 2009-10-12 05:27 -------- d-----w- c:\program files\QuickTime
2009-10-12 05:26 . 2009-10-12 05:26 -------- d-----w- c:\program files\Common Files\Apple
2009-10-12 05:26 . 2009-10-12 05:26 -------- d-----w- c:\program files\Apple Software Update
2009-10-09 18:46 . 2009-10-09 18:46 -------- d-----w- c:\program files\Secunia
2009-10-09 17:49 . 2009-10-09 17:49 -------- d-----w- c:\program files\ERUNT
2009-09-20 16:51 . 2009-09-20 16:53 -------- d-----w- c:\program files\Perfect Uninstaller
2009-09-20 16:14 . 2009-10-18 20:44 411368 ----a-w- c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-18 20:47 . 2007-09-24 01:03 -------- d-----w- c:\program files\STOPzilla!
2009-10-18 20:47 . 2007-09-24 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-10-18 20:38 . 2007-09-27 01:40 -------- d-----w- c:\program files\Java
2009-10-18 19:55 . 2009-10-18 19:55 240 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-10-17 21:24 . 2007-09-24 00:11 -------- d-----w- c:\program files\Dl_cats
2009-10-16 23:01 . 2009-10-16 23:01 776 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2009-10-12 05:26 . 2008-10-22 11:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-04 19:45 . 2009-09-17 22:24 -------- d-----w- c:\program files\a-squared Free
2009-09-17 23:56 . 2008-09-28 03:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-17 23:49 . 2007-10-27 01:41 -------- d-----w- c:\program files\BellSouth
2009-09-11 14:18 . 2006-02-28 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 19:54 . 2008-09-28 03:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2008-09-28 03:22 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2006-02-28 12:00 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2006-02-28 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2006-02-28 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-19 14:32 . 2009-01-02 21:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-19 14:32 . 2009-01-02 21:30 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-19 14:32 . 2007-10-10 23:02 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-07 00:54 . 2007-09-22 04:54 18632 ----a-w- c:\documents and settings\Richard\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-05 09:01 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2006-02-28 12:00 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 22:59 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-10-18_20.05.27 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-09-20 16:14 . 2009-09-20 16:13 149280 c:\windows\system32\javaws.exe
+ 2009-10-18 20:44 . 2009-10-18 20:44 149280 c:\windows\system32\javaws.exe
+ 2009-10-18 20:44 . 2009-10-18 20:44 145184 c:\windows\system32\javaw.exe
- 2009-09-20 16:14 . 2009-09-20 16:13 145184 c:\windows\system32\javaw.exe
+ 2009-10-18 20:44 . 2009-10-18 20:44 145184 c:\windows\system32\java.exe
- 2009-09-20 16:14 . 2009-09-20 16:13 145184 c:\windows\system32\java.exe
+ 2009-10-18 20:44 . 2009-10-18 20:44 1757696 c:\windows\Installer\b37a4f7.msi
+ 2009-10-18 20:33 . 2009-10-18 20:33 3940352 c:\windows\Installer\b2caeb5.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 14:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-19 868352]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2006-02-24 73728]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-09-19 333120]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-18 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-19 14:32 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ASUS WiFi-AP Solo.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ASUS WiFi-AP Solo.lnk
backup=c:\windows\pss\ASUS WiFi-AP Solo.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dlcccoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlccPSWX.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\att-nap\\McciBrowser.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/2/2009 4:30 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/2/2009 4:30 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [1/2/2009 4:30 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/2/2009 4:30 PM 297752]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 7:20 AM 12648]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [9/21/2007 11:53 PM 269824]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]
S3 SkLaggProtocol;Marvell Link Aggregation Protocol (LAGG) Support;c:\windows\system32\DRIVERS\yk51lagg.sys --> c:\windows\system32\DRIVERS\yk51lagg.sys [?]
S3 SkVlanProtocol;Marvell Virtual LAN (VLAN) Support;c:\windows\system32\drivers\skvlan.sys [5/17/2006 2:15 AM 19328]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mlb.mlb.com/index.jsp
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} - hxxp://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXInstaller_4-2-0.cab
FF - ProfilePath - c:\documents and settings\Richard\Application Data\Mozilla\Firefox\Profiles\qzuw1fjb.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://mlb.mlb.com/index.jsp
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-19 17:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2009-10-19 17:23
ComboFix-quarantined-files.txt 2009-10-19 22:23
ComboFix2.txt 2009-10-18 20:06
ComboFix3.txt 2009-10-14 22:57
ComboFix4.txt 2009-10-14 22:44

Pre-Run: 298,830,725,120 bytes free
Post-Run: 298,796,797,952 bytes free

165 --- E O F --- 2009-10-15 08:04

#12 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 19 October 2009 - 05:19 PM

Hi, Can you please advise how your computer is running now and if there are any outstanding issues.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#13 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 24 October 2009 - 01:11 PM

Due to inactivity this topic will be closed. If you need help please start a new thread.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users